Tags

, , , ,

No password Remembering the admin account credentials is a must for the developer in order to access the website and work upon it, But what if the client didn’t provided you the admin account credentials and you are about to start working on the site, the similar situation may arise if you need to work upon the site on which you had worked upon long time back, similarly there are many other such situations arises where you need to reset the password of admin account.

So, to overcome the above situations we can try one of the following method depending upon the scenario in which we are currently in:

1. Using Drush command:

drush user-password <USERNAME> --password=<PASSWORD>

Arguments:

USERNAME: The username of the account to modify. (if you don’t know username as well than use this command: “drush user-information <USER-ID>“)

PASSWORD: The new password for the account in plain text format. Required.

Drush command to get the user details like username, user-email, user-roles, user-status from user id:
drush user-information <USER-ID>

This is the faster way to reset password, and also drush will take care of encrypting the plain text to needed format.

But this needs command line access to server which is not easy to avail in shared host environment. If this is the case than we may try the other solution stated as below.


2. Using one-time auto log-in link (requires email notification to work):

In every Drupal site we have forget password page http://OUR_SITE_URL/user/password (i.e “/user/password” page) containing a simple form that takes username or email address of user who wish to reset his/her password. On submitting the form, e-mail address bounded to that user’s account will receive an email with one-time auto log-in link and instructions to set new password.

This is default method provided by the Drupal for recovering the password and is a very safe and secure method to reset the password.

Remember that this requires the email to be configured on the sever where the site is hosted so that user can receive the mail containing the one time auto log-in link. Also note that by default this link is valid for 24 hours, however the expiry time of this link can be changes from configuration.


3. Using database query:

First, we have to generate a password hash that is valid for our site. Execute the following commands from the command line, in the Drupal root directory:

./scripts/password-hash.sh <PASSWORD>

Argument:

PASSWORD: password in plaint text format.

Result:

hash: Hashed password that is valid for the site. Copy this to the clipboard or write it down somewhere, we’ll need it for the next step. Be careful not to include more or less characters as the hash.

If the above command doesn’t generated the hashed result or resulted an error than once have a look at the configurations mentioned here ( Resetting the administrator password with sql-query ).

Next, execute the following query on the Drupal database:

UPDATE users SET pass = '<HASHED-KEY-GOT-FROM-ABOVE>' WHERE uid = 1;

In the above query we have assumed the user id as “1” as by default the user id of super admin account is ‘1’ only. We can change the user id to the required value if we want to reset the password of another user account.

This method works irrespective of mail server configuration or email address associated with the user account.

But for using this method it will be necessary to log-in to the database. This is typically done through the command line or through a GUI interface such as phpMyAdmin.


4. Creating a external script:

a. Create a php file with a random name so that others cannot guess it easily. May be something like “dkpl2ae42.php”.

b. Copy and paste the following contents into the file, and save the file:

<?php
// Load drupal boostrap inorder to execute db queries and core methods.
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

// Include the file generate the hashed password.
require_once DRUPAL_ROOT . '/includes/password.inc';

// Check if the password is passed through the query parameter.
if (isset($_GET['pass']) && !empty($_GET['pass'])) {
  // Filter the password value as we are taking it from URL directly.
  $new_pass_plain = check_plain($_GET['pass']);
  $new_pass_hash = user_hash_password();

  // Update user data for resetting the password.
  $updatepass = db_update('users')
    ->fields(array(
      'pass' => $new_pass_hash,
      // Uncomment the following lines to reset the username and/or email address, if required.
      // Resetting the 'name' is useful in scenarios when you doesn't know username as well.
      // 'name' => 'admin',
      // 'mail' => 'yourmail@example.com'
    ))
    // Here you can change the value of user id from "1" to user id of required user.
    ->condition('uid', '1', '=')
    ->execute();

  // Message to remove the file immediately after resetting the password.
  print "Done. Please delete this file immediately!";
  drupal_exit();
}
else {
  // Retry again with query containing "?pass=<PASSWORD>".
  die('Retry with ?pass=PASSWORD set in the URL');
}
?>

c. Upload the file to the root of the Drupal installation directory (i.e., where index.php, update.php, robots.txt and other files and directories exist).

d. Execute the script, by requesting the file in a web browser using the following URL pattern:
http://OUR_SITE_URL/dkpl2ae42.php?pass=PASSWORD

e. If the script executes successfully, you will see the text “Done” in your web browser, and the password will be updated to the value you provided in the URL.

f. Finally, delete the file from the Drupal installation root directory.

This method is very helpful in scenarios when we neither have access to the database interface, nor we have access to the Drush.
I tried to gather the authentic solutions for recovering the admin account password under different scenarios.

If you are having any suggestion/advice for me than please leave the comment below, it would be a pleasure for me to hear from you.

Advertisements