如何復原或重設您的管理員密碼?
From Joomla! Documentation
一般來講,你可以從後台隨意新增、編輯和刪除每個帳戶和他們的密碼,但要達到這個目標,你必須先身為超級管理員群組的一員。
在一些情況下,你可能無法執行上面陳述的動作。例如,你的網站可能被「駭入」,然後帳號名稱和密碼都被改掉了;或者你印象中的密碼太舊,早已不適用了;或者你根本已經忘記密碼。
一些案例中,仍可以從調整 Joomla! 資料庫的設定來讓你可以再以超級管理員的身份重新登入,這方式只有對 Joomla! 網站的管理員有效。
方式 1:configuration.php 檔案
如果你具有對 Joomla! 網站的 configuration.php
存取權限,那這個復原密碼方式就是可行的。
1. 使用一個 FTP 連線程式連接你的網站。找到「configuration.php」並查看它的檔案權限。如果檔案的權限是 444 或是其他值,請一律將「configuration.php」的檔案權限調整到 644。這會避免等一下我們上傳 configuration.php 時可能造成的問題。
2. 下載 configuration.php 檔案。
3. 使用文字編輯器(ex. Notepad++)打開它,加入這一行:
public $root_user='myname';
到檔案的最下面。其中,myname 指的是一個你知道密碼,且有管理員存取能力的帳戶名稱。作者或更高層級的帳戶名稱也可以使用,以替代具有管理員存取能力的帳戶。
4. 儲存 configuration.php 並上傳回網站。剛剛被改過的權限可以不用再改回來沒關係。
這使用者將會是一個暫時的超級管理員。
5. 重新登入後台,更改那個你原本不知道密碼的管理員帳戶,或者建立一個新的超級管理員帳戶。 若你決定創立一個新的帳戶,你可根據自己的情況封鎖或是刪除你原本的帳戶。
6. 完成之後,確認您使用警告訊息中的「點擊這裡自動執行」連結來移除。假如點擊連結沒有成功,回到上一步並用文字編輯的方式,從 configuration.php
檔案中刪除這一行。上傳檔案回網站。
7. 使用ftp應用程式來驗證 configuration.php
的檔案權限,應該要是444才好。假如您手動移除了剛剛那一行,那記得要修改configuration.php
檔案權限為444。
假如您沒有已知的用戶和密碼,也無法從前台註冊用戶。您可能需要從資料庫來修改,下面的教學會告訴您怎麼做。
方法 2: 直接修改資料庫
如果上面的方法對您無效,您還有兩個選擇,這兩種作法都需要您直接對the資料庫作業。
從資料庫修改密碼
If the admin user is still defined, the simplest option is to change the password in the database to a known value.。這都需要您使用 phpMyAdmin 或是其他的客戶端介面,來存取MySQL資料庫。
- Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
- Find and click on the table with _users appended in the list of tables. (Note: you may have a prefix that is not jos_. Simply go to the _users table for your prefix).
- Click on the Browse button in the top toolbar. This will show all of the users that are set up for this site.
- Find the user whose password you want to change and press the Edit icon for this row.
- A form will display that allows you to edit the password field. Copy the value
d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
into the password field and press the Go button. phpMyAdmin should display the message Affected rows: 1. At this point, the password should be changed to secret.
- Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.
Add a New Super User
If changing the password won't work, or you aren't sure which user is a member of the Super User group, you can use this method to create a new user.
- Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
- Press the SQL button in the toolbar to run an SQL query on the selected database. This will display a field called Run SQL query/queries on database <your database>.
- Delete any text in this field and copy and paste the following query below and press the Go button to execute the query and add the new Administrator to the table.
- Use the SQL query below to add another Administrator account.
The following code uses jos31_ as the table name prefix which is only an example table prefix. The prefix when you first installed Joomla is random or what you set it to specifically. You will need to change all occurrences of jos31_(your install set prefix) found in the code below to the prefix your installation is using.
SQL code for use with Joomla 2.5, 3.x, 4.x, 5.x
INSERT INTO `jos31_users`
(`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');
At this point, you should be able to log into the Backend of Joomla! with the username of admin2 and password of secret. After logging in, go to the User Manager and change the password to a new secure value and add a valid email address to the account. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super User group.
Warning: The password values shown on this page are public knowledge and are only for recovery. Your site may be hacked if you do not change the password to a secure value after logging in.
The examples above change the password to secret. Two other possible values are shown below:
- password = "this is the MD5 and salted hashed password" ------------------------------------------------------ - admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT - secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199 - OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm