Craft CMS Asked by bravokiloecho on August 9, 2020
Is there a way to reset an admin account’s password by modifying the MySQL directly?
I’ve found the craft_users
table where the hashed password is stored but I don’t know how to hash a string so that it will be read correctly by Craft.
Craft uses Yii's CPasswordHelper::hashPassword
which is a Blowfish hash algorithm, using PHP's crypt
function with a "blowFishHashCost", which is a setting that can be found through craft()->config->get('blowfishHashCost')
You could use the SecurityService::hashPassword
function to generate a new password, echo it, and update it in the DB manually: craft()->security->hashPassword('NewPassword');
Correct answer by chris on August 9, 2020
Future me, looks like you forgot your password again and locked yourself out of Craft. You also made your way back to this Stack Exchange question with @chris' perfect answer. Good! And to make your life really easy this time around, I've already generated a password/hash combos for you that works:
|--------------|---------------------------------------------------------------|
| *Password* | *Resulting Hash* |
|--------------|---------------------------------------------------------------|
| password | $2y$13$i1fEVeKiboWR/Hx07N9JtuSZj46KNueAg0IgpwL2TId0sXN.oyibC |
|--------------|---------------------------------------------------------------|
| NewPassword | $2y$13$YA.7RIgllODUDcmQPf/.FuXjOmKJYot5QxpFhhf4og9fdJWsIPWK6 |
|--------------|---------------------------------------------------------------|
| admin | $2y$13$Nlvh.kEu8FLIITusfjzQgOIIDryqLnJ3TsV/1UINRCFLfVnjJtILK |
|--------------|---------------------------------------------------------------|
Update: The hashing algorithm didn’t change in Craft 3, so the above combo still works.
Answered by carlcs on August 9, 2020
If you don't want to mess about trying to insert code in the Craft/Yii stack, v3 just calls password_hash():
password_hash($your_password_string, PASSWORD_DEFAULT, ['cost' => 13]);
As a possibly helpful addendum (I was just trying to run the site locally and needed to log in); if you find you still can't login after changing the password via the database and are running PHP locally, it might be because you're accessing via socket and should add this to config/general.php
:
'requireUserAgentAndIpForSession' => false,
Answered by tjbp on August 9, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP