By kazaa on

My subcontractor created Drupal webpage on my server, (Drupal 10 installed with composer) it takes long time and effort. He didn't share finally any login and pass and he dissapeared, no contact. There is some chance to get admin login and password from DB? I have access to DB and FTP, everything is installed on my server.

Categories: Drupal 10.x

Comments

gisle’s picture

gisle
he/him
Primary language Norwegian Bokmål
Location Norway
commented

See: https://wikihandbooks.com/drupalnewbies/ch18_resetpw.html

- gisle

kazaa’s picture

kazaa commented

Thank you for tip, I tried use DB, I copied whole field from pass but still Drupal not recognize. Imho this field looks like coded, password in field pass is very very long, also I created account and find it in users_field_data but it is diffrent then before I created... 

gisle’s picture

gisle
he/him
Primary language Norwegian Bokmål
Location Norway
commented

The password you see in in the database is a salted hash. You can not use this string as a cleartext password (which it looks like what you've done). The page I linked to explain how you can use the string in this field to recover access to the admin account.

- gisle

kazaa’s picture

kazaa commented

but how to decrypt this pass? Also I tried to change filed in other account and change for new one by MD5 and Drupal not accept

gisle’s picture

gisle
he/him
Primary language Norwegian Bokmål
Location Norway
commented

There is no way to decrypt the passwords as they are stored in the database. The cryptographic properties of a salted hash is explained in this this article (already linked to).

The WikiHandsBooks page linked to in my first comment explains how you can use the string in this field to recover access to the admin account.

- gisle

kazaa’s picture

kazaa commented

thanks for help, after clear cache of user finally works 

this website helps me also: Resetting admin password in Drupal - DEV Community

Gorf’s picture

Gorf commented

That site is pathetic. As usual, more incorrect and dumb recommendations out of the Drupal community, 

"Locate an account where you already know the password, or create a new one."

Lets see... I'm looking at the my database and there is exactly one user. The one user I need to reset. No explanation on how to calculate a new password hash, no suggestion of just using a known good hash for something like "1234".  No, just the stupid recommendation of "copy from one of your OtHeR uSeRs!! durr durr durr".

gisle’s picture

gisle
he/him
Primary language Norwegian Bokmål
Location Norway
commented

What part of "create a new one" did you not understand?

To spell things out: If you create a new one where you set the password to something like "1234", you would have a known good hash for "1234". 

- gisle

ridha rahmi’s picture

ridha rahmi commented

change password with drush 

drush upwd username new_password

example: 

drush upwd admin admin123

or login with drush:

drush uli
dario582’s picture

dario582 commented

Thanks mate for this guidance as i was also searching for this answer

Ushavilash’s picture

Ushavilash commented

You can reset the Drupal admin password directly in the database through phpMyAdmin or a similar tool.