Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Juc1 on
Hi all,
I think that the D7 users table does not store a simple md5 hex hash. Does this mean that this mysql query...
UPDATE users SET pass = MD5('mynewpassword') WHERE uid = 1;
...which works in D6 will not work in D7 and if so how do I reset the admin password in D7?
Thanks
Comments
Drupal 7 stores a salted
Drupal 7 stores a salted sha512 hash.
You can always use the user_hash_password('mypassword') function (located in includes/password.inc) to make yourself a new one, then paste it into the database.
OK thanks I can see this code
OK thanks I can see this code in my includes/password.inc...
...but how do I create a new password?
Thank you
Open index.php, add at the
Open index.php, add at the top: echo user_hash_password('mynewpassword'); die();
Then visit your site, you'll get the hashed "mynewpassword", copy it, open index.php, revert your changes, update the database with the hash you got...
Ok thanks but I am probably
Ok thanks but I am probably getting the syntax wrong. Should my index.php look like this...
Thank you
Add it after
Add it after drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
Ok thanks do you mean this
Ok thanks do you mean this because it gives a white screen....
Thanks
require_once
The error I saw after doing this was "Call to undefined function user_hash_password()" There's one more piece needed, pointed out by esteewhy in this comment.
If you add
require_once 'includes/password.inc';
before theecho user_hash_password('password');
line, modifying the index file will output the hash you need. If you're comfortable using drush, though, that method is simpler. Plus it doesn't make your site totally inaccessible while you're fixing a password. >.<use the passwordreset script
It might be easier to just run the standard drupal script from the root of your installation:
./scripts/password-hash.sh
cheers
This worked for me. Thanx.
@dutchguy (using reset script)
This worked for me.
Thanx.
You're my king. Passwort
@pefferen: You're my king. Passwort reset for real hackerz worked! ::) Always wondered what mysterious tools reside in that folder ... now I know.
How do you run a script from the root of the installation?
How do I run this script?
Open up a terminal, cd into
Open up a terminal, cd into the root directory of your drupal and execute
php scripts/password-hash.sh <yournewpassword>
with
<yournewpassword>
substituted for whatever you want as a password.The php binary/executable has to be found in one of the directories listed in your $PATH environment variable for this.
This worked for me. Thanks!
If you add require_once 'includes/password.inc'; before the echo user_hash_password('password'); line, modifying the index file will output the hash you need.
This worked for me. Thanks!
Have I helped you? Consider buying me a beer.
it didn't work for drupal 7.4
it didn't work for drupal 7.4 ?
everytime I executed it , it did create a hash
but they are different ?
can you tell me why ?
Is't change for drupal 7.4 ?
thank you
this worked for me
edit your index.php to look like this:
thank you
its worked for me too
Thanks
This worked for me too.
Thanks
After solved this problem, must removed the code from index.php
Using drush ev is better than putting die into index.php
And there's no copy and paste either.
Ah, but yet there is even an
Ah, but yet there is even an easier way in drush. Sometimes user 1 is renamed from admin. To find the name of uid 1, execute the following:
drush sqlq "select name from users where uid=1"
Results will be similar to below:
Once you know the name, you can reset the password as follows:
drush upwd admin --password=pass
Replace admin with the name from above and pass with the new password. If you want to include spaces in the password, enclose the whole password in double quotes.
The easiest thing to do is
The easiest thing to do is run
drush uli
Doesn't that require that you
Doesn't that require that you cut and paste a url and then you still need to reset the password? Easiest doesn't necessarily mean the fastest.
Doesn't that require that you
Yes.
No, but usually the easiest will be the fastest, particularly if you consider that more difficult methods open up the potential for making mistakes, which take time to figure out where the mistake is, and fix it.
How do you use this function?
I have found the password.inc file, but how do you execute it?
Reset PW through drush
Please follow below steps :
1. Just open environment (dev, stage or prod) by putty.
2. and execute below drush command :
drush upwd user_name --password="AnyPassword"
Password will be reset. just check it either it is working or not.
Conclusion
so in the end your index.php (or if your like me, your pass.php) will now be
if you changed index.php - remember to change it back!!!!
if you made pass.php - remember to delete it!!!!
- V
For people who stumble across
For people who stumble across this, see Forgotten your Drupal 7 account password.
_____ ____ ___ __ _ _
Laura Scott :: design » blog » tweet
heres the hash for 'password'
heres the hash for 'password' (without the quotes)
$S$CDbdwZvjHQ09IVRs88G0fnaxPr50/kb81YI9.8M/D9okW7J/s5U4
now you dont have to code anything!
Only for *your* site.
The hash is salted with details from your own Drupal 7 installation. Other users can't use this hash. That's the way it works in Drupal 7. The entire point of using SHA with a lot of salt is that people should not be able to get from a hash to a known plaintext. That's what was weak about the plain-vanilla MD5 hashing before D7.
@wdrupal100
@wdrupal100
worked great for a quick admin pass reset, just hit the 'users' table and edit the 'pass' column through phpMyAdmin.
OR you can run a query on it
UPDATE `YOURDATABASE`.`users` SET `pass` = '$S$CDbdwZvjHQ09IVRs88G0fnaxPr50/kb81YI9.8M/D9okW7J/s5U4' WHERE `users`.`uid` =1;
log back into your site then change it.
thanks for the quick fix.
There is a drupal hash script
There is a drupal hash script which could help u to generate a password hash from plain text.
If I want to set my password for user 'admin' to 'mynewpass', then first in the drupal root directory, run the script:
$ ./scripts/password-hash.sh 'mynewpass'
Then it will outout something like this:
password: mynewpass hash: $S$CGM3hk.Fvl/pQlirfJmIQiXMOdifVR.wPoyT9e81ktxAStq7pmGK
And then use the following SQL to update the password:
UPDATE users SET pass='$S$CGM3hk.Fvl/pQlirfJmIQiXMOdifVR.wPoyT9e81ktxAStq7pmGK' where uid=1;
You could check the script itself to find more details.Good luck.
Resetting admin password without any coding change
I was able to reset my admin password by following the steps given at http://drupal.org/node/1023428
Windows users will of course have to add the PHP executable to their environment path.
Also I could unblock my locked account with the steps given at http://drupal.org/node/1023440
password-has.sh not working for me
Here's what I get. Any ideas?
-bash-3.2$ ./scripts/password-hash.sh "newpassword"
X-Powered-By: PHP/5.3.19
Content-type: text/html
Warning: include_once(/home/pixelhou/public_html/comtech/scripts/includes/password.inc) [function.include-once]: failed to open stream: No such file or directory in /home/pixelhou/public_html/comtech/scripts/password-hash.sh on line 83
Warning: include_once() [function.include]: Failed opening '/home/pixelhou/public_html/comtech/scripts/includes/password.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/pixelhou/public_html/comtech/scripts/password-hash.sh on line 83
Warning: include_once(/home/pixelhou/public_html/comtech/scripts/includes/bootstrap.inc) [function.include-once]: failed to open stream: No such file or directory in /home/pixelhou/public_html/comtech/scripts/password-hash.sh on line 84
Warning: include_once() [function.include]: Failed opening '/home/pixelhou/public_html/comtech/scripts/includes/bootstrap.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/pixelhou/public_html/comtech/scripts/password-hash.sh on line 84
Fatal error: Call to undefined function user_hash_password() in /home/pixelhou/public_html/comtech/scripts/password-hash.sh on line 87
-bash-3.2$
Wrong...
waynef100: fail. Drupal sets the salts dynamically in the settings.php file per site. (not trying to be a troll here, just putting it out there so ppl don't get blocked by the flood filters). BTW, if that happens, truncate the flood table... I've seen some other methods, but that's what works for me. If you're on a production site and you think and attack is in progress, don't do it that way :)
Flood table
truncate flood;
worked for me, thanks for the pointer @Carnix.
I was blocked due to the repeated failed login attempts, even after resetting my password using the password-hash.sh script.
easy does it.....
http://chillburn.com.au/blog/changing-resetting-the-admin-password-in-dr...
was struggling with this on a
was struggling with this on a recent localhost re-install...
TRUNCATE flood;
did the trick.
http://drupal.org/node/992400
http://drupal.org/node/992400#comment-4673708 has worked for me...
Thank you
Tejas Mehta
just md5 password
hello
i like save in dr_users > pass filed or maybe new one field in table
md5 passowrd not drupal 7 format pws
why???
because i have some software than just working with also md5 pws
what can i do???
maybe something in password.inc
someboy can help me???
Shortest Way of Updating Drupal 7 Password.
Here you find the easy solution to change D7 admin password...
http://drupaldr.blogspot.com/2012/06/how-to-reset-root-password-in-drupa...
Cheers
t@n
Another Smart way....
Just a one line command of drush... and you are done...
http://drupaldr.blogspot.com/2012/06/resetting-drupal-passwords-in-drupa...
Cheers
t@n
the one line drush command
the one line drush command is:
drush uli
Documentation on recovering
Documentation on recovering the administrator password
Drupal 7. Recover your admin password
I am new to Drupal and struggled with this for some time. If you do not have the drush module installed, then it becomes virtually impossible to change your password. The answer is here: http://chillburn.com.au/blog/changing-resetting-the-admin-password-in-dr...
Basically, your index page should look like this. Just remember to undo it!
01 <?php
02 define('DRUPAL_ROOT', getcwd());
03
04 require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
05 drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
06
07 require_once 'includes/password.inc';
08
09 //change the password here.
10 $my_new_password = 'password';
11
12 printf('UPDATE users SET pass=\'%s\' WHERE uid=1;', user_hash_password($my_new_password));
13 exit();
If you do not have drush than
If you do not have drush than you can find here, http://drupal.org/node/1023428 , many ways to recover the password
Reset admin password can't work...
i have use mypass.php file then paste this code "drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL)" , Run file and get Some code like MD5 format values but can't be work.
Drupal7 password reset
Really worked for me . Thank You !
Just for the completeness of
Just for the completeness of this thread, there is a doc file Recovering the administrator password with a PHP file (Drupal7)
What's new and changing in PHP 8
See also: Recovering the
See also: Recovering the administrator password.
If you have drush, you can just do
drush uli
, copy the one-time login link drush gives you, and paste it in your browser.__________________
Personal site: www.jeffgeerling.com
Drupal Password reset
Thank you!
Drupal Password has been reset with ur ideas.
i tried:
<?php
/**
* @file
* The PHP page that serves all page requests on a Drupal installation.
*
* The routines here dispatch control to the appropriate handler, which then
* prints the appropriate page.
*
* All Drupal code is released under the GNU General Public License.
* See COPYRIGHT.txt and LICENSE.txt.
*/
/**
* Root directory of Drupal installation.
*/
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
require('includes/password.inc');
echo user_hash_password('123456'); // 123456 = my password
die();
menu_execute_active_handler();
Drush
Here is the drush command to change the password of any user, it helped me when I was in the same situation:
drush upwd username --password="newpassword"
Thanks worked for me:))
Thanks worked for me:))
Drupal 7 change admin password
Use drupal's root directory to write the below script :
php ./scripts/password-hash.sh NewPassword
Note* php should be installed to execute this shell script
It will return :
password: NewPassword hash: $S$DRSUIz9NFfxOXKPveQ00UTGMzsJe62LjYvVHfYJ8I8wuy4zRqVBK
Then we just need to update this password to user table with the help of following command :
Replace the hash key generated above in below query
UPDATE users SET pass = '$S$DRSUIz9NFfxOXKPveQ00UTGMzsJe62LjYvVHfYJ8I8wuy4zRqVBK' WHERE uid = 1;
Recover drupal username & password with Drush
drush upwd --password="newpassword" "admin"
[admin is the site username]
2 simple steps
Step 1 find the username for your UID 1:
drush uinf 1
Step 2 change the password:
drush upwd username --password=newpassword
user_hash_password for drupal7
this code is working for me to generate new password for drupal 7.
Don't forget to check rewrite
Don't forget to check rewrite module is set.
Display phpinfo and check mod_rewrite is present in loaded modules
Simple steps to reset your forgot admin password :
1. First, create a file with a random name (mypassword.php for example). [C:\xampp\htdocs\drupal7demo\mypassword.php]
2. Copy and paste the following contents into the file, and save the file.
<?php
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
require_once DRUPAL_ROOT . '/includes/password.inc';
if (isset($_GET['pass']) && !empty($_GET['pass'])) {
$newhash = user_hash_password($_GET['pass']);
}
else {
die('Retry with ?pass=PASSWORD set in the URL');
}
$updatepass = db_update('users')
->fields(array(
'pass' => $newhash,
// Uncomment the following lines to reset the administrative username and/or email address, if necessary.
// 'name' => 'admin',
// 'mail' => 'yourmail@example.com'
))
->condition('uid', '1', '=')
->execute();
print "Done. Please delete this file immediately!";
drupal_exit();
3. Execute the script, by requesting the file in a web browser using the following URL pattern:
http://example.com/mypassword.php?pass=admin123
In the above URL,
- replace example.com with your actual domain name,
- replace mypassword.php with the actual file name that you specified in step one above,
- replace admin123 with the desired new password.
Now your new password for user 1 will be admin123
Note: It is highly recommended you choose a password that contains upper and lowercase letters and numbers, and is at least 12 digits in length.
If the script executes successfully, you will see the text "Done" in your web browser. The password of the administrative account created when installing Drupal (i.e., user/1) will be changed to "admin123" (or whatever value you specify).
Finally, delete the file from the Drupal installation root directory.
Better with script with UI
Here is a more better way written here
https://www.drupal.org/node/2881025