Recent Topics

I lost my password, what should I do?

Started by on Jan 15, 2008 – Contents updated: Dec 22, 2015

Jan 15, 2008 03:57    

Through phpMyAdmin you can access your database.
Select the correct database in the left hand box
Find evo_users and hit "Browse"

In this box hit the pencil "Edit"

For the password (the string with random numbers and letters) fill in "b3188adab3f07e66582bbac456dcd212" without the quotes.
Save, leave phpMyAdmin and enter your blog. Your password is now "cabbage" without the quotes. As soon as you've entered the backoffice change your password. :>

Good luck

Oct 29, 2008 02:28

Here's another way to reset the admin password if you don't have phpMyAdmin installed.

Create new file conf/hacks.php with this code


if( isset($_GET['reset_admin_pass']) )
    global $Messages$DB;
    $new_pass generate_random_passwd$length );
    $sql 'UPDATE T_users
            SET user_pass = '.$DB->quotemd5($new_pass) ).'
            WHERE user_ID = 1';
    if( $DB->query($sql) )
        $msg 'Admin password changed to "<b>'.$new_pass.'</b>"<br /><br />You should now remove the password reset code from conf/hacks.php';
        $Messages->add$msg'success' );

Type the following in address bar to reset the password



Do nor forget to delete the file conf/hacks.php once you're done! otherwise anyone will be able to reset your password at any time!

Dec 29, 2012 13:45

Let's pretend I don't have a clue as to what you're talking about. I don't. Where do I look for 'phpMyAdmin'?

I am able to look at the Blog directory in but beyond that, I'm stuck. The problem is, I don't know what I called 'YOUR_BLOG' so am unable to look at anything at all. I might be able to GUESS the password I used (I have a pretty good idea as to what that is) but I cannot remember nor have I documented (anywhere that I have found) the actual name of my blog.

How would I invoke 'phpMyAdmin'? Doesn't the suggestion posted by sam2kb presume I know how to get to 'YOUR_BLOG'? I guess I feel like an idiot, but it has been 6 months since I updated my blog. I have migrated across two new PCs, and somewhere along the way inadvertently dropped the password (and Blog name) that I used when I set this up.

I know that the email address I used was and I was hoping that somehow this would be a validation tool to support my being the author and owner of the blog. I just need to know what I named the blog - and I'm stuck at this point.

Thank you for your reply.

Sep 23, 2013 16:01

OK, I got to the point where I have added to conf/hacks.php to my blog, and when I enter "MY_BLOG/index.php?reset_admin_pass" all I get is my blog page with a lot of black text at the top, representing the php code (I guess) of hacks.php. What should I have done differently?

Sorry for the delay - it has taken me this long to get beyond 'idiot' stage, but I'm still floundering.

Sep 23, 2013 16:41

Hello @jbmoss,

Please tell us if you have reviewed this page:, specially this section:

If you do not understand those instructions, please contact your hosting provider’s tech support and ask them to do this operation for you.

Sometimes, is way much easier trying to do it this way than dealing with code hacks.


Mar 09, 2015 22:18

Just for the records, and because the screenshots of the original post are not available any more.

1) Go to phpMyAdmin
2) Look for the table T_users (T_ is usually equivalent to evo_, but it depends of each installation).
3) Find the user whose password will be changed.
4) Click on "Edit".
5) Go to the user_pass row, select MD5 from the functions list and type in the new password.
6) Click on "Go"

That's it.

NOTE: this trick works only in version 5.2.x and below, since version 6 b2evolution starts using a different encoding mechanism.

May 24, 2015 21:01

"NOTE: this trick works only in version 5.2.x and below, since version 6 b2evolution starts using a different encoding mechanism."

Is there a trick for 6.4.x - other than blowing away the install and starting again? I followed the link above to the manual, but it just points straight back to this thread.

May 24, 2015 21:27

Not to worry, I reinstalled.

Jul 26, 2015 13:28

I noticed you are using another trick.
I cannot figure out how to recover, as the field user_pass has changed from char(32) to bnary(16)
So these above mentioned tricks are all obsolete, and this is also true for this thread as from for 6.x.

Jul 28, 2015 00:33

In addition to being binary, the password is now hashed to prevent reverse dictionary attacks.

We will post a new script that works with v6 here Asap.

Jul 28, 2015 09:26

New script to change a password on v6.

Create a new file in the root "/hacks.php" with the following code:


require_once dirname(__FILE__).'/conf/_config.php';
require_once $inc_path.'';
if( param'reset_admin_pass''string' ) == 'your_secret_key' )
    $your_user_ID 1// ID of your admin user
    $UserCache = & get_UserCache();
    $User = & $UserCache->get_by_ID$your_user_ID );
    $new_pass generate_random_passwd();
    $User->set_password$new_pass );
    if( $User->dbupdate() )
        $Messages->add'Admin password changed to "<b>'.$new_pass.'</b>"''success' );
        $Messages->add'You should now remove the file /hacks.php''success' );

Then call an url

Do not forget to delete the file /hacks.php once you're done! otherwise anyone will be able to reset your password at any time!

Note: ideally you should change your_secret_key in the code and in the url when you call the script. This way it's harder for anyone else but you to use the script.

Form is loading...

Secure CMS – This forum is powered by b2evolution CMS, a complete engine for your website.