Can't Login after losing config file

I had a problem in my server that resulted in messing up the OJS files. I succeeded in saving the database. As a result of this I had to re-recreate my file but I don’t remember if I had md5 or sha1.
Also, the administrator of the website forgot the password.

I entered the database and on the “user” table I defined a new password, using both md5 and sha1 systems, but none worked.

The recovery password email works but the message that is supposed to give the new password says: here you have the password - but there is no information afterwords.

As a result of all this i can’t login anymore.

Is there a way to set a new password and save the website?

Thank you for any help you can provide,

Best, Mariana
OJS 3.0

Hi @mariana,

See the “Password Reset” section of the OxS Quick Reference for information on how to reset the password via the database.

Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

Thank you for your prompt reply!

I have already done what is in there. It does not work. Gives me “invalid username or password”. And I am SURE that i am using the right credentials. I am going to explain the steps taken:

1 - I entered the config file and defined md5
2 - I entered the phpmyadmin GUI for MYSQl (since I do not have terminal access - the hosting service only provides CPANEL acccess)
3 - selected the admin user on the “user” table, changed the password and selected “md5”. Saved the changes

It did not work. Something very odd is happening here because I have done this action several times in the past with Joomla CMS (which uses the same technique to keep passwords in MYSQL) and it always worked.

I tried the password recovery but it is not working either since the email that is sent with the password only provides the username, not the password (although it says it is in the email - why is this happening?). I am using SMTP ssl/tls to send emails.

Ĩ also tried an empty password and forced the definition of a new password on the filed “must_change_password” but it does not accept empty passwords.

Thank you so much for your help.


Adding to the previous post, I realised that there is a SQL GUI on PHPMYADMIN. So I runned the SQL command* and it worked. Thank you for your help!

I don’t understand why it did not work manipulationg the values on the user table field.

By the way, a question: should I change now from md5 to sha1? By doing it on the config file, will I have access to the system? Thank you again for your help.

Best, Mariana

  • UPDATE users SET password=MD5(CONCAT(username, ‘newPasswordHere’))
    WHERE user_id = 1

Hi @mariana,

SHA1 is a more secure hashing method than MD5, so it’s preferred.

Alec Smecher
Public Knowledge Project Team