php - How to reset OpenCart 2+ administrative password?
Apparently the new (v2) OpenCart's password encryption scheme is not a simple md5 hash. I attempted to search the net for a way to reset the admin password after I changed hosts for my OpenCart installtion but could not find anything.
If you just need to regain access, and change your password then you can do so pretty easily. Open
system/library/cart/user.phpin later versions) and find the line beginning
#changing it to
and save. This allows you to log in using the first account (usually the default admin account) without any user and password. As soon as you do, reverse this and save again. You'll still be logged in and can edit the user data editing the password as you wish
RESET OPENCART ADMIN PASSWORD BY EDITING MySQL DATABASE Via
The only way to reset the administrative
passwordis modifying the password column in
phpMyAdmin, something like hunting the silk road or either by changing the
MySQLcommand prompt. You cannot generate new Salt & Hashing with
MySQLcommand prompt as explained at the end. Follow these below steps:
oc_usertable and look for columns with name password & salt and change the values for the desired
This combination of string or hash changes/alters the administrative password to “
password” (without the quotes) for the desired user. This method might create a minor security risk as the salt will be a publicly known data, which is published here.
Click “Go”. It will change your password to password. Now, log into the OpenCart Admin (www.yourwebsitename.com/admin) Dashboard with your existing username and the new password.
Username: < Existing Username >
By knowing your user_id, all the above steps are done from one command:
The password was encrypted with the randomised salt
The above method is used to encrypt the password from the file admin/model/user/user.php
password_verifyare purely PHP functions. They have nothing to do with MySQL
password_hash does not use the MD5 algorithm for hashing you password. md5 and password_hash() produce two different lengths
Navigate to Tool: OpenCart 2.0+ User Password Reset Generator you can specify your New Password and Salt
For login admin password 0ZReKeFZM75Y set in
database > oc_user
and salt HYSQS59P9
to admin user row.
Password is stored by OpenCart (from
Assuming you have DB access you can retrieve the salt as
Then generate the new hash, e.g. in bash ($SALT being the result of the previous command) :
Finally, update the DB with this new hash :
Then log in with the new password.
You can generate a new password using the script below:
Assuming you have access to the php files, open file system/library/cart/user.php in a text editor and change line 40, the 1st line of method login(), from:
This removes the password check,so you will always be logged in regardless the password you entered. After you are logged in, immediately change this line back as it will allow anybody to login under any user account, then change your password under "Users - Users - Edit".