10

We are going to deploy a Drupal site inside company's intranet. There is a requirement for user to reset password. We have a centralized password reset mechanism (for single sign on):

  • user submits a password change request in system
  • the request is sent to a password server
  • the password server will reset the user's password in all systems with a new password
  • the password server will send the new password to user's mobile phone via sms

Now we are going to add the Drupal site to all systems. Please suggest a way to change the Drupal's logon password by an external program (assume the system can run script on the Drupal host and edit Drupal MySQL database).

Improve this question

6 Answers 6

Reset to default
8

For Drupal 7 -- Hope this custom function code resolves change password for anonymous user.

function password_reset(){
    global $user;
    $hashthepass = 'password'; /* Your password value*/
    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
    $hashthepass = user_hash_password(trim($hashthepass));
    // Abort if the hashing failed and returned FALSE.
    if (!$hashthepass) {
      return FALSE;
    }
    else {
      db_update('users')
        ->fields(array(
          'pass' => $hashthepass
        ))
        ->condition('uid', $user->uid)       
        ->execute();
    }
 }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

If you're using Drupal 6 then the password stored in the system is a simple md5 of the password. If you're using php scripts to trigger the password reset then use the http://php.net/manual/en/function.md5.php function.

Username and Password is stored in the users table. The md5 hash is stored in the pass column.

Improve this answer

1 Comment

As the answer says, this only works for Drupal 6. It's an important point to consider for anyone with more modern Drupal versions.
2

Another possibility for Drupal 7 is: 

$user = user_load($GLOBALS['user']->uid);
$user->pass = 'the new password';
user_save((object) array('uid' => $user->uid), (array) $user);

This will automatically hash the password, without the need to write directly to the database.

Improve this answer

1 Comment

Didn't work for me. Saved the password to database without hashing.
1

Here is another more sophisticated Drupal 7 approach based on the given $username. It also supports e-mail addresses used as username.

$users = user_load_multiple(array(), array('mail' => $username, 'status' => '1'));
$account = reset($users);
if (!$account) {
  // No success, try to load by name.
  $users = user_load_multiple(array(), array('name' => $username, 'status' => '1'));
  $account = reset($users);
}

if ($account) {
  $account->pass = 'new password';
  user_save($account);
}
else {
  watchdog('user', 'Cannot load user: %user', array('%user' => $username), array(), WATCHDOG_ERROR);
}
Improve this answer

Comments

1

There are already many nice answers in here, but I believe I add the one which I found easy for me.

// ID of the user whose password you wish to change.
$uid = 1;

// Load the user account.
$account = user_load($uid);

// Load hashing libraries.
// You can use module_load_include() if you want to make it cleaner.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

// Generate new password hash.
$password_hash = user_hash_password('enter-new-password-here');
if (!$password_hash) {
  // Password could not be hashed. Handle the error.
  exit('Password could not be hashed.');
}

$account->pass = $password_hash;
user_save($account);

Given everything is set up correctly, your user's password would be updated.

Note: If you have forgotten your root password, you can safely ignore the error handling, etc. Add these lines in index.php before menu_execute_active_handler(); and open any page to reset your password. Don't forget to remove the lines after you're done though!

Improve this answer

Comments

0

For Drupal8+:

$user = \Drupal\user\Entity\User::load($uid);
$password = \Drupal::service('password_generator')->generate();
$user->setPassword($password);
$user->save();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.