Drupal – Restore Your Password for 6 and 7

“Help!!! I need the admin password for a Drupal site!!!” Some people who get a Drupal site to test from their end don’t get password access. Here are a couple of ways to change a password.

Drupal 6 and 7


Update the email field for the admin user (user 1) in the “users” table. Unlike the password field, you can directly edit the email field without consequence. Once you’ve updated your email address for the admin user, simply go to the request password page to have your password emailed to your email address.

Drupal 6

source: (http://drupal.org/node/44164)

Since Drupal 6 and under is MD5 hash encoded, all you need to do is to execute the following query with direct database access:

UPDATE `users` SET pass = MD5(‘newpwd’) WHERE uid=1;

Drupal 7

1. source: (http://drupal.org/node/1023428)

Execute the following commands from the commandline, in the Drupal root directory:

./scripts/password-hash.sh newpwd or for Windows:

php .scriptspassword-hash.sh newpwd Of course, change “newpwd” to the desired password. If the password contains special characters such as a space, * or ? you must escape them, or wrap the password in quotes appropriate for the shell used.

The script will output a password hash that is valid for the site. Copy this to the clipboard or write it down somewhere; you’ll need it for the next step. Be careful not to include more or less characters as the hash. These hashes look somewhat like $S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML

Then execute the following query on the Drupal database:

UPDATE users SET pass =’thepasswordhash’ WHERE uid = 1; To execute this query it will be necessary to login to the database. This is typically done through the command line or through a GUI interface such as phpMyAdmin.

2. The user_hash_password() function, which, as its name suggests, generates a hash of your supplied string (this time using SHA512 and a salt). The output of this function is what should be used as the new password in the users table. For example, user_hash_password(123); returns $P$CD6Nf2aDgnBZZElo/teVOO2.h6sNT9/ as the hash. Replace the existing hash value in the database with this new hash (of a known string!) and you’re good to go!

3. Simplest way: Use the following Hash:

$S$C6x2r.aW5Nkg7st6/u.IKWjTerHXscjPtu4spwhCVZlP89UKcbb/

This is the hash code for the password (case sensitive – all uppercase letters):

“NEW_TEMP_PASSWORD”

That’s it!

Comments

comments

Recent Posts
  • Moin

    thanks