Drupal Programming

How to Reset a Drupal 7 Password

October 15, 2011

After abandoning one of my Drupal 7 sites for some time I decided to buy a domain for it and start working on it again. I immediately ran into a case of “Oops I forgot the password” and could not log in, eventually getting my account locked out. This is what happens every time I try and come up with a more clever password. Unlike in previous versions of Drupal it’s not a matter of just slapping an MD5 around a password when updating the database. With Drupal 7 you have to make use of a salted sha512 hash, the easiest way to do that is to create a file in your installation server with the password you want to convert and when you run it you will get your encrypted password echoed out to you. Simple enough! So here’s the code:

// $Id: index.php,v 1.99 2009/10/15 14:07:25 dries Exp $

 * @file
 * The PHP page that serves all page requests on a Drupal installation.
 * The routines here dispatch control to the appropriate handler, which then
 * prints the appropriate page.
 * All Drupal code is released under the GNU General Public License.
 * See COPYRIGHT.txt and LICENSE.txt.

 * Root directory of Drupal installation.
define('DRUPAL_ROOT', getcwd());

require_once DRUPAL_ROOT . '/includes/bootstrap.inc';

require_once 'includes/password.inc';
echo user_hash_password('your_new_password');



Simple browse to this file in your web browser and it will output your new salted password. Take that password and then go into PHPMyAdmin (or your favourite MySQL client) and then browse to your users table, there you can paste it in as the new password. Make sure not to use the password() or md5() functions when editing the field as it needs to be stored as plain text.

Thanks to Conclusion on Drupal.org for presenting this conclusion.

Only registered users can comment.

  1. Good to know a more simpler/faster method of resetting the password. I do it similarly, however I locally install Drupal to generate the password, then export the now known admin user record from the local db and import it to the website db where I lost my password overwriting it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.