Recovering or Resetting Lost Passwords in Movable Type

| 2 Comments | No TrackBacks |
By default, the most recent versions of Movable Type come with a built-in password recovery system that can email a user a password reset link.  For most cases, this is enough.  If worst comes to worst, a user with System Administrator privileges can manually reset a user's password or even change the email address the recovery link is sent to.  But what if the account in question is the (only) system administrator account, or if the server cannot send email?
For cases like these, the easiest thing to do is go into the database and reset the password there.  Open the mt_author table and look for the administrator user.  Usually it is in the first row, as it is the first account normally created during installation.  But you may have multiple system administrators, so if you are trying to recover/reset the password of another one you have to find it in this table first.

Then have a look in the 'author_password' column.  You will see an encrypted string there, which is the encrypted form of the password.  It is not practical to reverse this string back to the original password (which is exactly why it is encrypted: even if hackers steal your database they still can't log in to your live site using just these strings).  When a user tries to log in, the value he entered for password is encrypted and compared to the encrypted password already in the database.  If they match, the user is let in.

Here is an example of such an encrypted password:

password.jpg





So if you replace the value in the 'author_password' column for a certain user with an encrypted string you know the unencrypted version of, you are basically resetting that user's password to that unencrypted string.

In MySQL you could do something like this:

UPDATE TABLE mt_author SET author_password="qw5cz59WXThtk" WHERE author_id = 1;

and the password for the admin user would be reset to 'changeme', which is the unencrypted version of that string.

Alternatively, if you still have a different account on the installation that works, you could upgrade that account to be the system administrator using this command, to alter MT's permissions table:

INSERT INTO `mt_permission` (permission_author_id`, `permission_blog_id`, `permission_permissions`, ) VALUES
(1, 0,  '''administer'',''create_blog'',''create_website'',''edit_templates'',''manage_plugins'',''view_log''');

Don't forget to change the '1' to the actual ID of the author you want to make system administrator.


No TrackBacks

TrackBack URL: https://www.movabletips.com/cgi-bin/mt/mt-tb.cgi/109

2 Comments

I don't know if it's just me or if perhaps everyone else encountering problems with your
blog. It looks like some of the written text on
your content are running off the screen. Can someone else please comment and
let me know if this is happening to them too?
This might be a problem with my internet browser because I've had this happen before. Thanks

Hello there! I could have sworn I've been to this blog before but after checking through some of the post I realized it's new to me.
Anyways, I'm definitely glad I found it and I'll be bookmarking and checking back often!

Leave a comment