This site has been archived. To learn more about our current products Ibexa Content, Ibexa Experience, Ibexa Commerce head over to the Ibexa Developer Portal

eZ Community » Forums » Install & configuration » Password lost - help!

Password lost - help!

Password lost - help!

Friday 05 June 2009 10:14:22 am - 6 replies


How to retrieve admin password? I tried to insert new md5 hash into ezuser table but it's not working for me. What's the "type 2 hash"?

Modified on Friday 05 June 2009 10:16:38 am by Noicokuna Niemoge

Friday 05 June 2009 10:26:32 am


If you look in the class user : kernel/classes/datatypes/ezuser/ezuer.php (line 1557 )

static function createHash( $user, $password, $site, $type, $hash = false )
        $str = '';
        if( $type == self::PASSWORD_HASH_MD5_USER )
            $str = md5( "$user\n$password" );
        else if ( $type == self::PASSWORD_HASH_MD5_SITE )
            $str = md5( "$user\n$password\n$site" );
        else if ( $type == self::PASSWORD_HASH_MYSQL )
            $db = eZDB::instance();
            $hash = $db->escapeString( $password );

            $str = $db->arrayQuery( "SELECT PASSWORD( '$hash' )" );
            $hashes = array_values( $str[0] );
            $str = $hashes[0];
        else if ( $type == self::PASSWORD_HASH_PLAINTEXT )
            $str = $password;
        else if ( $type == self::PASSWORD_HASH_CRYPT )
            if ( $hash )
                $str = crypt( $password, $hash );
                $str = crypt( $password );
        else // self::PASSWORD_HASH_MD5_PASSWORD
            $str = md5( $password );
        eZDebugSetting::writeDebug( 'kernel-user', $str, "ezuser($type)" );
        return $str;

at the begining of class

    /// MD5 of password
    const PASSWORD_HASH_MD5_USER = 2;
    const PASSWORD_HASH_MD5_SITE = 3;
    const PASSWORD_HASH_MYSQL = 4;
    const PASSWORD_HASH_CRYPT = 6;

So in your case (the default case) the constant is PASSWORD_HASH_MD5_USER.

So to force a new valid pass in the ezuser table you have to make a hash like

$str = md5( "admin\n$MYPASSWORD" );


Modified on Friday 05 June 2009 10:28:46 am by Sébastien Morel

Friday 05 June 2009 10:28:58 am

Thanks for fast reply happy.gif Emoticon

Hmm... I try to generate this password as type 2 in an md5 hash calculator, but without any success. Any ideas? Should I include there that \n string or is it a break? I think it's a string?

I generated a password like admin\nmypassword, but the hash doesn't work. By now I login as type 1 pass, but every time I log out it gets changed in the DB to type 2, which is not that convenient.

Modified on Friday 05 June 2009 10:39:03 am by Noicokuna Niemoge

Friday 05 June 2009 10:55:01 am

For me

print md5("admin\nmypassword");



and it's ok for me( I just tested)

Are you sure, your problem comes from the password ? eZ shows error from user/password or siteaccess ?


Friday 05 June 2009 10:58:48 am

Well, I noticed that whenever I log out (when I change hash in the database and hash type to 1), eZ Publish changes hash type to 2 and also... changes the hash itself (changes password).

eZ even doesn't display an error "invalid password" just redirects me again to login form. Also, no errors are visible in error log.

Hmm, is it possible that I got hacked?

If yes, tell me please how to manually disable logins because today I'm going abroad and won't be able to sit and solve that problem instantly. :/

Modified on Friday 05 June 2009 11:40:06 am by Noicokuna Niemoge

Friday 05 June 2009 12:20:31 pm

Try run:

UPDATE  `YOURDBNAME`.`ezuser` SET  `password_hash` =  '',
`password_hash_type` =  '4' WHERE  `ezuser`.`contentobject_id` =14;

Then login as admin without password and click change password on the right to set new admin password from eZ Publish,

Modified on Friday 05 June 2009 12:21:00 pm by Łukasz Serwatka

Friday 12 October 2012 2:51:44 pm

Or even something like:

update ezuser set password_hash="foobar", password_hash_type=5 where contentobject_id=473;

This inserts a plaintext password "foobar" and indicates that the password isn't hashed -- for some specific user.

The next time that you log in (I think) and depending on your configuration, ez will convert this to the default password storage which involves catenating various strings with the plaintext password, hashing all that, and updating the hash type.

So, it's ok that the password hash string changes.


You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from