locked out of a drupal 7 site

May272010

Today, while working on a new Drupal 7 site, I somehow managed to lock myself out. I knew the admin (UID=1) username, but could not for the life of me get the password right.

Drupal 7 uses a new password hashing mechanism, so I couldn't simply replace the user's password hash with an MD5 hash of a known value (MD5(123); has long been my favourite for these scenarios!). A little bit of digging around in D7 core turned up the user_hash_password() function, which, as its name suggests, generates a hash of your supplied string (this time using SHA512 and a salt). The output of this function is what should be used as the new password in the users table.

For example, user_hash_password(123); returns $P$CD6Nf2aDgnBZZElo/teVOO2.h6sNT9/ as the hash. Replace the existing hash value in the database with this new hash (of a known string!) and you're good to go!

Happy manual-password-reset day!

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Mollom CAPTCHA
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated.