Reset Drupal password using HASH value

IBM i

Feb 04

During yesterdays reversion back to Drupal7 and subsequent website resurrection, module updates, database rebuilds and general housekeeping… I got a bit clever with myself and managed to lock up my admin profile and lose the password and disable the “email lost password” mechanism in Drupal ;Aaaaargh!!!

But after a little googling I found a need solution. Hope this helps someone else that’s as fat-fingered as I am.

Problem – Locked up Drupal profile and lost password

I have access to Drubal database but can see the password is stored in a HASh value which is not readable. It looks something like this:

Reset Drupal password

So, to reset the password we need to (a) know a password ie: ‘sausages’ and (b) convert that password the HASH value. Each and every HASH value is unique to your instance of Drupal. I found a few different solutions mostly involving running scripts and updating the SQL database manually. Since I do now have command line access but I do have control panel access so I can (a) update the SQL database and (b) upload files to the server — this technique was really easy.

Solution – Create a little PHP page to get the new value for me

Create a little PHP page that receives a character string from you (aka ‘the password’), hashes it and shows you the result.

If you are working on a remote environment on which you cannot connect, you can put this specified code in a file such as hashme.php such as this one:

<?php
if (isset($_GET['p'])) { require_once dirname(__FILE__) . '/includes/bootstrap.inc';
require_once dirname(__FILE__) . '/includes/password.inc';
print _password_crypt('sha512', $_GET['p'], _password_generate_salt(DRUPAL_HASH_COUNT));
exit(); }
print "No password to hash.";

Once you have upload this file to your server just put the URL in like this: /hashme.php?p=sausages

Obviously you would replace the domain name with your own and choose your own password – sausages isnt that secure… but it is tasty.

When you press enter you will see the hashed value of ‘sausages’ – it should look like this:

Now you just copy/paste that text back into your USER table in the DRUPAL database. and *BOOM* your password is now sausages.

NOTE: if you have locked out your profile go and clear the FLOOD table in the DRUPAL database. This will remove the “your profile is locked out after too many attempts” message. CLEAR it dont delete it 😉

Hope this helps somebody out there?

Follow

About the Author

IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Alpha Nerd and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and in the words of the most interesting man in the world: Stay thirsty my friend.