OwnCloud Password Change

Need to change the admin password of your owncloud install in the MySQL? It is actually quite easy.  Here are the steps I took to get it working:

  1. Log into the server hosting your owncloud installation
  2. Navigate to the sites directory (ie: /var/www/owncloud)
  3. Navigate to the ‘phppass’ 3rd party app (ie: /3rdparty/phpass)
  4. edit the test.php file and replace the following:
    • edit $t_hasher = new PasswordHash(8, FALSE); to –
       $t_hasher = new PasswordHash(8, CRYPT_BLOWFISH!=1);
    • edit $correct = ‘test12345’; to –
       $correct = 'yournewpass'.'yourconfigpasswordsalt';
  5. Run ‘php test.php’
  6. Copy the first line that has ‘Hash: $2a…’
  7. Log into your database (MySQL is the example)
    • mysql -u root -p
    • use owncloud;
    • select * from oc_user;
      • Note the password value, copy it just in case
    • update oc_user set password= ‘generatedhash’ where uid = ‘youruser’;

You should be good to go!

If you are having difficulty finding your ‘yourconfigpasswordsalt’, look in your config file from OwnCloud. In every OwnCloud setup you have a Password Salt configured in your config/config.php file, and that is what you need to use to get an accurate encryption value for your newly generated password.



Feel free to Share!Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

9 comments

  • jfd

    Thanks a lot! Its’s very usefull!

    I try to write a script to log to owncloud by an html form send to new customers when my boss create a new user (by executing this script).

    I’m totaly new to php and mysql things. So I try to learn what i need. So far i managed to create new user by cli “INSERT INTO “oc_user…” and create customers directory but didn’t understand how to set a password outside of using the software.

    According to your tuto, I isolated PasswordHash.php and test.php in an other directory and did everything like you just whith those two files and the actual passwordsalt.
    Do you think I can receive variables such as “yournewpass” from the customers form and replay test.php so i could update the oc_user database with the new hash?
    And is the paswordsalt always the same for my config?

    Thanks a lot again and excuse the vacabulary please since I’m french.

    • Jason Cameron

      Jeff,

      And is the paswordsalt always the same for my config?

      From my experience, Yes. Generally the password salt is used to encrypt and decrypt passwords.

      Do you think I can receive variables such as “yournewpass” from the customers form and replay test.php so i could update the oc_user database with the new hash?

      Honestly, I would auto generate their password on the system side and send it to their email. This is much more secure, you don’t have to worry about form values or HTTPS to transfer encrypted passwords, and is much more align with a lot of the standards I am starting to see with generating usernames. Letting them pass in a password is great, but I think its a lot more clean to send them an email to confirm they are going to use it in the first place!

      Thanks for Reading,
      Jason Cameron

  • jfd

    Thanks for your advices!

  • heliotrop

    Saved my life. Thanks a lot.
    The only thing I did not expect was, that at login there was this message: ‘your password for encryption has changed’
    Well, was no problem to do it.
    For newbies: be careful with the apostroph (‘) signs: If you look for:
    $correct = ‘yournewpass’.’yourconfigpasswordsalt’;
    it should rather be
    $correct = ‘yournewpass’.’yourconfigpasswordsalt’;

  • heliotrop

    OOps,
    This system changes the apostrophes. I try again:
    $correct = 'yournewpass'.'yourconfigpasswordsalt';

    • Jason Cameron

      Thank you for pointing that out, I missed it! Apparently the Content Management System was trying to format it in a particular way, so i changed the HTML around it to pre-formatted. Thank you again for that find!

  • fqv51183

    Thank you!
    The procedure described works in Owncloud 7.

    There’s one catch:
    If you reinstalled Owncloud from scratch (for example when an upgrade from an old version failed, as in my case) and you try to use an existing database, the system will complain during setup that the user does exist. So then it’s still necessary to create a new admin user.

    • Jason Cameron

      Very good point. I will just have to make a third party module and release it on GitHub to make this all super easy, i just need the time!

Leave a Reply

Your email address will not be published. Required fields are marked *

Humanity Check * Time limit is exhausted. Please reload the CAPTCHA.