10

We are going to deploy a Drupal site inside company's intranet. There is a requirement for user to reset password. We have a centralized password reset mechanism (for single sign on):

  • user submits a password change request in system
  • the request is sent to a password server
  • the password server will reset the user's password in all systems with a new password
  • the password server will send the new password to user's mobile phone via sms

Now we are going to add the Drupal site to all systems. Please suggest a way to change the Drupal's logon password by an external program (assume the system can run script on the Drupal host and edit Drupal MySQL database).

ohho
  • 50,879
  • 75
  • 256
  • 383

5 Answers5

8

For Drupal 7 -- Hope this custom function code resolves change password for anonymous user.

function password_reset(){
    global $user;
    $hashthepass = 'password'; /* Your password value*/
    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
    $hashthepass = user_hash_password(trim($hashthepass));
    // Abort if the hashing failed and returned FALSE.
    if (!$hashthepass) {
      return FALSE;
    }
    else {
      db_update('users')
        ->fields(array(
          'pass' => $hashthepass
        ))
        ->condition('uid', $user->uid)       
        ->execute();
    }
 }
Clemens Tolboom
  • 1,872
  • 18
  • 30
hussain
  • 432
  • 5
  • 7
4

If you're using Drupal 6 then the password stored in the system is a simple md5 of the password. If you're using php scripts to trigger the password reset then use the http://php.net/manual/en/function.md5.php function.

Username and Password is stored in the users table. The md5 hash is stored in the pass column.

Sid Kshatriya
  • 4,965
  • 3
  • 25
  • 29
  • As the answer says, this only works for Drupal 6. It's an important point to consider for anyone with more modern Drupal versions. – greggles Jun 14 '18 at 18:38
2

Another possibility for Drupal 7 is: 

$user = user_load($GLOBALS['user']->uid);
$user->pass = 'the new password';
user_save((object) array('uid' => $user->uid), (array) $user);

This will automatically hash the password, without the need to write directly to the database.

Mathias
  • 1,076
  • 1
  • 9
  • 10
1

Here is another more sophisticated Drupal 7 approach based on the given $username. It also supports e-mail addresses used as username.

$users = user_load_multiple(array(), array('mail' => $username, 'status' => '1'));
$account = reset($users);
if (!$account) {
  // No success, try to load by name.
  $users = user_load_multiple(array(), array('name' => $username, 'status' => '1'));
  $account = reset($users);
}

if ($account) {
  $account->pass = 'new password';
  user_save($account);
}
else {
  watchdog('user', 'Cannot load user: %user', array('%user' => $username), array(), WATCHDOG_ERROR);
}
kenorb
  • 155,785
  • 88
  • 678
  • 743
1

There are already many nice answers in here, but I believe I add the one which I found easy for me.

// ID of the user whose password you wish to change.
$uid = 1;

// Load the user account.
$account = user_load($uid);

// Load hashing libraries.
// You can use module_load_include() if you want to make it cleaner.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

// Generate new password hash.
$password_hash = user_hash_password('enter-new-password-here');
if (!$password_hash) {
  // Password could not be hashed. Handle the error.
  exit('Password could not be hashed.');
}

$account->pass = $password_hash;
user_save($account);

Given everything is set up correctly, your user's password would be updated.

Note: If you have forgotten your root password, you can safely ignore the error handling, etc. Add these lines in index.php before menu_execute_active_handler(); and open any page to reset your password. Don't forget to remove the lines after you're done though!

Jigarius
  • 394
  • 3
  • 16