Actions

Difference between revisions of "How do you recover or reset your admin password?"

From Joomla! Documentation

(Please do not encourage people to enter their passwords into applications that they have no reason to trust. It is tantamount to phishing.)
(user better sql query (based on Jerome's suggestion) and also provide better directions for the edit password option)
Line 1: Line 1:
If you know the email address that was used for the admin user, and you have made the "lost password" feature available on the front end, the simplest thing is to do is to use the "lost password" Front-end function.
+
Normally, you can add, edit and delete users and passwords from the back-end User Manager. To do this, you must be logged in as a member of the Super Administrator group.  
  
If not, you will need access to the MySQL database. You have two choices, either add a new super administrator or change the password stored in the data base. To do this you need to go to phpMyAdmin (or use a similar tool) and manually edit the database. Before doing this ''back up your complete database''.
+
In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.
  
From phpMyAdmin, you can run this SQL query to create a new user known as <var>admin2</var>.
+
In these cases, it is still possible to fix up the Joomla! database so you can log back in as a Super Administrator. There are three possible methods discussed below.
  
<source lang="sql">
+
===Use the Lost Password Feature===
INSERT INTO `jos_users` VALUES
+
If you have access to the email address that was used for the admin user, and you have made the "lost password" feature available on the front end, the simplest thing is to do is to use the "lost password" Front-end function. The site will send an e-mail to the user's e-mail address and allow you to change the password.
    (62, 'Administrator2', 'admin2', 'your-email@email.com', 'd1bb08b44909c038fe4e58e325180251:nHBaZ92t', 
+
    'Super Administrator', 0, 1, 25, '2005-09-28 00:00:00', '2005-09-28 00:00:00', '', '');
+
INSERT INTO `jos_core_acl_aro` VALUES (10,'users','62',0,'Administrator2',0);
+
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25,'',10);
+
</source>
+
  
'''You should change 62 in the above queries to something much higer than the number of users you have on your website else the queries will FAIL! '''
+
If this method will not work, you have two other options, both of which require working with the MySQL database directly.
  
The password will be <var>admin</var>. Immediately log in and change this password and make any other changes to other admin users.  
+
===Change the Password in the Database===
 +
If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin.
  
A second option is to change the password in the table for your admin user. The password is stored in the MySQL database jos_users table password column. (Change this for your table prefix if different.)
+
# Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
 +
# Click on the table "jos_users" in the list of tables.
 +
# Click on the "Browse" button in the top toolbar. This will show all of the users that are set up for this site.
 +
# Find the user who's password you want to change and press the Edit icon for this row.
 +
# A form will display that allows you to edit the password field. Copy the value <source lang="sql">d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199</source> into the password field and press the "Go" button. phpMyAdmin should display the message "Affected rows: 1". At this point, the password should be changed to "secret".
 +
# Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.
  
Open the table, find the row for your admin user, and then select that row for editing. The password must be hashed, you cannot simply enter text into this field.
+
===Add a new Super Administrator User===
 +
If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.
 +
 
 +
# Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
 +
# Press the "SQL" button in the toolbar to run a SQL query on the selected database. This will display a field called "Run SQL query/queries on database <your database>".
 +
# Delete any text in this field and paste in the following:
 +
<source lang="sql">
 +
INSERT INTO `jos_users`
 +
    (`id`, `name`, `username`, `email`, `password`, `usertype`, `block`, `sendEmail`,
 +
    `gid`, `registerDate`, `lastvisitDate`)
 +
    VALUES (null, 'Administrator2', 'admin2', 'your-email@yourdomain.com',
 +
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199',
 +
    'Super Administrator', 0, 1, 25, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
 +
INSERT INTO `jos_core_acl_aro` VALUES (NULL, 'users', LAST_INSERT_ID(), 0, 'Administrator', 0);
 +
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25, '', LAST_INSERT_ID());
 +
</source>
 +
:4. At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a secure value and the e-mail to a valid e-mail address. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super Administrator group.
  
Set the password to one of the known values shown below:
+
The examples above change the password to "secret". Two other possible values are shown below:
  
 
<pre>
 
<pre>

Revision as of 13:11, 10 December 2008

Normally, you can add, edit and delete users and passwords from the back-end User Manager. To do this, you must be logged in as a member of the Super Administrator group.

In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.

In these cases, it is still possible to fix up the Joomla! database so you can log back in as a Super Administrator. There are three possible methods discussed below.

Use the Lost Password Feature

If you have access to the email address that was used for the admin user, and you have made the "lost password" feature available on the front end, the simplest thing is to do is to use the "lost password" Front-end function. The site will send an e-mail to the user's e-mail address and allow you to change the password.

If this method will not work, you have two other options, both of which require working with the MySQL database directly.

Change the Password in the Database

If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin.

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Click on the table "jos_users" in the list of tables.
  3. Click on the "Browse" button in the top toolbar. This will show all of the users that are set up for this site.
  4. Find the user who's password you want to change and press the Edit icon for this row.
  5. A form will display that allows you to edit the password field. Copy the value
    d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
    
    into the password field and press the "Go" button. phpMyAdmin should display the message "Affected rows: 1". At this point, the password should be changed to "secret".
  6. Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.

Add a new Super Administrator User

If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Press the "SQL" button in the toolbar to run a SQL query on the selected database. This will display a field called "Run SQL query/queries on database <your database>".
  3. Delete any text in this field and paste in the following:
INSERT INTO `jos_users` 
    (`id`, `name`, `username`, `email`, `password`, `usertype`, `block`, `sendEmail`, 
    `gid`, `registerDate`, `lastvisitDate`)
    VALUES (NULL, 'Administrator2', 'admin2', 'your-email@yourdomain.com',
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', 
    'Super Administrator', 0, 1, 25, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
INSERT INTO `jos_core_acl_aro` VALUES (NULL, 'users', LAST_INSERT_ID(), 0, 'Administrator', 0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25, '', LAST_INSERT_ID());
4. At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a secure value and the e-mail to a valid e-mail address. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super Administrator group.

The examples above change the password to "secret". Two other possible values are shown below:

- password = "this is the MD5 and salted hashed password"
------------------------------------------------------
- admin  = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812  = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm