Manual:パスワードの再設定

From MediaWiki.org
Jump to navigation Jump to search
This page is a translated version of the page Manual:Resetting passwords and the translation is 28% complete.

Other languages:
Deutsch • ‎English • ‎Türkçe • ‎español • ‎français • ‎polski • ‎中文 • ‎日本語

ユーザがパスワードのリセットを必要とする場面は様々である。 パスワードを忘れた、セキュリティ事故によりパスワードが流出したと言うのが良く有るケースである。 殆どの場合、「Email new password」からユーザ自身でパスワードをリセットできる。

ユーザがカウントネームを忘れたりEmailにアクセスできなくなっていたりと言った複雑な事情が有る場合、管理者による別の手段が必要となる。

手法

Special:UserLogin の使用

If you know the username for an account, you can use the "Email new password" feature on the Special:UserLogin page. To use the feature, visit the Special:UserLogin page for the relevant wiki, fill in the Username field of the form and press the ”Email new password" button. A temporary password, along with instructions on how to reset the account's password, will be sent to the email address associated with the username.

Finding the username for a given email address

If you know the email address for a user, but not their username, query the user table of the MediaWiki database to find the associated username. For example, to find the username for user@example.com, run the following query:

SELECT user_name FROM user WHERE user_email = 'user@example.com';

changePassword.php メンテナンス スクリプトの使用

The changePassword.php maintenance script allows system administrators to change the password for an account. For complete instructions see changePassword.php . If you are already familiar with maintenance scripts, run the following command:

# set the password for username 'example' to 'newpassword'
sudo php changePassword.php --user=example --password=newpassword

警告: System administrators should not know the unencrypted password for user accounts. A user may use the same password over many different sites. If one of their accounts that uses the same password is compromised, then suspicion can be thrown on the administrator. It is better to use "Email new password" to force the user to reset the password for their own account or to set a temporary password the user changes directly afterwards.

Special:PasswordReset の使用

Special:PasswordReset allows accounts with the 'editmyprivateinfo' permission to reset account passwords for the local installation of MediaWiki.

To use:

  • Type username you want to reset in box provided and click "Reset password"
  • An automatically generated password will be emailed to the user

For automatically inserting the username in links, use Special:PasswordReset?wpUsername=Foo.

Direct database modification

To reset a password you can change the value of the user_password field inside the user table in your database. However, it's generally far easier and safer to use "Email new password" or use the changePassword.php script.

If your MediaWiki installation uses a memory cache, such as APC, memcached or Redis, then the user object is cached. Thus after making SQL changes you must flush the cache before a user can log in with the new password.

You should choose the according method depending on the value of $wgPasswordDefault in LocalSettings.php .

TODO: Fix documentation of the :pbkdf2:... password format. ":pbkdf2:sha256:10000:128:", 'another-string', 'another-key' only is correct sometimes! The numbers may change and no idea, what "another-string" and "another-key" actually are...
MySQL pbkdf2
UPDATE `user` SET user_password = CONCAT(':pbkdf2:sha256:10000:128:', 'another-string', 'another-key') WHERE user_name = 'someuser';
MySQL salted (make sure both instances of "somesalt" are the same)
UPDATE `user` SET user_password = CONCAT(':B:somesalt:', MD5(CONCAT('somesalt-', MD5('somepass')))) WHERE user_name = 'someuser';
PostgreSQL pbkdf2
update mwuser SET user_password = text(':pbkdf2:sha256:10000:128:') || 'another-stringanother-key' WHERE user_name = 'someuser';
PostgreSQL salted (make sure both instances of "somesalt" are the same)
update mwuser SET user_password = text(':B:somesalt:') || MD5(text('somesalt-') || MD5('somepass')) WHERE user_name = 'someuser';

注記

Also restarting Apache and clearing your browser cache might help.

You can copy the known password from one account to another:

SELECT user_id, user_name, user_password FROM user;
+---------+-----------+----------------------------------------------+
| user_id | user_name | user_password                                |
+---------+-----------+----------------------------------------------+
|       1 | User1     | :B:1d8f41af:1ba8866d9c43d30b7bc037db03a067de |
|       2 | User2     | :B:ee53710f:4291b056175513a5602d48eaeb79705c |
+---------+-----------+----------------------------------------------+

UPDATE user SET user_password = ':B:ee53710f:4291b056175513a5602d48eaeb79705c' WHERE user_id = 1;