Reset Concrete CMS Password Manually

This is a community-contributed tutorial. This tutorial is over a year old and may not apply to your version of Concrete CMS.
Mar 2, 2019

If you have lost your password for any reasons, you can use the built-in password reset form on the /login page. If the email address on the account you want to reset is incorrect and you have access to the database, you can update the email address in the Users table and then use the password reset form. The following method should be considered a last resort and is slightly risky as it will show the new password to anyone who happens to request the URL while the code is added to the file.

Given the above alternatives and warnings, you can follow this tutorial and reset a password manually. This tutorial supposes that you have SFTP access and are able to edit files in your server.

  1. Open \application\bootstrap\app.php file.
  2. Add the following code at the end of this file.
Route::register('/manual_reset_password', function() {

    $userIDToReset = 0; //enter USER_ID here (admin USER_ID is 1)
    $newPassword = 'ENTER YOUR NEW PASSWORD HERE';

    $hasher = $this->app->make(Concrete\Core\Encryption\PasswordHasher::class);

    $ui = UserInfo::getByID($userIDToReset);
    $username = $ui->getUserName();

    $db = Database::connection();
    $dh = Loader::helper('date');
    $dateTime = $dh->getOverridableNow();

    //update password
    $statement = $db->executeQuery(
        'UPDATE Users SET uPassword = ?, uLastPasswordChange = ?  WHERE uID = ?;', 
        array(
            $hasher->HashPassword($newPassword),    
            $dateTime,
            intval($userIDToReset)
        )
    ); 

    //delete password
    $statement = $db->executeQuery(
        'DELETE FROM UserValidationHashes WHERE uID = ?;', 
        array(
            $userIDToReset  
        )
    ); 

    printf("Password for username = %s (ID=%s) has been changed to '%s'.", $username, $userIDToReset, $newPassword);
    printf("<h2 style='color:red'>");
    printf("DO NOT FORGET TO REMOVE THIS CODE AFTER CHANGING THE PASSWORD.");
    printf("</h2>");

});
  1. Change $userIDToReset & $newPassword appropriately.
  2. Run this path in your browser: http://example.com/index.php/manual_reset_password
  3. After checking whether your new password works, remove the appended code in step 2.
Recent Tutorials
Upgrade Concrete versions 9.3.1 and 9.3.2
Sep 10, 2024
By myq.

How to get past a bug in versions 9.3.1 and 9.3.2 that prevents upgrading the Concrete core through the Dashboard

How to use Composer with Marketplace extensions
Aug 22, 2024

Composer can be used to manage third-party extensions from the marketplace

Controlling Google Tag Manager Tags Based on Concrete CMS Edit Toolbar Visibility
Aug 13, 2024

This document provides a step-by-step guide on how to control the firing of Google Tag Manager (GTM) tags based on the visibility of the Concrete CMS edit toolbar. It explains how to create a custom JavaScript variable in GTM to detect whether the edit toolbar is present on a page and how to set up a trigger that ensures GTM tags only fire when the toolbar is not visible. This setup is particularly useful for developers and marketers who want to ensure that tracking and analytics tags are not activated during content editing sessions, thereby preserving the accuracy of data collected.

Upgrading Concrete from 8.5 to 9.x
Jun 21, 2024
By myq.

How to avoid problems upgrading from 8.5 to 9.x

How to change the default date format
May 30, 2024
By myq.

Change the format of the default date

WebOps Tutorial on Running and Upgrading a Concrete CMS Website
May 2, 2024
By myq.

Describes how to deploy, manage, and upgrade a Concrete CMS website

Improvements?

Let us know by posting here.