Steve,
It gets better.
I made a new virgin 4.5.5 default gold+ install yesterday for testing.
I decided to take another look today.
Oops, wrong password -- ok, I tried 3 passwords. Admin is locked out.
System sends me an email to reset.
Link doesn't solve anything, just brings me back to password recovery page, now with captcha.
Endless loop.
Frustration.
Captcha failure.
No worries, I can make a new admin from phpMyAdmin, right?
I searched the x-cart documentation:
http://help.x-cart.com/index.php?title=X-Cart:Managing_User_Profiles#How_do_I_change_or_res et_my_admin_p...28I_lost_it.29
Ok, I did this.
Ah -- but that fails.
WTF X-Cart? If you are going to roll out major security changes, you should document how an admin can get back into their own store?
Geez. I guess I will simply install a new 4.5.5 and new database because I forgot my admin password?
At least I can do this in less time than it takes to submit a bug report.
WHO IS TESTING THIS ?
QT: Who is running the QA and testing department?
Moral of the story: If you are installing 4.5.5 - RUN, don't walk, and make at least 3 admins and write the passwords down. You are at risk of destroying an admin with an incorrectly typed in password, and there doesn't appear to be a database solution yet. BE VERY CAREFUL!