When, in Drupal 7, the password for user 1 (the administrator) is lost and the email notification or drush methods don't work, it is possible to set the password via a database query.
But first, you have to generate a password hash that is valid for your site.
Execute the following commands from the command line, in the Drupal root directory:
Check the first line of this script. It will read something like
#!/usr/bin/php. Confirm that the filename listed in this line is located on your machine. Typically if
/usr/bin/php is not available, then
/usr/local/bin/php will be.
or for Windows:
php .\scripts\password-hash.sh newpwd
NOTE: If you receive an error that PHP is not a recognized command then you need to add php to the system PATH. For example: ;c:\wamp\bin\php\php5.3.8\ . This will then work in the Command Prompt. Once completed right click in Command Prompt window to mark the text and copy the hash code.
NOTE: If you receive an error about include not being able to find a file, you will need to use the --root parameter to specify the root directory of your Drupal installation.
Of course, change "newpwd" to the desired password. If the password contains special characters such as a space, * or ? you must escape them, or wrap the password in quotes appropriate for the shell used.
The script will output a password hash that is valid for the site. Copy this to the clipboard or write it down somewhere; you'll need it for the next step. Be careful not to include more or less characters as the hash. These hashes look somewhat like
Then execute the following query on the Drupal database:
UPDATE users SET pass ='$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML' WHERE uid = 1;
To execute this query it will be necessary to login to the database. This is typically done through the command line or through a GUI interface such as phpMyAdmin.
Clear flood table (Drupal 7 only)
If you have reset password either by using script or "request new password" but still receive "Sorry, there have been more than 5 failed login attempts for this account. It is temporarily blocked." then you may delete the corresponding entry in flood table.
This flood table records username and ip which has failed login attempts.
Reset using a PHP-file
No command-line access? You can reset the password using a PHP-file as well, but keep in mind that this opens the potential to a huge security issue if not handled correctly.
Pass root param
If you're on windows and you want to pass the root param to the script, you'll need this:
php -f password-hash.sh -- --root "C:\wamp\www\" newp@ss