omrmankar
How to recover drupal administrator password with a PHP file in Drupal 8/9

How to recover drupal administrator password with a PHP file in Drupal 8/9

Omprakash Mankar's photo
Omprakash Mankar
·

2 min read

  1. First, create a file with a random name (gh34tu9.php for example).
     
  2. Copy and paste the following contents into the file, and save the file.
  3. <?php
     use Drupal\Core\DrupalKernel;
     use Symfony\Component\HttpFoundation\Request;
     if (pathinfo(FILE, PATHINFO_FILENAME) == 'admin-pass-reset') {
      die('Please change your file name to a random string to continue');
     }
     // Boot Drupal.
     $autoloader = require DIR . '/autoload.php';
     $request = Request::createFromGlobals();
     $kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod', FALSE);
     $kernel->boot();
     // Get password hasher service.
     $password_hasher = $kernel->getContainer()->get('password');
     // Hash password.
     if (isset($_GET['pass']) && !empty($_GET['pass'])) {
      $newhash = $password_hasher->hash($_GET['pass']);
     }
     else {
      die('Retry with ?pass=PASSWORD set in the URL');
     }
     // Update user password.
     $updatepass = Drupal::database()->update('users_field_data')
      ->fields(array(
       'pass' => $newhash,
     // 'name' => 'admin',
     //     'mail' => 'yourmail@example.com'
      ))
      ->condition('uid', '1', '=')
      ->execute();
     // Clean user 1 cache.
     Drupal::cache('entity')->delete('values:user:1');
     print "Done. Please delete this file as soon as possible";
  4. Upload the file to the root of the Drupal installation directory (i.e., where index.php, update.php, robots.txt and other files and directories exist).
  5. Execute the script, by requesting the file in a web browser using the following URL pattern: example.com/gh34tu9.php?pass=mypassword

    In the above URL, - replace example.com with your actual domain name, - replace gh34tu9.php with the actual file name that you specified in step one above, - replace mypassword with the desired new password.

    Note: It is highly recommended you choose a password that contains upper and lowercase letters and numbers, and is at least 12 digits in length
  6. If the script executes successfully, you will see the text "Done" in your web browser. The password of the administrative account created when installing Drupal (i.e., user/1) will be changed to "mypassword" (or whatever value you specify).
  7. Finally, delete the file from the Drupal installation root directory.

Download file https://www.dropbox.com/s/zslgshwv3lkcwaa/tftftf.php?dl=0