The best way to recover a lost password is using the Forgot Password option. The pre-requisite for using forgot password is, needs access to the admin email and the forum should be able to email you the lost password link. If emails aren’t being sent, move over to SMTP emails in XenForo which is more reliable and recommended option by XenForo.
If you have lost the access to admin email and have access to XenForo database, one can reset the password using phpMyAdmin. There are multiple ways of doing it and I will share a couple of them which aren’t too technical in nature.
Note: XenForo not only stores the password in an encrypted format but also serializes it in the database and stores it in binary format so you can’t just do an update in the database with the new password using a simple SQL.
Changing the Admin Email Way
If you have lost access to the email that is set as admin email in XenForo, you can change the email address for admin using the phpMyAdmin interface.
- In phpMyAdmin, locate the XenForo database.
- Search for user term among the tables.
- Locate the xf_user table.
- Browse the content of the xf_user table. You should be able to see the admins right there but if you have admin user that isn’t among the first few registered members, you can search the table and locate the admin user.
- Click on edit link for the user whose email you wish to change.
Change the email address to your choice of email and where you have access and click on the Go button at the bottom of the page. Now use the forgot password option for the new email address and reset the password.
Simulating the Forgot Password Action
The other way to reset a password is to simulate the lost password option and generate the lost password link that is emailed when we request to reset the password.
Use the forgot password option for the admin account even if you know you won’t get the email. Now let us simulate the link for the admin to reset its password.
Browse the table xf_user_confirmation and look for confirmation key for the admin user_id. In my localhost, the user_id used is 6 but the admin user_id is 1.
Create the link as follows:
Change the user_id and confirm code from the database. Visit the above link in private browser window and it will prompt you to set up a new password for the user.
If you are using SEO friendly links, the above link should still work and redirect but the final url will be of the form