Direct emergency database method to regain access if you lock yourself out from the admin account

One problem of the increased security features in Moodle 1.9.7 is that you may fully lock yourself out from the system if, for example, you have forgotten your more secure password. For most users, they should use the standard password recovery methods or have the admin reset the password. However, if the admin locks herself out and either has an invalid email or the email reset feature is not working, it may prevent complete access to the system by the admin.

The following method requires direct access to the database. Because any user with such access can make any changes, this method does not increase system vulnerability.

The password field of the table mdl_user contains an md5 hash of the password. The md5 hash of the word "guest" is 084e0343a0486ff05530df6c705c8bb4 provided that you have no salt set (or if you set the salt to , see Password_salting).

So, in most cases you can set the admin password temporary to the word 'guest' with the SQL statement:

update mdl_user set password = '084e0343a0486ff05530df6c705c8bb4' where username = 'admin'

If you have a different authentication method set on the admin account, you can set it to manual with the SQL statement:

update mdl_user set auth = 'manual' where username = 'admin'

Obviously you will want to immediately set the admin password to something secure (and that you will remember!) as soon as you log back in.--Gary Anderson 07:59, 24 November 2009 (UTC)