drupal 管理员密码忘了怎么办?


怎么办?怎么办?怎么办? 我已经忘了3次了。。。。


Note: leaving this password reset script on your server after resetting the password constitutes a highly critical security hole that enables anyone to reset your administrator password. Use this script carefully, and always delete the script after you're finished using it.

  1. First, create a file with a random name (gh34tu9.php for example).
  2. Copy and paste the following contents into the file, and save the file.
use Drupal\Core\DrupalKernel;
use Symfony\Component\HttpFoundation\Request;

if (pathinfo(__FILE__, PATHINFO_FILENAME) == 'admin-pass-reset') {
  die('Please change your file name to a random string to continue');

// Boot Drupal.
$autoloader = require __DIR__ . '/autoload.php';

$request = Request::createFromGlobals();
$kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod', FALSE);

// Get password hasher service.
$password_hasher = $kernel->getContainer()->get('password');

// Hash password.
if (isset($_GET['pass']) && !empty($_GET['pass'])) {
 $newhash =  $password_hasher->hash($_GET['pass']);
else {
  die('Retry with ?pass=PASSWORD set in the URL');

// Update user password.
$updatepass = Drupal::database()->update('users_field_data')
    'pass' => $newhash,
//  'name' => 'admin',
//  'mail' => 'yourmail@example.com'
  ->condition('uid', '1', '=')

// Clean user 1 cache.

print "Done. Please delete this file as soon as possible";  
  1. Upload the file to the root of the Drupal installation directory (i.e., where index.php, update.php, robots.txt and other files and directories exist).
  2. Execute the script, by requesting the file in a web browser using the following URL pattern: http://example.com/gh34tu9.php?pass=mypassword In the above URL,

- replace example.com with your actual domain name, - replace gh34tu9.php with the actual file name that you specified in step one above, - replace mypassword with the desired new password. Note: It is highly recommended you choose a password that contains upper and lowercase letters and numbers, and is at least 12 digits in length.

  1. If the script executes successfully, you will see the text "Done" in your web browser. The password of the administrative account created when installing Drupal (i.e., user/1) will be changed to "mypassword" (or whatever value you specify).
  2. Finally, delete the file from the Drupal installation root directory.


There have been more than 5 failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.

没关系: DELETE FROM flood; Done.


Add new comment