Drupal Tutorials and Blog Posts

Password Recovery for Drupal 7

June 06, 2012 | Drupal Tutorials | Written by Ed Andrea

It happens to all of us ... we lose our password.

Actually recovering your original password in Drupal 7 is not possible, but resetting one is possible and we're going to show you how to do it.

Your first step should be to try and reset your password by adding this to your site's URL: /user/password/. If that doesn't work or if you don't know the email for the account, then you can use this tutorial.

Drupal 6 vs Drupal 7

Resetting your password was easier in Drupal 6 and is explained in this tutorial.

Drupal 7 uses a more powerful 128bit encryption called sha512. In this tutorial we will show you how to generate the encrypted form of the password, which you an then paste into the data base and change the password "hard" way.

Step 1: Create a short PHP script

This method uses a short PHP script. The code is below. First thing to do is copy this to your clipboard exactly as it's written. Paste this into a text or script editor and then save it with an arbitrary and random name. If you use a plain language name it will give you an error message telling you to rename it with a random string., and be sure to remove this file from your server immediately after you use it. This is a big security risk since anyone accessing this could change your administrator password.



<?php
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
 require_once DRUPAL_ROOT . '/includes/password.inc';
if (isset($_GET['pass']) && !empty($_GET['pass'])) {
$newhash = user_hash_password($_GET['pass']);
}
else {
die('Retry with ?pass=PASSWORD set in the URL');
}


$updatepass = db_update('users') 
 ->fields(array(
 'pass' => $newhash,
// 'name' => 'admin',
// 'mail' => 'yourmail@example.com';
 ))
 ->condition('uid', '1', '=')
 ->execute();
print "Done. Please delete this file immediately!";
drupal_exit();
?>

Step 2: Load the PHP script to your main Drupal Directory

tutuploadsmedia_1339609983019.png
  • Paste this in a plain text editor or script editor and save it with the name password.php (you can use any name you want. I just chose an arbitrary name.)
  • Upload this to your Drupal home directory.
  • Rename the file to something totally random.

Step 3: Use the PHP script from your browser address bar

tutuploadsmedia_1339610299149.png
  • Go to http://yoursite.com/totalyrandom.php?pass=mypassword in the address bar of your browser.
  • Replace "mypassword" with whatever you want to use as the password. The script accesses the Drupal password function and changes the password for you.
tutuploadsmedia_1339610953748.png
  • This script can also be used to change the admin username and email as well.
  • In the script itself uncomment the lines that deal with those (lines 19 and 20 in the image above) and change them to what you want. Remove the // marks from the beginning of the line, to uncomment them and make them active.
tutuploadsmedia_1339611105476.png

Here's what they look like with the comment marks removed.

Step 4: Uninstall the PHP script and login

  • One you're done resetting passwords. Be sure to uninstall the php script you created by deleting it using FTP or your file manager.

Comments

 
benjf
#1 benjf 2012-06-12 16:13

if drush is an option, check out the 'drush user-password' command
 
 
greggles
#2 greggles 2012-06-12 21:26

This tip doesn't work. You get an error Fatal error: Call to undefined function user_load() in /doc/root/passw ord.php on line 2

You would need to include and bootstrap drupal to get this to work.

There's a php script (should work on Windows) at scripts/passwor d-hash.sh that people can use if they have access to the command line.

Drush is really the easiest solution, though. "drush uli" gets it done quick and easy across all platforms.
 

Add comment


Security code
Refresh

blog-ad

Start Online Training

Members get access to all our video training. That's 1,142 training sessions in Joomla, Drupal, WordPress and Coding.

Manage All Your Joomla Sites

adminicredible

With Admincredible you can update and manage all your Joomla sites. If you have 5 or 500 sites, Admincredible will make your life easier! Visit Admincredible.com.

Latest Blog Posts and Tutorials

Blog Categories

Latest Comments

The License for Our Tutorials

All of our tutorials are published under the Creative Commons Attribution-NonCommercial license. This means:

  • You can re-use these tutorials.
  • You can modify these tutorials.
  • You must link back to our original tutorial.
  • You can't use these tutorials commercially.

Click here to read the full license.



Contact Us

Phone: (+1) 678-830-2168

Email: support@ostraining.com

followusfacebookfollowtwitterfollowgoogle+


Open Source Training is not affiliated with or endorsed by the Joomla, WordPress or Drupal projects.
All product names and trademarks are the property of their respective owners.

Copyright 2013 Open Source Training, LLC. All rights reserved.