Newbie Emergency #1: "I'm locked out!"

1 Jul 2007

If you log out without having set up a convenient login block to let you back in... you're locked out! Right?

Fortunately, there's an easy way back in: <your domain>/user (as in, will always provide you a login form. (A site that doesn't have "clean URLs" enabled needs to use <your domain>/?q=user instead; try that if the above doesn't work.)

Yep, I've done the Locked-Out Panic. So have countless others; it's THE emergency de rigeur among Drupal initiates. Get a Drupal tattoo to mark the rite of passage, then log in and carry on!

Additional resources

How to login once you have turned your site off-line for maintenance


Unknown Drupaloid's picture

I was so happy I've found this page but... I've tried it and it does not work...

If someone reads this... please HELP !

Dean Flory's picture

I was having some issues with modules not wanting to uninstall, general weirdness so I'd cleared caches and ran all the crons and updates and all of that to no avail. So I thought, I'll just log out and log back in to see if that helps since I've been on this for days.

Well, my root password is no longer accepted. Stupid. Something is not right here and I'm constantly annoyed at all the extra effort Drupal developers (web site developers) have to expend when there should be effort on the Drupal and module developer end to make sure things like this don't happen.

I'm going to keep searching for answers and I'm going to be pissed if I have to dump EVERYTHING and start over, simply not acceptable.

drupalace's picture

Really? I fortunately haven't had that happen to me, and have no remedy from experience... All I can suggest is that, as long as you're willing and able to get into the guts of the site's mysql database, fixes for emergencies like this should be possible.

Perhaps a database procedure for resetting the password, like the below, would work?

(Agreed: Fixed or not, I'd still be angry at the need to do so, if Drupal were responsible for the glitch... which may or may not be your case; naturally, I can't say!)

Unknown Drupaloid's picture

Hi.. i have selected a new theme which wasn't enabled as my administration theme.. and now i can't access any of my admin pages.. anyway to fix this?

OsamaBinLogin's picture

here's something that I found we were doing wrong: the salt.

in the setup.php file there's a line like this:

bad:    $drupal_hash_salt = '';

It should look more like this:

good:    $drupal_hash_salt = 'ZgOOBzRoXje_0VPySBIeIcm1aTSgTSgfoQOh3ruuJLo';

This is tossed into the hashing process for passwords.

- if you change it, ALL passwords are made wrong (even the uber-admin?)

- if it's blank, it hashes your DB settings.  So every time you change the db settings (like moving to a new machine or just a new db or mysql username) all the passwords are made wrong.

- a reasonable value you can make by throwing your fingers against the keyboard or concatenating a few md5 or sha1 hashes or the RNG of your choice.  20 or more chars.  If nobody else in the universe uses the same string, that's good enough.

so ahm we're lucky we have less than a dozen users, but you will be resetting everybody's password in one swoop when/if you fix this.




Add new comment