Drupal forgot password for admin - best method to reset with PHP file. (If you have FTP Access)
Published by Aslam
You have forgot your Drupal website's password! That's horrible. But dont worry, we have a better way to reset password if you have access to your files.
If you remember / have access to the admin email, its OK you can reset by going to forgot password page and by entering your email ID for admin account.
If not, you can try this method. I have combined snippets from around the web to make it work even if you have got blocked from login.
Before doing this , Make sure you have write access to your drupal root folder.
Copy and paste below contents to the file.
If you have correctly called the script with parameters, it will change the password and show you success message.
If not, it will show "Retry with ?pass=yourpasswordstring set in the URL" message.
Please say "Thank you", if it helped.
Dont forget to delete the created file. once you have changed password, delete this file immediately,
For those who interested, here is the code explanation,
So, even if the login blocked, we need access once we reset the password. so we delete all from flush table where drupal checking if there any failed login attempts.
Script update the users table with new hashed password that stored earlier.
That's it, you have changed your drupal password without forgot password option.
If you have suggestions, please put on discussion.
If you remember / have access to the admin email, its OK you can reset by going to forgot password page and by entering your email ID for admin account.
If not, you can try this method. I have combined snippets from around the web to make it work even if you have got blocked from login.
Before doing this , Make sure you have write access to your drupal root folder.
Create a .php file in your drupal root folder. i.e. "cpwd.php".
Copy and paste below contents to the file.
<?php define('DRUPAL_ROOT', getcwd()); require_once DRUPAL_ROOT . '/includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); require_once DRUPAL_ROOT . '/includes/password.inc'; if (isset($_GET['pass']) && !empty($_GET['pass'])) { $newhash = user_hash_password($_GET['pass']); } else { die('Retry with ?pass=yourpasswordstring set in the URL'); } drupal_flush_all_caches(); print "All cache cleared<br/>"; db_query("DELETE FROM {flood} "); print "All floods cleared<br/>"; $updatepass = db_update('users') ->fields(array( 'pass' => $newhash, // Uncomment the following lines to reset the administrative username and/or email address, if necessary. // 'name' => 'admin', //'mail' => 'admin@your-domain.com' )) ->condition('uid', '1', '=') ->execute(); print "Password changed! please delete this file immediately for security purpose!"; drupal_exit();
Save the file for once.
Open your web browser, and access the .php file with a pass=yourpasswordstring parameter
http://your-drupal-site.dev/cpwd.php?pass=password#123
If you have correctly called the script with parameters, it will change the password and show you success message.
If not, it will show "Retry with ?pass=yourpasswordstring set in the URL" message.
Please say "Thank you", if it helped.
IMPORTANT!
Dont forget to delete the created file. once you have changed password, delete this file immediately,
EXTRA
For those who interested, here is the code explanation,
define('DRUPAL_ROOT', getcwd()); //Instance url of the drupal website stores to "DRUPAL_ROOT".
require_once DRUPAL_ROOT . '/includes/bootstrap.inc'; // Calling the drupal bootstrap
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); //Setting the DRUPAL_BOOTSTRAP_FULL mode.
require_once DRUPAL_ROOT . '/includes/password.inc'; //getting the password.inc file that is necessary for updating the password.
if (isset($_GET['pass']) && !empty($_GET['pass'])) { //Checking if "pass" parameter has passed in the url, and its not empty $newhash = user_hash_password($_GET['pass']); //If set, user_hash_password will convert the password to store in DATABASE and keep in $newhash variable. } else { //If no "pass" parameter called, or its value empty, die('Retry with ?pass=yourpasswordstring set in the URL'); //stopping the script from executing, with an error message }
drupal_flush_all_caches(); // Clearing all drupal caches using drupal_flush_all_caches function.
db_query("DELETE FROM {flood} "); // Deleting all in "flood" table. // If you have tried login too many times, it will show a message like this // "Sorry, there have been more than 5 failed login attempts for this account. It is temporarily blocked. Try again later or request a new password."
So, even if the login blocked, we need access once we reset the password. so we delete all from flush table where drupal checking if there any failed login attempts.
$updatepass = db_update('users') ->fields(array( 'pass' => $newhash, // Uncomment the following lines to reset the administrative username and/or email address, if necessary. // 'name' => 'admin', //'mail' => 'admin@your-domain.com' )) ->condition('uid', '1', '=') ->execute();
Script update the users table with new hashed password that stored earlier.
That's it, you have changed your drupal password without forgot password option.
If you have suggestions, please put on discussion.
Comments
Post a Comment