Topic on Project:Support desk

Can't Change Password Via phpMyAdmin!

6
95.166.17.211 (talkcontribs)

Hello,

I forgot my MediaWiki password, so I tried to reset the password by letting it send a reset mail to me. But it doesn't send a mail. And since my host doesn't give me SSH or any kind of console access, I had to try to reset the password via the database directly. For that, I used this:

UPDATE user SET user_password = MD5( CONCAT( user_id, '-', MD5( 'NEWPASS' ) ) ) WHERE user_id =1

When I executed it, it said "1 row affected", so I thought it would be working, but it didn't. I still couldn't login. Why doesn't it work when I reset the password like this? Can anybody help me, as I have no way of resetting my password now :(

Info: - MediaWiki Version: 1.21.2 - PHP Version: 5.3.27 (cgi-fcgi) - MySQL Version: 5.5.33-log

And I also have an extra note: Whenever I try to login, it just reloads the page and it says no message. The exact same happens when I reset my password with the email option, it just reloads. I've tried private browsing and clearing all my cookies, still doesn't work. I don't know if it is normal for it not to show a message like "Failed to login".

88.130.77.169 (talkcontribs)

Hi!

Passwords are calculated differently from what you think they were. The alogrithm you used is only used in MediaWiki 1.12 and older. Current versions use this algorithm:

UPDATE `user` SET user_password = CONCAT(':B:somesalt:', MD5(CONCAT('somesalt-', MD5('somepass')))) WHERE user_name = 'someuser';

assuming that $wgPasswordSalt is true in LocalSettings.php.

See Manual:Resetting_passwords for more information.

95.166.17.211 (talkcontribs)

Thank you, since I don't even have $wgPasswordSalt in my LocalSettings.php, I tried the unsalted algorithm, which also said that it affected 1 row, but I still couldn't log in :(

88.130.66.189 (talkcontribs)

$wgPasswordSalt defaults to TRUE, that's why I assumed that was the value in your case as well. So, if you have not changed it, you should really go with the algo I posted above. Btw. you should also be able to determine the value of $wgPasswordSalt by reading the passwords in the database: When they start with ":B:", they are salted; when they start with ":A:" they are not.

95.166.17.211 (talkcontribs)

But when I run the code you wrote, and replace someuser with my own username, it says 0 rows affected. Do I need to replace somesalt with something, in order for it to work?

88.130.66.189 (talkcontribs)

Ehh, I don't know that. Maybe...

However, this does not have to do with whether rows are affected by the SQL query or not. You are aware of the fact that "user_id" is an integer? When I wrote "user_id=someuser" that only was an example to show the general mechanism. You have to replace "someuser" with your user id; with "1".

Reply to "Can't Change Password Via phpMyAdmin!"