Last updated August 22, 2016. Created on January 11, 2011.
Edited by rhuffstedtler, wdouglascampbell, myglobaldata_gil, ssiruguri. Log in to edit this page.

When, in Drupal 7, the password for user 1 (the administrator) is lost and the email notification or drush methods don't work, it is possible to set the password via a database query.

But first, you have to generate a password hash that is valid for your site.

Execute the following commands from the command line, in the Drupal root directory:

./scripts/password-hash.sh newpwd

Check the first line of this script. It will read something like #!/usr/bin/php. Confirm that the filename listed in this line is located on your machine. Typically if /usr/bin/php is not available, then /usr/local/bin/php will be.

or for Windows:

php .\scripts\password-hash.sh newpwd
NOTE: If you receive an error that PHP is not a recognized command then you need to add php to the system PATH. For example: ;c:\wamp\bin\php\php5.3.8\ . This will then work in the Command Prompt. Once completed right click in Command Prompt window to mark the text and copy the hash code.

NOTE: If you receive an error about include not being able to find a file, you will need to use the --root parameter to specify the root directory of your Drupal installation.

Of course, change "newpwd" to the desired password. If the password contains special characters such as a space, * or ? you must escape them, or wrap the password in quotes appropriate for the shell used.

The script will output a password hash that is valid for the site. Copy this to the clipboard or write it down somewhere; you'll need it for the next step. Be careful not to include more or less characters as the hash. These hashes look somewhat like $S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML

Then execute the following query on the Drupal database:

UPDATE users SET pass ='$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML' WHERE uid = 1;

To execute this query it will be necessary to login to the database. This is typically done through the command line or through a GUI interface such as phpMyAdmin.

Clear flood table (Drupal 7 only)

If you have reset password either by using script or "request new password" but still receive "Sorry, there have been more than 5 failed login attempts for this account. It is temporarily blocked." then you may delete the corresponding entry in flood table.

This flood table records username and ip which has failed login attempts.

Reset using a PHP-file

No command-line access? You can reset the password using a PHP-file as well, but keep in mind that this opens the potential to a huge security issue if not handled correctly.

Pass root param

If you're on windows and you want to pass the root param to the script, you'll need this:

php -f password-hash.sh -- --root "C:\wamp\www\" newp@ss

Anything that follows the double-dash will be passed to password-hash.sh.

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

toni.mueller’s picture

Hello community,

I installed a Drupal7 filesystem and MySQL database dump from a preinstalled Drupal site. The site looks gorgeus, but I can't login with user1. I have no user account data for the administrator. Therefor I tried to reset the administrator password with sql-query.
After carrying out the command ./scripts/password-hash.sh newpwd I get no password hash.

Instead of a hash I got this one:
root@t:/var/www/x/scripts# ./password-hash.sh newpwd
PHP Warning: include_once(/var/www/x/scripts/includes/password.inc): failed to open stream: No such file or directory in /var/www/x/scripts/password-hash.sh on line 83
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/password-hash.sh:0
PHP Warning: include_once(): Failed opening '/var/www/x/scripts/includes/password.inc' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/x/scripts/password-hash.sh on line 83
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/password-hash.sh:0
PHP Warning: include_once(/var/www/x/scripts/includes/bootstrap.inc): failed to open stream: No such file or directory in /var/www/x/scripts/password-hash.sh on line 84
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/password-hash.sh:0
PHP Warning: include_once(): Failed opening '/var/www/x/scripts/includes/bootstrap.inc' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/x/scripts/password-hash.sh on line 84
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/password-hash.sh:0
PHP Fatal error: Call to undefined function user_hash_password() in /var/www/x/scripts/password-hash.sh on line 87
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/password-hash.sh:0

Could you help, please?

Thank you!

Best regards,

Toni

jimurl’s picture

Hi Toni,

I got the same error, but it appears for some reason that script is looking for the includes folder inside the scripts folder, rather than in drupal root. Not sure why that was.

To get around it, I created a symlink in the scripts folder to the includes folder:

from in scripts folder,

ln -s ../includes includes

akuma6099’s picture

I received the same error. I'm using WAMP server and am using the built in PHP bin to execute the password script. After browsing password-hash.sh I noticed it takes an argument of --root
. You simply need to supply your drupal path and it will work correctly. ex:

:Windows:
C:\wamp\bin\php\php5.4.16>php.exe ..\..\..\www\scripts\password-hash.sh --root "C:\wamp\www" PaSsWoRd

prakashsingh’s picture

Thanks akuma6099

This hint worked for me.. another useful way of doing the same is https://www.drupal.org/node/1556488

donkaisen’s picture

I also had the same issue. It works when you execute the command from the drupal root directory. So go to your main folder and execute the script with a relative path from the root directory./scripts/password-hash.sh

rajatgusain’s picture

Use drupal's root directory to write the below script :
php ./scripts/password-hash.sh NewPassword

Note* php should be installed to execute this shell script

It will return :

password: NewPassword hash: $S$DRSUIz9NFfxOXKPveQ00UTGMzsJe62LjYvVHfYJ8I8wuy4zRqVBK

Then we just need to update this password to user table with the help of following command :

UPDATE users SET pass = '$S$DRSUIz9NFfxOXKPveQ00UTGMzsJe62LjYvVHfYJ8I8wuy4zRqVBK' WHERE uid = 1;

Rajat

llavillaccama@gmail.com’s picture

Gracias me funciono a la perfeccion

Umair Yousaf’s picture

I've follow the same procedure to get hashed password for admin user with id 1 . But still Im unable to login as admin on drupal 7

newme154’s picture

Updated the password in phpMyAdmin and tried to log in with the new credentials. Still wont let anyone in. Any ideas? BTW, this is on my localHost.

dibyadel’s picture

I copied one of the known password in MD5 format from the DB and inseeted into the admin password. Now it is working.

sincerely

d dutta

Stephen Winters’s picture

Thank you d dutta for posting your simple solution to getting a new admin password. This was so simple and so easy to do. I've spent a couple hours researching and trying various other solutions. Either they didn't work for me, or I didn't have enough knowledge to make them work. But your solution was quick and simple. Thank you again for posting this. Now I have a work admin password.

Best Wishes,
Stephen

apatchforum’s picture

Great simple, quick solution!

johnching’s picture

This solution by dibyadel is good. Might I add instructions, go to your database

table: users
column: pass
copy and paste something like this: $S$PspXfU/A1E8cel7HyncwAerf92Iet4c2nOOxhwFFNZmhJY3uPWvD

emarj2012@gmail.com’s picture

worked just fine for me on linux server

dewesh’s picture

Please use
1. For WAMP
C:\wamp\bin\php\php5.4>php.exe ..\..\..\www\scripts\password-hash.sh --root "C:\wamp\www" PaSsWoRd
2.
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
require('includes/password.inc');
echo user_hash_password('mypassword');
die();
menu_execute_active_handler();
3. Use following link(XAMPP)
https://www.drupal.org/node/1556488

Thanks

Philip.Rudy’s picture

I am getting permission denied when running

./scripts/password-hash.sh

is there a workaround for this?

frazac’s picture

quoting Philip.Rudy.
permission denied.