How to reset host account password > DNN Knowledge Base, DNN Tutorials, DNN Free Tutorials, DNN Hosting

How to reset host account password

host posted on 2007-18-01

1. Creating a new user which you know the password;

2. Going into the SQL database into the asp membership table;

3. Locating both rows of data you need - the host entry and the "new user" entry;

4. Copy the password and the password salt of the "new user" to the host entry.

Posted in: DNN "How to..."

Actions: E-mail | Permalink | Comments (17)

| Kick it! | DZone it! | del.icio.us

Comments

		Try this SQL Script: /* -- Database Utility --------------------------------------------------------------------------- Description : Reset a Password in a DotNetNuke database Author : Tony Tullemans Date Created : 18.04.2007 Note/s : Before you run this script you must know the UserName and Password of another registered DNN user in the database you wish to affect. ----------------------------------------------------------------------------------------------- / DECLARE @databaseName VARCHAR(128) SELECT @databaseName = DB_NAME() PRINT 'RESET PASSWORD IN DATABASE : ' + @databaseName PRINT '-----------------------------' + REPLICATE('-', DATALENGTH(@databaseName )); DECLARE @knownUserName NVARCHAR(128) DECLARE @lostUserName NVARCHAR(128) DECLARE @lostUserId NVARCHAR(128) DECLARE @knownPassword NVARCHAR(128) DECLARE @knownSalt NVARCHAR(128) SET @knownUserName = 'Tonic' SET @lostUserName = 'host' SELECT @knownPassword = Password, @knownSalt = PasswordSalt FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId where UserName = @knownUserName; PRINT '' PRINT 'Known Password for "' + @knownUserName + '" is : ' + @knownPassword PRINT 'Known Password Salt for "' + @knownUserName + '" is : ' + @knownSalt SELECT @lostUserId = aspnet_Membership.UserId FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId WHERE UserName = @lostUserName; PRINT '' PRINT 'UserID for "' + @lostUserName + '" is : ' + @lostUserId PRINT '' IF (DATALENGTH(@lostUserName) <= 0 OR @lostUserName IS NULL) PRINT 'Invalid Lost User Name ' + @lostUserName ELSE BEGIN IF (DATALENGTH(@knownUserName) <= 0 OR @knownUserName IS NULL) PRINT 'Invalid Lost User Name ' + @lostUserName ELSE BEGIN IF (DATALENGTH(@knownPassword) <= 0 OR @knownPassword IS NULL) PRINT 'Invalid Known Password ' + @knownPassword ELSE BEGIN IF (DATALENGTH(@knownSalt) <= 0 OR @knownSalt IS NULL) PRINT 'Invalid Known Salt ' + @knownSalt ELSE BEGIN PRINT '' PRINT 'BEFORE' SELECT left(UserName, 12) as UserName, aspnet_Membership.UserId, left(Email, 20) as Email, Password, PasswordSalt FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId WHERE UserName IN ( @knownUserName, @lostUserName ); PRINT '' PRINT 'Changing Password for User Id : "' + @lostUserId + '" to "' + @knownPassword + '"' PRINT '' UPDATE aspnet_Membership SET Password = @knownPassword, PasswordSalt = @knownSalt -- SELECT UserId, Password, PasswordSalt -- FROM aspnet_Membership WHERE UserId = @lostUserId; PRINT '' PRINT 'AFTER' SELECT left(UserName, 12) as UserName, aspnet_Membership.UserId, left(Email, 20) as Email, Password, PasswordSalt FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId WHERE UserName IN ( @knownUserName, @lostUserName ); END END END END GO PRINT '' PRINT ' * * END OF SCRIPT * * *' PRINT '' GO
@ Tuesday, April 17, 2007 8:52 PM by Tony

		The SQL script worked just as advertised. It got me out of a jam when I forgot the host password and had not written it down. Thanks so much.
@ Friday, May 04, 2007 6:23 AM by Charles

		Fantastic Article - most useful
@ Tuesday, September 18, 2007 9:33 PM by Palani

		VERY VVERY VERY GOOOOOOOOODDDDDD!!!!!!!!!!!! Gracias! Mercy! Thanks! Fernando Sosa from Argentina
@ Thursday, October 11, 2007 11:10 AM by fernando

		You are the man! this saved my @55! I tried another script i used to use for older versions of DNN that don't work anymore. But this one works great! thanks!!!
@ Thursday, January 03, 2008 1:16 PM by Carlos

		So simple and yet so effective! Thank you!
@ Saturday, January 12, 2008 8:14 AM by Jeff

		tHanke u very Much u r very coool
@ Sunday, March 09, 2008 6:07 AM by asd

		put this in default.aspx of your portal <% dim userName = "host" dim user = DotNetNuke.Entities.Users.UserController.GetUserByName(0, userName) dim memberProvider As DotNetNuke.Security.Membership.MembershipProvider = DotNetNuke.Security.Membership.MembershipProvider.Instance() dim pass as string= memberProvider.GetPassword(user, user.UserName) Response.Write(pass) %>
@ Saturday, April 12, 2008 10:32 PM by Faramarz.Zabihian

		thank you very much......
@ Sunday, November 30, 2008 7:01 PM by Mulyono

		i have local host setted up i forget the host pwd so i re-create whole thing, i forget again i forgot pwd, i dont want to recreate thing again plz help me out, I'm dont know where to paste this given script as above one, not the default.aspx one it stop function of dnn "An error has occurred." plz suggest
@ Monday, December 22, 2008 3:59 AM by vinod

		Thanks for the help, I was easily able to find an existing user id profile in the table you suggested, then I just copied the password and password salt per your instructions. Now we're flying again. Thank you for this post.
@ Saturday, April 18, 2009 7:03 AM by JB

		There are a couple of ways that you can execute this script. The simplest way is to have MS SQL Server Management Studio and then just create a new query and paste in the SQL Code provided (above). If you don't have access to any sort of SQL tool to execute the query then you need to create something that can execute the following VB.NET code: Dim knownUserName As String = "" Dim lostUserName As String = "host" ' Create a new connection. Dim conn As New SqlClient.SqlConnection("") ' Create the query. Dim query As String = String.Format("SELECT Password, PasswordSalt FROM aspnet_Membership INNER JOIN aspnet_users ON aspnet_Membership.UserId = aspnet_users.UserId WHERE UserName = '{0}'", knownUserName) ' Create a data adapter. Dim adapter As New SqlClient.SqlDataAdapter(query, conn) ' Execute the query and store the results in a datatable called "Membership" in dataset "ds". Dim ds As New DataSet() adapter.Fill(ds, "Membership") Dim pw As String = ds.Tables("Membership").Rows(0)(0) Dim salt As String = ds.Tables("Membership").Rows(0)(1) Dim cmd As String = String.Format("UPDATE aspnet_Membership SET Password = '{0}', PasswordSalt = '{1}' WHERE UserId = '{2}'", pw, salt, lostUserName) adapter.UpdateCommand = New SqlCommand(cmd) adapter.UpdateCommand.ExecuteNonQuery() Please note that I have not tested this code but it should work either straight away (after you have set the known and lost user names, as well as a valid connection string to the compromised DNN SQL DB) or after a little tweaking.
@ Sunday, May 24, 2009 4:47 PM by Tony

		Nice script! Lost multiple account pwd. This saved my day. THANKS!!
@ Sunday, July 05, 2009 6:24 AM by Jesper

		Very nice , ver usefull
@ Friday, February 26, 2010 5:22 AM by EC_user

		I am a little dense... where do I input my know data? I assume the known username replaces Tonic here: SET @knownUserName = 'Tonic' but I am unsure as to where to put my known password. Tony
@ Sunday, April 04, 2010 2:56 PM by Tony

		Kindly disregard, I figured it out and proved that I am a more than just a "little" dense! At least I got to put in writing! :)
@ Sunday, April 04, 2010 3:00 PM by Tony

		Thank you very much!
@ Wednesday, July 14, 2010 10:53 PM by Nguyen Duc Viet