I have inherited a PhpBB3 installation from an uncontactable previous admin who didn't leave me the password, or any mechanism to retrieve it.
It runs on a MySQL database, which I have logged into with full privileges in order to change the admin password. Unfortunately, PhpBB3 apparently uses a complex multistage salted hashing technique that I'm not familiar with. Given full access to the DB, how do I generate a valid password hash to replace the old one with?
I tried a simple MD5 of the known password of a normal user, and it doesn't match the DB entry.
Any other way to reset the admin password via the DB is also helpful, as long as it works!
Answer found elsewhere (credit: joshhighland.com)
run the update manually but use one of the following example hashes;
Hash: e10adc3949ba59abbe56e057f20f883e Password: 123456
Hash: $H$9Ae3Uk.ECdWW5ya13M4ErWhr4c.761/ Password: password
e.g. mysql> update phpbb_users set user_password='e10adc3949ba59abbe56e057f20f883e' where username = 'YourUserName';
...then login and change the password to one you'll remember afterwards :)
run mysql and select the relevant database then use the MD5 function to set the password on the account that you want to change.
For example if your phpbb3 database is called Yourphpbb3db and the users table is phpbb_users then
enter your password
I'm only slightly familiar with the intricacies of phpBB3, but I would try copying the hash and salt from another user account where the password is known (a throwaway account for this purpose or somesuch). Of course, back up the current hash and salt first, or possibly the whole DB... if that doesn't work, I would try elevating another account's privileges. I'm completely unfamiliar with the privilege system in phpBB3, but you can either try to duplicate the current admin's privilege table entries for a new account or just replace the admin's user ID with a known account. I would do all of this on a test system, if possible.