Actually, it seems that the problem with resetting the password was that the instructions for resetting the password assume you are using the default “jos_” prefix for your database tables. The database that was in use for the site had duplicate sets of tables (different prefixes) and it is not readily apparent which of those sets of tables the application uses (you need to inspect the configuration code to determine which is the one the site uses).
In this case, the application was using one of the other sets of tables (with a different prefix), so changing the “jos_users” table all day long would have no effect!
I only share this in the hopes that it will be of use to others - most generic applications’ instructions assume default installations, and if your installation differs, you will to adjust those instructions accordingly to accommodate your circumstances.
In this case, it meant editing a different table than the one the instructions described!
[color=#CC0000]Added important note[/color] (not directed at Scott, who knows this well, but for other readers):
It is very important, even critically important, if you are running a popular web application, to keep your installations current!
The very popularity of the platform you are using will almost guarantee that miscreants will try to find a way to compromise your application, and you really do need to keep abreast of developments in this area and upgrade your installations so that they are secured from known vulnerabilities.
Almost every update to a popular web application has some security related patch, and you need to have these!
–DreamHost Tech Support