Override Passwords

Frequently Asked Questions
Locked
mikeb
Posts: 254
Joined: Thu Jul 27, 2006 11:58 am

Override Passwords

Post by mikeb » Tue Nov 27, 2007 3:14 pm

TimeTrex has the functionality to setup a secure "override" password that allows anyone with knowledge of that password to login as any user in the system, regardless of what their actual password is.

This is useful if a user has forgotten their password and didn't specify an email address to use the "forgot password" functionality. Or for testing advanced permissions/hierarchies where you want to login as other users for testing purposes.

To do this, simply edit the timetrex.ini.php file, and under the [other] section near the bottom of the file, add the following line:

Code: Select all

override_password_prefix = <secure_password>.
For example:

Code: Select all

override_password_prefix = eight8nine9.
The way this works, is that the override prefix that you specify above is just that, a prefix, the full password depends on the user name in the following format:

<override_password_prefix><first two characters of user name>

For example:

User Name: john.doe
Password: eight8nine9.jo

**We DO NOT recommend leaving a override password prefix in place, as this can be a security risk. Once you are done using the override password, please remove it, or comment it out so it is deactivated**
Mike Benoit

Locked