Protecting Admin Tools with a password


THIS IS NOT A SECURITY FEATURE. THE MAIN PASSWORD IS STORED UNENCRYPTED IN THE SITE'S DATABASE. This is meant as a safeguard against a less technical client inadvertently breaking the site or its security by toying around with Admin Tools' settings.

Sometimes you are not the sole administrator of a website, for example when there is a large administrative team or when you build the website for a client. In such cases you do not need everyone with back-end access to be able to modify Admin Tool's settings. Instead of giving you the traditional "all or nothing" access control imposed by Joomla! user groups, Admin Tools allows you to control access to any or all of its features using a "main password". The idea is that before any user is able to use one of the protected features, he has to supply the "main password" in Admin Tools' control panel page.

The Main Password page

When you click on the Main Password button in the Control Panel you get to the Main Password page where you can set both the password and select which features to protect.

The top area of the page allows you to set a Main Password. If you want to disable password protections, simply leave it blank.

The bottom area of the page lets you select which features will be protected. Set the radio button next to each feature you want to protect to "Yes" before clicking on the Save button. Features marked as "No" will be accessible by all back-end users. Featured marked with "Yes" will only be available to users who enter a valid password in the Control Panel page. This means that even Super Users will not be able to access the protected features without supplying a valid password.

If you want to quickly protect all features, click on the All button above the list. Conversely, clicking on the None button will disable Master Password protection on all features.

I have forgotten my password. Now what?

The only way to find out your password is to directly read it from the database. Use your host's database management tool —usually it's phpMyAdmin— to list the contents of your site's abc_admintools_storage table (where abc_ is your site's table name prefix). Find the record in the table whose key value is "cparams" and take a peek at the contents of the value column. It contains a long text. At some point you will see something like "masterpassword":"mypassword". The mypassword part is your main password.