[Mediawiki-l] Re: Resetting a forgotten password
Jan Steinman
Jan at Bytesmiths.com
Tue Jan 17 22:16:27 UTC 2006
> From: Rick DeNatale <rick.denatale at gmail.com>
>
> On 1/17/06, Sy Ali <sy1234 at gmail.com> wrote:
>> Is there the facility to get or reset a user's lost password when
>> email functions have been turned off?
>
> The user table in the database stores the MD5 hash of the password
> salted with the user id, if you can generate this hash value you can
> manually reset a password via an SQL update. It ain't pretty but
> failing all else...
>
> Details of how the password is salted can be found in User.php
I actually set all accounts that had not been logged-in to the SAME
password using this technique. (Please don't lecture about why this
is a bad idea. It served the purpose at the time.)
Note that the hash is a function of the user name, so you can't
simply blast some MD5 hash of some arbitrary password in there.
:::: In a low-energy future... the wealth of nations will be measured
by the quantity and quality of their forests. -- David Holmgren ::::
:::: Jan Steinman, http://www.EcoReality.org ::::
More information about the MediaWiki-l
mailing list