How to change a user password from the database?

Question

Basically, I forgot the admin's user password so I'm not able to log in to reset it. Additionally, I'm not able to reset it via the forgot password feature as I'm still setting up the site and the mailing system is not working.

How can I reset a user's password directly from the database?

Answer 1

Up to Q2A v1.7.4 this was the only way:

I ended up running the following update on the database:

UPDATE qa_users
SET passcheck = UNHEX(SHA1(CONCAT(LEFT(passsalt, 8), 'new_pass', RIGHT(passsalt, 8))))
WHERE userid = 1;

Replace 1 with the user's id and new_pass with the new password for the user.

---

As of Q2A v1.8 things have changed. This should be the approach to use:

1. Get the password from the PHP function password_hash (you could use a PHP online IDE to do so quickly):

echo password_hash('new_pass', 1);

That should return an awful string. For example, after hashing password P@5sWoRd you should get something like this $2y$10$xkK9WkpgacLrE4kakOZFmO/1SxLWq6BvJYSjAC1GAZnKShSQbjm.O​

2. Once you have the hashed password run the following query:

UPDATE qa_users
SET passhash = 'hashed_password'
WHERE userid = 1;

Replace 1 with the user's id and hashed_password with the hashed password generated in the previous step.

Comments

This is an interesting report. It is more secure than creating a back door.