Forgot My Drupal Password

From time to time I use a web content management solution called Drupal to build websites. Drupal (pronounced Droop-pull) let's you build websites that are secure, that allow you to write articles and blogs with ease and basically manage the content of your website. Sometimes the trouble with Drupal is that it makes web development too easy.

Having said that there is one problem I keep bumping into with Drupal. Often times I will be setting up a site, and then I get side tracked and need to come back around later only to have forgotten the administrative password. Ugh! In a real implementation for Drupal, that would never be a problem. If you forgot your password, Drupal has the capability (out of the "box") to send an email message to the email associated with the a user so that user can reset their password. The problem is, if the site is in development and running locally, sometimes the email feature of Drupal doesn't get configured basically breaking the ability of Drupal to send that email and start the password reset process. Here is a work around for that!

On a local installation you probably have access to your MySQL database for the Drupal site. This is not typically something that someone on a live site would have access to, so this is a safe procedure. Drupal also protects against SQL Injection so what I am about to show you is pretty darned safe.

Go to your MySQL Database for the Drupal site using a tool like MySQLAdmin. Now, find the "user" table and "browse" it. Notice that you can see the user names in the table. At the same time notice that the passwords saved in the "pass" column seem encrypted. That is because, well, they are. Specifically they are encrypted using the MD5 algorythm. Now, if you know anything about MD5 or security then you know that the MD5 algorithm has been cracked. In reality, while this is true, you pretty much have to be super-human to hack MD5 encrypted messages so there really isn't anything to wory about.

So, how do we figure out this encrypted password? We don't. The trick is to simply change the password. Assuming that the password you want to change is associated with the user id "1" (the field or column should be called "uid") open up your MySQLAdmin "SQL" tab and run the following SQL:

UPDATE users SET pass = MD5('newpassword') WHERE uid = 1

...and that should result in telling you that one record was updated.

Now go back to your Drupal site and attempt to login with your new password. Easy, Peasy, Lemon Squeezy!