We all go through situations where our memory gets the best of us and forgetting your Joomla password is just one typical situation. In this case, you are forced to use the forgot your password link provided by the CMS.
You then find situations where that link may not be as effective as originally anticipated in the event when the user has forgotten their passwords.
It gets worse when that person happens to be a clientA client is a computer application program that requests information from a server in a client/server relationship. A typical example is a web browser accessing a web page from a server.... More who cannot remember their password and email address. With all honesty, this is probably the most common scenario.
So How Would you Recover a Lost Joomla Password?
As an administrator, you definitely have access to the raw MySQL database where Joomla stores its data. This is the key to you being able to do some Joomla password recovery. This access may either be accessible via phpMyAdmin, the popular MySQL database administration interfaceIn computing, an interface is a shared means by which two or more separate components of a computer system exchange information. The interface could be between the human and a computing device, two computers, computer hardware, software or peripheral devices. Examples include touch screens which allow information to be exchanged between a human and the devices, A software graphical interface,... More or Using another third party GuiA GUI or Graphical User interface is a form of user interface that allows users to interact with electronic devices through graphical windows, controls, icons and other like components. GUIs are highly visual and allow the user to interact with information and data by directly manipulating the visual representations of this information in contrast to command-line interfaces where all interaction... More clientA client is a computer application program that requests information from a server in a client/server relationship. A typical example is a web browser accessing a web page from a server.... More such as SQLYog or MySQL Bench.
The other method is to use the MySQL command-line clientA client is a computer application program that requests information from a server in a client/server relationship. A typical example is a web browser accessing a web page from a server.... More. Whichever method you choose, this guide will show you how to pick the best solution.
Using MySQL command-line or raw SQL Queries
Prior to Joomla 3.x passwords were stored in the database in the format $password MD5 hash, colon then random salt which gives you a string 65 characters long. This would look something like this:
d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
So basically to get a string such as the one above you would run the following:
md5(your_password + salt) + “:” + salt
So all you need to do is get into the database and get the password string and copy out the salt section and append it to the password and run it as the inputInput in computer science is to provide something to the computer in the form of a command, data, or a signal from outer sources. In some programming languages such as Visual Basic or Python, the term is also a special keyword or function. Input can be retrieved from Input Devices such as Image scanner, Keyboard, Microphone, Mouse, Softcam, Touchscreen, Touchpad,... More into the md5() function then concatenate that to a colon and finally the hash at the end.
There is also another simpler tick. The internal functions of Joomla allow you to still set a password without the salt. So simply running md5(your_password) will still work.
Now, md5 is not a Cryptographically secure hashing algorithm but it works well in resetting the password which the user can use to log into the admin area and then use the Joomla interfaceIn computing, an interface is a shared means by which two or more separate components of a computer system exchange information. The interface could be between the human and a computing device, two computers, computer hardware, software or peripheral devices. Examples include touch screens which allow information to be exchanged between a human and the devices, A software graphical interface,... More to change it immediately.
You can use the following query to reset your Joomla password using a MySQL command-line clientA client is a computer application program that requests information from a server in a client/server relationship. A typical example is a web browser accessing a web page from a server.... More.
UPDATE `jos_users` SET `password` = MD5('new_password') WHERE `jos_users`.`username` = "current_user" ;
Where:
“jos_users” would be the actual name of your users’ table. the prefix “jos_” is different depending on the installation.
“new_password” should be replaced with the new password you wish to use.
“current_user” is the affected username that needs the password changed.
If you are using a GUIA GUI or Graphical User interface is a form of user interface that allows users to interact with electronic devices through graphical windows, controls, icons and other like components. GUIs are highly visual and allow the user to interact with information and data by directly manipulating the visual representations of this information in contrast to command-line interfaces where all interaction... More MySQL clientA client is a computer application program that requests information from a server in a client/server relationship. A typical example is a web browser accessing a web page from a server.... More then you can simply open the table, navigate to the respective row then replace the password string with this one:
d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
The string is actually for the password secret.
You can then go in and log into Joomla using your_username and secret as the password.
The above method works for current versions of Joomla as well.
Versions of Joomla above 3.x use Bcrypt as the password hashing algorithm but seeing the above methods will work, we want to keep things simple. The most important thing here is to remember to change the password at the next sign in and let the CMS hash the password using its internal strongest algorithm depending on the Joomla version.
For further reading check out this WordPress guide on how to disable Multiple post revisions.
References:
https://www.phpmyadmin.net/ Official phpMyAdmin website
https://www.webyog.com/ – SQLYog Official Website
https://www.mysql.com/ Official MySQL Website
https://docs.joomla.org/ Joomla! Documentation