Reset Concrete CMS Password Manually

This is a community-contributed tutorial. This tutorial is over a year old and may not apply to your version of Concrete CMS.
Mar 2, 2019
By shahroq for Developers
Edit

If you have lost your password for any reasons, you can use the built-in password reset form on the /login page. If the email address on the account you want to reset is incorrect and you have access to the database, you can update the email address in the Users table and then use the password reset form. The following method should be considered a last resort and is slightly risky as it will show the new password to anyone who happens to request the URL while the code is added to the file.

Given the above alternatives and warnings, you can follow this tutorial and reset a password manually. This tutorial supposes that you have FTP access and are able to edit files in your server.

  1. Open \application\bootstrap\app.php file.
  2. Add the following code at the end of this file.
Route::register('/manual_reset_password', function() {

    $userIDToReset = 0; //enter USER_ID here (admin USER_ID is 1)
    $newPassword = 'ENTER YOUR NEW PASSWORD HERE';

    $hasher = $this->app->make(Concrete\Core\Encryption\PasswordHasher::class);

    $ui = UserInfo::getByID($userIDToReset);
    $username = $ui->getUserName();

    $db = Database::connection();
    $dh = Loader::helper('date');
    $dateTime = $dh->getOverridableNow();

    //update password
    $statement = $db->executeQuery(
        'UPDATE Users SET uPassword = ?, uLastPasswordChange = ?  WHERE uID = ?;', 
        array(
            $hasher->HashPassword($newPassword),    
            $dateTime,
            intval($userIDToReset)
        )
    ); 

    //delete password
    $statement = $db->executeQuery(
        'DELETE FROM UserValidationHashes WHERE uID = ?;', 
        array(
            $userIDToReset  
        )
    ); 

    printf("Password for username = %s (ID=%s) has been changed to '%s'.", $username, $userIDToReset, $newPassword);
    printf("<h2 style='color:red'>");
    printf("DO NOT FORGET TO REMOVE THIS CODE AFTER CHANGING THE PASSWORD.");
    printf("</h2>");

});
  1. Change $userIDToReset & $newPassword appropriately.
  2. Run this path in your browser: http://example.com/index.php/manual_reset_password
  3. After checking whether your new password works, remove the appended code in step 2.
Recent Tutorials
Using the Concrete Migration Tool Addon
Apr 27, 2023
By EvanCooper.

How to use the Concrete CMS Migration Tool

How To Add Page Last Updated To Your Concrete CMS Pages
Mar 7, 2023
By jessicadunbar.

Concrete CMS has a page attribute you can add to a global area called "Page Date Modified." Here's how to add it

How To Exclude Subpages from Navigation
Dec 24, 2022
By EvanCooper.

How to exclude subpages from navigation - useful for a news or blog link in your main navigation where you don't want all the subpages to appear in a drop down menu.

How Can I Change The Maximum Size Of Uploaded files
Dec 13, 2022
By jessicadunbar.

This tutorial explains how to update your php settings.

Updating Concrete Themes from Version 8 to Version 9
Nov 24, 2022
By EvanCooper.

This tutorial covers commonly encountered issues when upgrading a Concrete CMS theme from version 8 to version 9

Transferring ownership of an add-on and a theme
Nov 15, 2022
By katzueno.

If you encounter a Concrete CMS add-on or theme that you love but not being maintained, you may want to ask the author to help or take over the add-on or theme. Here is the quick step-by-step guide of how to transfer the ownership.

Was this information useful?
Thank you for your feedback.