TransWikia.com

Reset password with MySQL

Craft CMS Asked by bravokiloecho on August 9, 2020

Is there a way to reset an admin account’s password by modifying the MySQL directly?

I’ve found the craft_users table where the hashed password is stored but I don’t know how to hash a string so that it will be read correctly by Craft.

mysqlpassword

3 Answers

Craft uses Yii's CPasswordHelper::hashPassword which is a Blowfish hash algorithm, using PHP's crypt function with a "blowFishHashCost", which is a setting that can be found through craft()->config->get('blowfishHashCost')

You could use the SecurityService::hashPassword function to generate a new password, echo it, and update it in the DB manually: craft()->security->hashPassword('NewPassword');

Correct answer by chris on August 9, 2020

Future me, looks like you forgot your password again and locked yourself out of Craft. You also made your way back to this Stack Exchange question with @chris' perfect answer. Good! And to make your life really easy this time around, I've already generated a password/hash combos for you that works:

|--------------|---------------------------------------------------------------|
|  *Password*  |                        *Resulting Hash*                       |
|--------------|---------------------------------------------------------------|
|  password    | $2y$13$i1fEVeKiboWR/Hx07N9JtuSZj46KNueAg0IgpwL2TId0sXN.oyibC  |
|--------------|---------------------------------------------------------------|
|  NewPassword | $2y$13$YA.7RIgllODUDcmQPf/.FuXjOmKJYot5QxpFhhf4og9fdJWsIPWK6  |
|--------------|---------------------------------------------------------------|
|  admin       | $2y$13$Nlvh.kEu8FLIITusfjzQgOIIDryqLnJ3TsV/1UINRCFLfVnjJtILK  |
|--------------|---------------------------------------------------------------|

Update: The hashing algorithm didn’t change in Craft 3, so the above combo still works.

Answered by carlcs on August 9, 2020

If you don't want to mess about trying to insert code in the Craft/Yii stack, v3 just calls password_hash():

password_hash($your_password_string, PASSWORD_DEFAULT, ['cost' => 13]);

As a possibly helpful addendum (I was just trying to run the site locally and needed to log in); if you find you still can't login after changing the password via the database and are running PHP locally, it might be because you're accessing via socket and should add this to config/general.php:

'requireUserAgentAndIpForSession' => false,

Answered by tjbp on August 9, 2020

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP