Reset Concrete CMS Password Manually

Mar 2, 2019

If you have lost your password for any reasons, you can use the built-in password reset form on the /login page. If the email address on the account you want to reset is incorrect and you have access to the database, you can update the email address in the Users table and then use the password reset form. The following method should be considered a last resort and is slightly risky as it will show the new password to anyone who happens to request the URL while the code is added to the file.

Given the above alternatives and warnings, you can follow this tutorial and reset a password manually. This tutorial supposes that you have FTP access and are able to edit files in your server.

  1. Open \application\bootstrap\app.php file.
  2. Add the following code at the end of this file.
Route::register('/manual_reset_password', function() {

    $userIDToReset = 0; //enter USER_ID here (admin USER_ID is 1)
    $newPassword = 'ENTER YOUR NEW PASSWORD HERE';

    $hasher = $this->app->make(Concrete\Core\Encryption\PasswordHasher::class);

    $ui = UserInfo::getByID($userIDToReset);
    $username = $ui->getUserName();

    $db = Database::connection();
    $dh = Loader::helper('date');
    $dateTime = $dh->getOverridableNow();

    //update password
    $statement = $db->executeQuery(
        'UPDATE Users SET uPassword = ?, uLastPasswordChange = ?  WHERE uID = ?;', 
        array(
            $hasher->HashPassword($newPassword),    
            $dateTime,
            intval($userIDToReset)
        )
    ); 

    //delete password
    $statement = $db->executeQuery(
        'DELETE FROM UserValidationHashes WHERE uID = ?;', 
        array(
            $userIDToReset  
        )
    ); 

    printf("Password for username = %s (ID=%s) has been changed to '%s'.", $username, $userIDToReset, $newPassword);
    printf("<h2 style='color:red'>");
    printf("DO NOT FORGET TO REMOVE THIS CODE AFTER CHANGING THE PASSWORD.");
    printf("</h2>");

});
  1. Change $userIDToReset & $newPassword appropriately.
  2. Run this path in your browser: http://example.com/index.php/manual_reset_password
  3. After checking whether your new password works, remove the appended code in step 2.
Recent Tutorials
How to update Add-Ons if not on the Update Add-Ons Menu item
Jul 4, 2022

How to manually download an add-on and update it when your site's core versions isn't considered compatible with the add-on version.

Generate a report with author information and form summaries in Concrete CMS.
May 9, 2022

In Concrete CMS, you can use a form to initiate contact between logged-in users and then create helpful reports. After form submissions are collected, they can be searched, sorted, and exported as a spreadsheet. This tutorial will detail how to add author information to a report using the advanced search.

How to clone and customize Atomik theme
Feb 14, 2022
By linuxoid.

How to clone and customize Atomik theme

Update jQuery to 3.5 on Concrete CMS version 8.5.x
Dec 1, 2021
By hissy.

If you have to take some time to fix your site to work with version 9 and want to update jQuery immediately, you can override it.

Add-On Developers: Get Your Add-Ons Ready for Concrete CMS 9.0
Aug 6, 2021
By andrew.

Concrete CMS 9.0 is coming! But there are some changes in version 9 that might affected your add-ons and themes. This document aims to answer questions about the most common ways that your add-ons might need to be changed, and common problems you'll run into.

Permissions for editors in a multilingual site
Jun 2, 2021
By myq.

How to set up a multilingual Concrete CMS site for groups of language-specific editors

Was this information useful?
Thank you for your feedback.