Core Hack

database

hosting

Joomla 1.0

Joomla 1.5

Joomla 1.7

PHP

phpMyAdmin

Security

troubleshoot

Did you manage to lost your password? Worst, maybe you lost the Super Administrator password? And for some reason you can't use the retrieve lost password functionality of Joomla...  If you use Joomla, if you forget your password you could just simply click on the "Forgot password" menu, and the new password will be sent to your email address. But what if you can't remember the exact e-mail address, or you have a local, development version and did not have the mailer handy... or your Internet connection is down? Or, worse - happened to me couple of times - you need to overtake a site originally developed by someone else?

Tip number one - the evergreen, and the oldest:

The dumbest solution from all is this: works on Joomla 1.0.* - but reportedly worked on Joomla 1.5.* too and probably will work even on Joomla 1.7.*. Yea, let's hope you can access your database at least...

• With the mysql user name and password retrieved as described above, login to your phpMyadmin, and select your Joomla database.
• Browse your Joomla users table 'jos_users' by default, but you may have an alternate prefix.
• Locate the default admin account - for each Joomla versions the default ID is 62
• Then edit the your administrator password from the user list. This is encrypted using the MD5 algorithm for all, but earliest Joomla versions, so don't expect some readable text here
• Change the password in the "password" field into "21232f297a57a5a743894a0e4a801fc3" (without quotes). Save the changes you've made.
• Log in now with the password 'admin'.

Tip number two - for the geeks, works on all current versions:

See the above how you can retrieve your database password - you might need it, if you can't access your hosting control panel. The following example is for cPanel based hosting, but can be easily adapted for other interfaces too. Go to your cPanel and click on phpMyAdmin in the Databases box. (If you are not using cPanel or do not have phpMyAdmin, you can run the query directly for Joomla's database.)

Once in the phpMyAdmin select the Joomla's database from the drop-down menu at left. The page will refresh and the database's tables will be displayed on it. Open the SQL tab (look at the top navigation bar).

In the text field write the following SQL query (replace the prefix 'jos_' with your actual one):

UPDATE `jos_users` SET `password` = MD5( 'new_password' ) WHERE `jos_users`.`username` = "admin" ;

Where

• "new_password" - replace this with the new password you wish to use.
• "admin" - replace this if your admin username is different.

Once you are ready, click on the GO button to submit the query. If everything goes fine without errors, you should be able to login to Joomla with the new password.

First variation for the tip number two

• Login to phpMyAdmin, select your database and click on the table jos_users.
• Select the super admin user and click on edit.
• In row password, select MD5 from the dropdown list and then insert your new password in the field value. Then click on Go.
• Now you can login with your new password.

Second variation for tip number two, adapted for Joomla 1.7

You also can use the following method to generate MD5 password. Create a php file, say md5.php, with this content:

<?php
        echo md5( ‘admin’);
?>

and run md5.php, you also will get 21232f297a57a5a743894a0e4a801fc3.

Save and exit phpMyAdmin. Login to the admin interface using your new password, and change the password immediately to something secure.

And delete the above php file - the bad guys are reading too this tip .

Tip number tree - the übergeek solution for Joomla 1.7.* - temporarily removing PHP authentication

Go to plugins/authentication/joomla/joomla.php and modify this line:

if ( $crypt == $testcrypt) {

to

if ( true /* $crypt == $testcrypt */ ) {

Now you can login to backend with any password. Then go to User Manager, reset your password and undo the modification in the above file.