Reset Concrete CMS Password Manually

Mar 2, 2019

If you have lost your password for any reasons, you can use the built-in password reset form on the /login page. If the email address on the account you want to reset is incorrect and you have access to the database, you can update the email address in the Users table and then use the password reset form. The following method should be considered a last resort and is slightly risky as it will show the new password to anyone who happens to request the URL while the code is added to the file.

Given the above alternatives and warnings, you can follow this tutorial and reset a password manually. This tutorial supposes that you have FTP access and are able to edit files in your server.

  1. Open \application\bootstrap\app.php file.
  2. Add the following code at the end of this file.
Route::register('/manual_reset_password', function() {

    $userIDToReset = 0; //enter USER_ID here (admin USER_ID is 1)
    $newPassword = 'ENTER YOUR NEW PASSWORD HERE';

    $hasher = $this->app->make(Concrete\Core\Encryption\PasswordHasher::class);

    $ui = UserInfo::getByID($userIDToReset);
    $username = $ui->getUserName();

    $db = Database::connection();
    $dh = Loader::helper('date');
    $dateTime = $dh->getOverridableNow();

    //update password
    $statement = $db->executeQuery(
        'UPDATE Users SET uPassword = ?, uLastPasswordChange = ?  WHERE uID = ?;', 
        array(
            $hasher->HashPassword($newPassword),    
            $dateTime,
            intval($userIDToReset)
        )
    ); 

    //delete password
    $statement = $db->executeQuery(
        'DELETE FROM UserValidationHashes WHERE uID = ?;', 
        array(
            $userIDToReset  
        )
    ); 

    printf("Password for username = %s (ID=%s) has been changed to '%s'.", $username, $userIDToReset, $newPassword);
    printf("<h2 style='color:red'>");
    printf("DO NOT FORGET TO REMOVE THIS CODE AFTER CHANGING THE PASSWORD.");
    printf("</h2>");

});
  1. Change $userIDToReset & $newPassword appropriately.
  2. Run this path in your browser: http://example.com/index.php/manual_reset_password
  3. After checking whether your new password works, remove the appended code in step 2.
Recent Tutorials
Updating Concrete Themes from Version 8 to Version 9
Nov 24, 2022

This tutorial covers commonly encountered issues when upgrading a Concrete CMS theme from version 8 to version 9

Transferring ownership of an add-on and a theme
Nov 15, 2022
By katzueno.

If you encounter a Concrete CMS add-on or theme that you love but not being maintained, you may want to ask the author to help or take over the add-on or theme. Here is the quick step-by-step guide of how to transfer the ownership.

How to update Add-Ons if not on the Update Add-Ons Menu item
Jul 4, 2022

How to manually download an add-on and update it when your site's core versions isn't considered compatible with the add-on version.

Generate a report with author information and form summaries in Concrete CMS.
May 9, 2022

In Concrete CMS, you can use a form to initiate contact between logged-in users and then create helpful reports. After form submissions are collected, they can be searched, sorted, and exported as a spreadsheet. This tutorial will detail how to add author information to a report using the advanced search.

How to clone and customize Atomik theme
Feb 14, 2022
By linuxoid.

How to clone and customize Atomik theme

Update jQuery to 3.5 on Concrete CMS version 8.5.x
Dec 1, 2021
By hissy.

If you have to take some time to fix your site to work with version 9 and want to update jQuery immediately, you can override it.

Was this information useful?
Thank you for your feedback.