Reset your Drupal password without email.

Tue, 29 Apr 2014, by Syrsly

I deal with Drupal sites often, and one of the most often recurring issues is a forgotten/lost password for the admin account. Sometimes, the site isn't yours, and you simply were told the wrong info to log into the site but you have FTP access. Other times, you simply don't want to go through the hassle of sending yourself an e-mail, clicking a reset link, and editing your password through the profile settings page. There has to be an easier way, right? Righto.

The best way to deal with this is to make a script that does every bit of the password reset all in one go. The downside to this script is it is incredibly insecure. You will want to name it something funny random, like gudgoin.php or idungiveafk.php, place it in the root directory of the site, and delete it from the server right after using it.

The script example for Drupal 7: <?php define('DRUPAL_ROOT', getcwd()); include_once DRUPAL_ROOT . '/includes/'; include_once DRUPAL_ROOT . '/includes/'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); $newpass = user_hash_password('whatever'); mysql_query("UPDATE users SET pass='".$newpass."' where uid=1"); print("User 1 (admin) password changed to \"whatever\"."); print("<br />Hash (just in case): ".$newpass." "); die(); ?>

Optionally, you can also get the script as a file at GitHub:

Again, place the script in the site's root directory so it has access to the Drupal libraries. The getcwd function gets the current working directory or the directory the script is in. If the directory does not have the includes directory within it, it is a wrong directory for this script.

The script will set the admin user or user #1's password to "whatever". Feel free to change this to whatever password you want to use. The script also outputs the password in hash format in case it fails to update the database. You can copy the hash and paste it into the appropriate database field for the user you want the password changed on. You can also edit this script to change the password for practically any user as long as you know the user ID or uid.