Table of contents:
From: kracker,xavier
Tags: Security, Admin, Password, Reset, Solution
Question: I forgot my admin password or (insert other problem description here) and I can’t login to eZ publish admin, how can I reset the admin password?
Since eZ Publish 5.x and again in eZ Publish 6.x the default way to store user passwords has been updated to use bcrypt instead of md5 thus greatly increasing security.
This shift may have left some users looking for a guide.
To generate a new password hash to store in the database first remember not to use the database provided MD5 SQL Function and instead pass in a pre-generated hash string into the database table ezuser for the specific user needed.
To generate your new password hash under linux, you can run:
php -r "echo password_hash('publish', PASSWORD_BCRYPT);";
The result is a random representation of your password string in bcrypt hash format (optimized for authentication).
You can store this value within the database and right away login using the user updated password.
SET @hash = '$2y$10$FDn9NPwzhq85cLLxfD5Wu.L3SL3Z/LNCvhkltJUV0wcJj7ciJg2oy'; SET @username = 'admin'; SET @type = '7'; UPDATE ezuser SET password_hash=@hash, password_hash_type=@type WHERE login=@username;
Now login. No caches clearing should be required for authentication to succeed.
Here is a more traditional example of updating the hash of the admin user password (to the default "publish").
UPDATE `ezuser` SET `password_hash` = '$2y$10$FDn9NPwzhq85cLLxfD5Wu.L3SL3Z/LNCvhkltJUV0wcJj7ciJg2oy' WHERE `ezuser`.`contentobject_id` = 14;
To generate your new password hash under mysql you can run this command. This is the most direct way of solving this problem. I reference this sql shortcut frequently.
SET @key = 'publish'; SET @username = 'admin'; SET @del = '\n'; SET @hash = MD5(CONCAT(@username,@del,@key)); UPDATE ezuser SET password_hash=@hash WHERE login=@username;
To generate your new password hash under linux, you can run:
echo -n -e "admin\npublish" | md5sum
The result is:
c78e3b0f3d9244ed8c6d1c29464bdff9
To do this for another user, replace admin with the login, and publish with the wanted password.
This requires HashType in site.ini to be md5_user.
This is the normal setting, so if you don’t know you changed it, this will work just fine.
Update the password_hash field in your eZ publish database table ezuser for the record `admin` user (login). By replacing the password_hash with the default hash as provided by the setup wizard for the password text `publish`.
I’ve done this several times to solve this problem.
The default hash for the admin password is kinda hidden in the file: ' ezpublish/share/db_data.dba'
For me the default hash was this string for the password 'publish'.
c78e3b0f3d9244ed8c6d1c29464bdff9
This hash when used as the `admin` user’s password hash will reset the password to `publish` without the quotes.
Example sql to do this:
UPDATE ezuser SET password_hash='c78e3b0f3d9244ed8c6d1c29464bdff9' WHERE login='admin';
Rerun the setup wizard by editing your site.ini.append(.php) and ensure that this line is set.
# Set to true if you want the setup system to be activated CheckValidity=true
Temporarily disable the validation check on the password. It means that anyone can login on every account simply putting any random password.
1) Edit the file ' kernel/classes/datatypes/ezuser/ezuser.php'
2) Search for the function ' authenticateHash' (Line 1083 on eZ publish, 3.7)
3) Add this first line:
return true; // no matter what, consider the password valid
Then login as 'admin', change your password, write it down on a post it and put in on your monitor :)
Most security expects frown on the last point ;)
mysql -u USERNAME -p DATABASE UPDATE ezuser SET password_hash = MD5("admin\nPASSWORD") WHERE login LIKE "admin";
1. Login via shell, console, ssh, ...
2. Backup your eZ publish database to sql file (Best Practice)
3. Connect to your eZ publish Database.
4. Run this sql line to reset password of admin user
UPDATE ezuser SET password_hash='c78e3b0f3d9244ed8c6d1c29464bdff9' WHERE login='admin';
5. Clear Cache (Optional)
Article provided by eZpedia
All text is available under the terms of the GNU Free Documentation License
Powered by eZ Publish 6.0.2stable
Hosted by USA eZ Publish Community Partner : Brookins Consulting