Reset Drupal password using HASH value

By NickLitten

February 4, 2017

drupal, password, reset

During yesterdays reversion back to Drupal7 and subsequent website resurrection, module updates, database rebuilds and general housekeeping… I got a bit clever with myself and managed to lock up my admin profile and lose the password and disable the “email lost password” mechanism in Drupal ;Aaaaargh!!!

But after a little googling I found a need solution. Hope this helps someone else that’s as fat-fingered as I am.

Problem – Locked up Drupal profile and lost password

I have access to Drubal database but can see the password is stored in a HASh value which is not readable. It looks something like this:

Reset drupal password

So, to reset the password we need to (a) know a password ie: ‘sausages’ and (b) convert that password the HASH value. Each and every HASH value is unique to your instance of Drupal. I found a few different solutions mostly involving running scripts and updating the SQL database manually. Since I do now have command line access but I do have control panel access so I can (a) update the SQL database and (b) upload files to the server — this technique was really easy.

Solution – Create a little PHP page to get the new value for me

Create a little PHP page that receives a character string from you (aka ‘the password’), hashes it and shows you the result.

If you are working on a remote environment on which you cannot connect, you can put this specified code in a file such as hashme.php such as this one:

<?php
if (isset($_GET['p'])) { require_once dirname(__FILE__) . '/includes/bootstrap.inc';
require_once dirname(__FILE__) . '/includes/password.inc';
print _password_crypt('sha512', $_GET['p'], _password_generate_salt(DRUPAL_HASH_COUNT));
exit(); }
print "No password to hash.";

Once you have upload this file to your server just put the URL in like this: /hashme.php?p=sausages

Obviously you would replace the domain name with your own and choose your own password – sausages isnt that secure… but it is tasty.

When you press enter you will see the hashed value of ‘sausages’ – it should look like this:

Reset drupal password using hash value 1

Now you just copy/paste that text back into your USER table in the DRUPAL database. and *BOOM* your password is now sausages.

NOTE: if you have locked out your profile go and clear the FLOOD table in the DRUPAL database. This will remove the “your profile is locked out after too many attempts” message. CLEAR it dont delete it 😉

Hope this helps somebody out there?

Share0

Tweet0

Share0

About the Author

IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Lunatic Libertarian, Technology Cognoscente, Ambassador for Common Sense, and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day.

Join this IBM i community to ask questions and argue with the answers :)

COURSES

Reset Drupal password using HASH value

IBM i Authority Adoption in Programs – Good or Bad?

Create a “Hello World” Python Application on IBM i

Download Setup Node.JS on IBM i

How do I know if my IBM i Users are Expiring?

IBM i User Information is easy with SQL USER_INFO

Hello World from RPG3 to RPG400 to RPGLE

Join the IBM i Community for FREE Presentations, Lessons, Hints and Tips