How to reset Drupal 8 administrator password using phpMyAdmin?

How to reset Drupal 8 administrator password using phpMyAdmin?

This post describes in brief the steps to reset the Drupal 8  administrator password in case you forget them. Writing down passwords are a big no no, and no matter how hard we try to remember passwords, sometimes, we may miss it, especially if you have various different password for different systems. And forgetting passwords also usually happens on development systems when you set some dummy or random passwords, phuff!, you no longer remember them. In this post, we shall see how to reset Drupal admin user password easily from phpMyAdmin. 
Refer to previous post if you are specifically looking for Drupal admin password reset on Drupal 7.

How to reset password on Drupal production sites?

If it is a production site, it is advised to reset password using the “forgot password” link to let Drupal send a password reset link to the user account’s email. This simpler and safer than using some scripts to reset password. 

How to reset password on Drupal development sites?

On local development server, we might not have a provision to let Drupal sent emails (Email server not installed / configured etc.) So, the “forget password” link may not be of any use to reset Drupal admin password. 

However, on development sites, we have access to command line as well as to phpMyAdmin. So, we can reset passwords for any user from phpMyAdmin by running some scripts. But as you might already know that passwords in Drupal are hashed. So we need to know the hash code of a password before running such SQL command.

Method 1: Using password hash : requires access to command line

This method requires access to SSH on production server to generate the password hash. Refer to Method 2, if SSH access is not available on production site. Otherwise, you can also use the hash provided below directly in phpMyAdmin.

The steps involves:

  • Generate password hash
  • Use the password hash in phpMyAdmin to reset password

To generate Drupal password hash, use the “password-hash.sh” file located at C:\xampp\htdocs\drupalsite\scripts can be used to generate hashed password. On production sites, it should be at “yourserver\htdocs\drupalsite\scripts”.

To execute the above script “password-hash.sh” on production server would require SSH access. Some hosting environments do not allow SSH access to the web server where a Drupal site is installed which makes it impossible to recover the Drupal administrator account password via the command-line. Refer to Method 2, if SSH access is not available.

If SSH access is available, you can execute the “password-hash.sh” file for a particular password word and use it. 

The following is an example on local Drupal site running on Windows + XAMPP. The process is similar for production or development server.

  • Open Windows PowerShell
  • Navigate Drupal main directory (or C:\xampp\htdocs\drupalsite\ in this example)
  • From the root of the drupal site in PowerShell, run the command: 

php core/scripts/password-hash.sh admin@123
where admin@123 is the password we want to generate the hash code for.

php+scriptspassword-hash.sh
  • Copy the hashed code generated from PowerShell which is “$S$DDSxOXL9.OZIu1m92JhljBtc2taWqsKBTJasNCLoHOLsSJwg4Czz” for admin@123.
  • Open phpMyAdmin
  • Open the database
    • Open table “users” (for Drupal 7)
    • Open the “users_field_data” table (for Drupal 8)
  • Against the particular user you want to change the password, double click on the hashed password displayed in phpMyAdmin and replace it with the new password hash generated / copied from the above step.
change+drupal+password+from+phpmyadmin
  • Go to flood table in DB
    If you are running a non-production server, simply truncate this table, otherwise look for anything that is flagging your IP with logging in. delete those records.
  • Go to cache_entity table in DB
    If you are running a non-production server, simply truncate this table, otherwise look for anything that is flagging your IP with logging in. delete those records.
  • Now login to the Drupal site with the new password “admin@123”
  • After login, change the password by clicking on the edit user tab if desired.

Note: 


Now that you know the hash code for admin@123 is “$S$DDSxOXL9.OZIu1m92JhljBtc2taWqsKBTJasNCLoHOLsSJwg4Czz” (without quotes), you can directly access phpMyAdmin and update the password as described above without generating a password hash.Run the following SQL Script on the database:

UPDATE users SET pass =’$S$DDSxOXL9.OZIu1m92JhljBtc2taWqsKBTJasNCLoHOLsSJwg4Czz’ WHERE uid = 1;

Method 2: Drupal 8 Admin Password Reset without SSH access
The steps described in Method 1 requires SSH access on production server to generate the password hash. If on development system, the above method 1 should also work. If you are on production server and does not have SSH access, this method may also be used (Thanks to Drupal Documentation here).

Excerpt from the link about the script below:

“The password reset method described below uses a PHP script that must be uploaded to the web server to reset the administrator password. The ability to upload a PHP file to the server where the site is hosted is required for successful execution of this method.

Under the hood, the PHP script executes a full Drupal bootstrap in order to obtain access to the necessary functions that generate the administrative password and then update the database with the new password that you specify via the URL when you execute the script through the web browser.”

(Source: Drupal Documentation )

Follow the steps described below to reset Drupal 8 Admin password:

  • First, create a file with a random name (pwdreset000.php for example).
  • Open the file created above to edit. 
  • Copy and paste the following code into the file created above, and save the file. 
<?php
use Drupal\Core\DrupalKernel;
use Symfony\Component\HttpFoundation\Request;

if (pathinfo(__FILE__, PATHINFO_FILENAME) == 'admin-pass-reset') {
  die('Please change your file name to a random string to continue');
}

// Boot Drupal.
$autoloader = require __DIR__ . '/autoload.php';

$request = Request::createFromGlobals();
$kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod', FALSE);
$kernel->boot();

// Get password hasher service.
$password_hasher = $kernel->getContainer()->get('password');

// Hash password.
if (isset($_GET['pass']) && !empty($_GET['pass'])) {
 $newhash =  $password_hasher->hash($_GET['pass']);
}
else {
  die('Retry with ?pass=PASSWORD set in the URL');
}

// Update user password.
$updatepass = Drupal::database()->update('users_field_data')
  ->fields(array(
    'pass' => $newhash,
//  'name' => 'admin',
// 'mail' => 'yourmail@example.com'
  ))
  ->condition('uid', '1', '=')
  ->execute();

// Clean user 1 cache.
Drupal::cache('entity')->delete('values:user:1');

print "Done. Please delete this file as soon as possible"; 
 
 
  • Upload the file to the root of the Drupal installation directory (using FTP or Web Host’s File Manager)
  • Execute the script, by requesting the file in a web browser using the following URL pattern:

http://yoursite.com/pwdreset000.php?pass=mypassword 
In the above URL,
– replace yoursite.com with your actual domain name,
– replace pwdreset000.php with the actual file name you specified in step one above,
– replace mypassword with the desired new password.

Note: It is highly recommended to choose a password that contains upper and lowercase letters and numbers, and is at least 12 digits in length. 

  • If the script executes successfully, you will see the text “Done” in your web browser. 
  • The password of the administrative account created when installing Drupal (i.e., user/1) will be changed to “mypassword” (or whatever password you specify).
  • Finally, delete the file from the Drupal root directory. (very important)

Reset administrator account username along with password using the script above:

If you can’t remember the username of the administrator account, in the script above, change

//    ‘name’ => ‘admin’ to     ‘name’ => ‘admin’

and the username will also be changed to “admin”.

You may also reset the administrator’s email address in the same way, by removing the // in the for the email address in the script above.

Refer to previous post if you are specifically looking for Drupal admin password reset on Drupal 7.

Leave a Reply

Your email address will not be published. Required fields are marked *