Reset Concrete CMS Password Manually

This is a community-contributed tutorial. This tutorial is over a year old and may not apply to your version of Concrete CMS.
Mar 2, 2019
By shahroq for Developers
Edit

If you have lost your password for any reasons, you can use the built-in password reset form on the /login page. If the email address on the account you want to reset is incorrect and you have access to the database, you can update the email address in the Users table and then use the password reset form. The following method should be considered a last resort and is slightly risky as it will show the new password to anyone who happens to request the URL while the code is added to the file.

Given the above alternatives and warnings, you can follow this tutorial and reset a password manually. This tutorial supposes that you have SFTP access and are able to edit files in your server.

  1. Open \application\bootstrap\app.php file.
  2. Add the following code at the end of this file.
Route::register('/manual_reset_password', function() {

    $userIDToReset = 0; //enter USER_ID here (admin USER_ID is 1)
    $newPassword = 'ENTER YOUR NEW PASSWORD HERE';

    $hasher = $this->app->make(Concrete\Core\Encryption\PasswordHasher::class);

    $ui = UserInfo::getByID($userIDToReset);
    $username = $ui->getUserName();

    $db = Database::connection();
    $dh = Loader::helper('date');
    $dateTime = $dh->getOverridableNow();

    //update password
    $statement = $db->executeQuery(
        'UPDATE Users SET uPassword = ?, uLastPasswordChange = ?  WHERE uID = ?;', 
        array(
            $hasher->HashPassword($newPassword),    
            $dateTime,
            intval($userIDToReset)
        )
    ); 

    //delete password
    $statement = $db->executeQuery(
        'DELETE FROM UserValidationHashes WHERE uID = ?;', 
        array(
            $userIDToReset  
        )
    ); 

    printf("Password for username = %s (ID=%s) has been changed to '%s'.", $username, $userIDToReset, $newPassword);
    printf("<h2 style='color:red'>");
    printf("DO NOT FORGET TO REMOVE THIS CODE AFTER CHANGING THE PASSWORD.");
    printf("</h2>");

});
  1. Change $userIDToReset & $newPassword appropriately.
  2. Run this path in your browser: http://example.com/index.php/manual_reset_password
  3. After checking whether your new password works, remove the appended code in step 2.
Recent Tutorials
Create custom Site Health tasks
Apr 19, 2024
By myq.

This tutorial will guide you through the creation of a new Site Health task

Reusing the same Express entity in multiple associations
Apr 11, 2024
By myq.

How to create and manage multiple associations in Express

Express Form Styling
Apr 11, 2024
By myq.

Different ways to style Express forms

Setting addon/theme version compatibility in the marketplace
Jan 9, 2024
By JohntheFish.

For developers worn out with setting the latest addon or theme version manually across too many core versions, here is a JavaScript bookmarklet to do it for you.

How to get the locale of a page
Jan 8, 2024
By wtfdesign.

Now, why don't we just have a getLocale() method on Page objects beats me, but here's how you work around it

Using a Redis Server
Jun 16, 2023
By mlocati.

How to configure Concrete to use one or more Redis servers to persist the cache.

Improvements?

Let us know by posting here.