Locked out of your Joomla?

This was just asked on the NYPHP Joomla mailing list, so I thought I’d add it here for folks as a quick cheatsheet. Basically the problem is when you find yourself with a Joomla site and have no idea what the logins are. You need to find the admin user (or whatever the admin user’s username is) and reset the password to something you know, so you can login and start taking control of the site. This is how it can be done.In the top directory of your website’s files, you’ll find a file there called configuration.php.Take a look in this file and grab the following variables:

• $host
• $user
• $db
• $password

That is your database access information. Now to change your admin password. When you connect to your database (using the mysql command line client on your server most likely), go to a table called jos_users and look for the admin user:

select id, name, username, password from jos_users;

Somewhere in those results should be a user called ‘admin’ in the ’username’ column. If not, you should probably see which account was acting as the admin superuser, and that is the one you want. Now change that password to ‘changeme’ like this, and note that I had to run the string ‘changeme’ through MD5 first as all passwords in Joomla are hashed:

update jos_users set password = '4cb9c8a8048fd02294477fcb1a41191a' where username = 'admin';

Now you can login to the Joomla backend as admin / changeme, and IMMEDIATELY change your password.

For this very reason I keep a simple PHP script on my laptop that has a form that posts a text field and echos the output after an MD5 hash. That way I can generate MD5 hashes of known strings when I need to reset a password, for instance.

Hope you find this useful, and please pipe up in the comments if this post needs more detail.