Menu
Apparently the new (v2) OpenCart's password encryption scheme is not a simple md5 hash. I attempted to search the net for a way to reset the admin password after I changed hosts for my OpenCart installtion but could not find anything.
Thank you.
559
If you've forgot your admin password for OpenCart, you can reset the password in the database. You'll have to use phpMyAdmin in cPanel to change the password to the admin account.
Accessing the admin panel To access the admin panel, type in location of the store into the web browser followed by "/admin".
In a browser, pull up your OpenCart website. You will see the Dashboard login page. Enter your Username and Password, then click the Login button. You will then be on the main page of your OpenCart Dashboard.
If you just need to regain access, and change your password then you can do so pretty easily. Open system/library/user.php (system/library/cart/user.php in later versions) and find the line beginning
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username =
Before the WHERE put a # changing it to
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user #WHERE username =
and save. This allows you to log in using the first account (usually the default admin account) without any user and password. As soon as you do, reverse this and save again. You'll still be logged in and can edit the user data editing the password as you wish
129
phpMyAdmin or MySQL command promptThe only way to reset the administrative password is modifying the password column in oc_user via phpMyAdmin, something like hunting the silk road or either by changing the password column via MySQL command prompt. You cannot generate new Salt & Hashing with MySQL command prompt as explained at the end. Follow these below steps:
Navigate to oc_user table and look for columns with name password & salt
and change the values for the desired user_id
password: d1c194daffb03fc2653027c87f76a12a4eaeac5f
salt: x3x6r693j
This combination of string or hash changes/alters the administrative password to “password” (without the quotes) for the desired user. This method might create a minor security risk as the salt will be a publicly known data, which is published here.
Click “Go”. It will change your password to password. Now, log into the OpenCart Admin (www.yourwebsitename.com/admin) Dashboard with your existing username and the new password.
Username: < Existing Username >
Password: password
By knowing your user_id, all the above steps are done from one command:
update `oc_user` set `password` = sha1( concat(`salt`, sha1( concat(`salt`, sha1('password'))))) where user_id = 1
Explaination:
The password was encrypted with the randomised salt
sha1($salt . sha1($salt . sha1($password)))
The above method is used to encrypt the password from the file admin/model/user/user.php
SELECT SHA1( CONCAT( salt, SHA1( CONCAT( salt, SHA1( 'password' ) ) ) ) )
FROM oc_user
WHERE user_id =1
LIMIT 0 , 30
Results: d1c194daffb03fc2653027c87f76a12a4eaeac5f
For Salt:
$salt = substr(md5(uniqid(rand(), true)), 0, 9)
uniqid(), password_hash and password_verify are purely PHP functions. They have nothing to do with MySQL
password_hash does not use the MD5 algorithm for hashing you password. md5 and password_hash() produce two different lengths
Navigate to Tool: OpenCart 2.0+ User Password Reset Generator you can specify your New Password and Salt
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
