After abandoning one of my Drupal 7 sites for some time I decided to buy a domain for it and start working on it again. I immediately ran into a case of “Oops I forgot the password” and could not log in, eventually getting my account locked out. This is what happens every time I try and come up with a more clever password. Unlike in previous versions of Drupal it’s not a matter of just slapping an MD5 around a password when updating the database. With Drupal 7 you have to make use of a salted sha512 hash, the easiest way to do that is to create a file in your installation server with the password you want to convert and when you run it you will get your encrypted password echoed out to you. Simple enough! So here’s the code:
<?php
// $Id: index.php,v 1.99 2009/10/15 14:07:25 dries Exp $
/**
* @file
* The PHP page that serves all page requests on a Drupal installation.
*
* The routines here dispatch control to the appropriate handler, which then
* prints the appropriate page.
*
* All Drupal code is released under the GNU General Public License.
* See COPYRIGHT.txt and LICENSE.txt.
*/
/**
* Root directory of Drupal installation.
*/
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
require_once 'includes/password.inc';
echo user_hash_password('your_new_password');
die();
menu_execute_active_handler();
?>
Simple browse to this file in your web browser and it will output your new salted password. Take that password and then go into PHPMyAdmin (or your favourite MySQL client) and then browse to your users table, there you can paste it in as the new password. Make sure not to use the password() or md5() functions when editing the field as it needs to be stored as plain text.
Thanks to Conclusion on Drupal.org for presenting this conclusion.