Reset Drupal password using HASH value

  • Home
  • /
  • Blog
  • /
  • Reset Drupal password using HASH value

February 4, 2017

Reset Drupal password using HASH value

By NickLitten

February 4, 2017

drupal, password, reset

During yesterdays reversion back to Drupal7 and subsequent website resurrection, module updates, database rebuilds and general housekeeping… I got a bit clever with myself and managed to lock up my admin profile and lose the password and disable the “email lost password” mechanism in Drupal ;Aaaaargh!!!

But after a little googling I found a need solution. Hope this helps someone else that’s as fat-fingered as I am.

Problem – Locked up Drupal profile and lost password

I have access to Drubal database but can see the password is stored in a HASh value which is not readable. It looks something like this:

Reset drupal password

So, to reset the password we need to (a) know a password ie: ‘sausages’ and (b) convert that password the HASH value. Each and every HASH value is unique to your instance of Drupal. I found a few different solutions mostly involving running scripts and updating the SQL database manually. Since I do now have command line access but I do have control panel access so I can (a) update the SQL database and (b) upload files to the server — this technique was really easy.

Solution – Create a little PHP page to get the new value for me

Create a little PHP page that receives a character string from you (aka ‘the password’), hashes it and shows you the result.

If you are working on a remote environment on which you cannot connect, you can put this specified code in a file such as hashme.php such as this one:

if (isset($_GET['p'])) { require_once dirname(__FILE__) . '/includes/';
require_once dirname(__FILE__) . '/includes/';
print _password_crypt('sha512', $_GET['p'], _password_generate_salt(DRUPAL_HASH_COUNT));
exit(); }
print "No password to hash.";

Once you have upload this file to your server just put the URL in like this: /hashme.php?p=sausages

Obviously you would replace the domain name with your own and choose your own password – sausages isnt that secure… but it is tasty.

When you press enter you will see the hashed value of ‘sausages’ – it should look like this:

Reset drupal password using hash value 1

Now you just copy/paste that text back into your USER table in the DRUPAL database. and *BOOM* your password is now sausages.

NOTE: if you have locked out your profile go and clear the FLOOD table in the DRUPAL database. This will remove the “your profile is locked out after too many attempts” message. CLEAR it dont delete it 😉

Hope this helps somebody out there?

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Join the IBM i Community for FREE Presentations, Lessons, Hints and Tips