Introduction
After installing FA and creating several companies, it is likely that a user password for any of the companies may be forgotten. Typically, the master (default) company's admin password is forgotten when not used in along time and this will prevent the creation of new companies and / or installing / provisioning extensions, Charts of Accounts and languages..
FA Passwords: Where and How
- FA stores passwords as their MD5 hash in the #_users.password field (32 bit hexadecimal number)
- Easiest is to use a known password's MD5 hash
- An MD5 collision can be used to acquire an equivalent password.
Caveat: If an FA backup dump is available, then the MD5 information in it can be used to hack into your FA site using the MD5 Collision technique.
Procedure
- Replace the #_users.password field value with a known one like "5f4dcc3b5aa765d61d8327deb882cf99"
- Now use the string "password" to login.
- The #_users.user_id field has the username.
- If a wrong password was used to login several times it is possible that the user would have the [b]#_users.inactive[/b] field set to 1 which needs to be reset to 0 so that it can be used when the password has been set to a known one.
- Use appropriate table prefix (#_) as needed.
Reset Password in MySQL client
If we want to set the password as "MySecretPwd" in the FA db "db_name" having table prefix as "0_" for the user "admin", then we use the following MySQL statement:
UPDATE `db_name`.`0_users` SET `password`=MD5("MySecretPwd"), `inactive`=0 WHERE `user_id`='admin';