Unable to change ADMIN password


(ViSolve) #1

@Renay Dutkiewicz,

With reference to your post https://sourceforge.net/p/openemr/discussion/202505/thread/e83bbeb9/?limit=25#681c

I am currently locked out of OPENEMR
with the ADMIN user. I attempted the following to reset, however, i am
still unable to login to the OpenEMR.

Copied from the FAQ…
"What do I do if I am locked out of OpenEMR?
If you are locked out of OpenEMR, there are two possible options.

If the administrator can login, then the administrator can change the users password in OpenEMR at Administrators->Users.

If the administrator can not login, then it is more difficult. To do
this, need to modify the administrator’s entry in the users_secure mysql
table. Will need to set the ‘password’ and ‘salt’ for the selected
‘username’ on the mysql entry. Will need to set ‘password’ to
$2a$05$NX3JhLZcQv9vCsWVn2GDT.24dclmvOqmM61VG.QigyShrJm4ssQTq and set
‘salt’ to $2a$05$NX3JhLZcQv9vCsWVn2GDTM$ . The administrator will now be
able to login into OpenEMR with the password ‘pass’.(after doing this,
do recommend then changing the password in OpenEMR at
Administration->Users to something more secure)"


(ViSolve) #2

Hello Renay Dutkiewicz,

We assume, the hashed password and salt that you are using is from the older version of OpenEMR.
Try the following values to update users_secure table.

update users_secure set password = ‘$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu’ , salt = ‘$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$’ where id = ‘ADMIN USER ID’;

The administrator will now be able to login into OpenEMR with the password ‘pass’.
After successful login, you can change the password. Hope this will help you.
Please let us know if you have any other clarifications.

Thanks,
ViSolve


(Brady Miller) #3

thanks @visolveemr ,
Guessing the old combo was prior to a fix in the auth stuff we needed to do several years back. I’ll update the wiki FAQ.
-brady


(shambeel Rizvi) #4

I have tried all the suggestions still unabel to unlock


(shambeel Rizvi) #5

update users_secure set password = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu' , salt = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$’ where id = ‘ADMIN USER ID';

The administrator will now be able to login into OpenEMR with the password ‘pass’.
After successful login, you can change the password. Hope this will help you.
Please let us know if you have any other clarifications.

I have tried all the suggestions still unabel to unlock
Please Help


(Stephen Waite) #6

the below query allowed login as admin with pass from a mysql prompt if you replace ADMIN USER ID with the id which is probably 1

or you could use

where username = 'admin';

if that was the username

mysql>

update users_secure set password = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu' , salt = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$' where id = 'ADMIN USER ID';

Query OK, 2 rows affected (0.03 sec)
Rows matched: 2 Changed: 2 Warnings: 0


(ViSolve) #7

Hello @Sam99,
The query should work with no issue like how @stephenwaite as mentioned.
Please let us know if you receive any error message or warning while query execution. If yes, could you share a screen shot of the same.
If not, then as a next steps we may need to check the ACL tables.

Thanks,
ViSolve


(Jeremiah Ocasio) #9

Ive reset admin user pass via sql to ‘1a1dc91c907325c69271ddf0c944bc72’ and then flushed privileges and reloaded the whole server. Its still not allowing login with the “pass” as expected. Is there a chance the settings for force secure password being enabled is blocking me from access?


(ViSolve) #11

Hello @Jeremiah_Ocasio,

  1. If you are not able to login into mysql kindly refer this link to change or reset your password - https://www.howtoforge.com/setting-changing-resetting-mysql-root-passwords

  2. If you are not able to login into openemr and you are getting the following error “Invalid username or password”. Try the following steps,

i) Get the admin user id from users table using the following query.

 select id from users where username = 'ADMIN USER NAME';

ii) From that admin user id using the following query update the users_secure table.

update users_secure set password = ‘$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu’ , salt = ‘$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$’ where id = ‘ADMIN USER ID’;

The administrator will now be able to login into OpenEMR with the password ‘pass’. After successful login, you can change the password. Hope this will help you.

Please let us know if you have any other clarifications.

Thanks,
ViSolve


(Jeremiah Ocasio) #12

Hello Visolveemr,

I found that resetting the password was done but not valid as it did not meet the systems settings for password strength. After going in and updating password requirements to minimal I was able to reset it via SQL as I used to and then get into system and update from GUI.

Thanks for the reply to this one and hope this helps future issues for resetting when password strength is an issue.


(shambeel Rizvi) #13

Jeremiah_Ocasio9h
Hello Visolveemr,

I found that resetting the password was done but not valid as it did not meet the systems settings for password strength. After going in and updating password requirements to minimal I was able to reset it via SQL as I used to and then get into system and update from GUI.
Can you please Guide me step by step I am still having this problem
Thanks


(shambeel Rizvi) #14

Can you please Guide me step by step I am still having this problem
Thanks


(ViSolve) #15

@Jeremiah_Ocasio ,

Currently, OpenEMR doesn’t have password strength validation feature.The above suggestion was given to reset the user’s password through MySQL .

We will have password strength validation feature in upcoming OpenEMR versions.

ViSolve


(shambeel Rizvi) #16

Thanks for I mean in my SQL if you can share the screenshot where i will make this change
Thanks


(ViSolve) #17

@Sam99,

Steps to be followed :

1.Login to MySQL using your credentials
2.Select OpenEMR database to which you want reset user’s password

Get the admin user id from users table using the following query.
3.select id from users where username = ‘ADMIN USER NAME’;

From that admin user id using the following query update the users_secure table.
4.update users_secure set password =
‘$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu’ , salt =
‘$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$’ where id = ‘ADMIN USER ID’;

The administrator will now be able to login into OpenEMR with the
password ‘pass’.

Kindly refer the attached screen shot .

Thanks,
ViSolve


(shambeel Rizvi) #18

Hi visolveemr
Can i share my screen ?? with you on team view?


(shambeel Rizvi) #19

i am using My sql 3.2


(ViSolve) #20

@Sam99,

What is the error you are getting when you try to reset the password ?
Is it possible to share the screen shot of the error message ?

Thanks,
ViSolve