If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin.
- Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
- Click on the table "jos_users" in the list of tables.
- Click on the "Browse" button in the top toolbar. This will show all of the users that are set up for this site.
- Find the user whose password you want to change and press the Edit icon for this row.
- A form will display that allows you to edit the password field. Copy the value into the password field and press the Go button. phpMyAdmin should display the message "Affected rows: 1". At this point, the password should be changed to "secret".
d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199 - Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.
Add a New Super Administrator User
If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.
- Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
- Press the "SQL" button in the toolbar to run a SQL query on the selected database. This will display a field called "Run SQL query/queries on database
". - Delete any text in this field and paste in the following and press the Go button.
INSERT INTO `jos_users`
(`id`, `name`, `username`, `email`, `password`, `usertype`, `block`, `sendEmail`,
`gid`, `registerDate`, `lastvisitDate`)
VALUES (NULL, 'Administrator2', 'admin2', 'your-email@yourdomain.com',
'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199',
'Super Administrator', 0, 1, 25, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
INSERT INTO `jos_core_acl_aro` VALUES (NULL, 'users', LAST_INSERT_ID(), 0, 'Administrator', 0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25, '', LAST_INSERT_ID());
At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a secure value and the e-mail to a valid e-mail address. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super Administrator group.
The examples above change the password to "secret". Two other possible values are shown below:
- password = "this is the MD5 and salted hashed password"
------------------------------------------------------
- admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
Source: http://docs.joomla.org/How_do_you_recover_your_admin_password%3F
Rohan's Blog:
I tried changing the password of the administrator via the above method. The password changed fine, but unfortunately there were problems with permissions.
This was fixed by creating a temporary Super Admin via the method above. Once the new user was created, I logged into the backend of the Joomla site to guarantee that it was successful.
I then deleted the user which wasn't working in phpMyAdmin, and then added the same user back via User Manager in Joomla.
After testing that the new user worked, I then deleted the temporary Super Admin account and was able to use the remade Super Admin account.
No comments:
Post a Comment