If you lose your LimeSurvey admin password, you can’t easily change it in the database because it’s hashed in sha256 + saved as blob.
A possibility (which I didn’t test) would be to create a tiny PHP page that outputs just the hash of your wanted new pass, save this as a text file and upload it in phpMyAdmin.
Another possibility is to follow the LimeSurvey wiki, which says to restore the install folder and run a password reset script (btw, this explains a lot why you need to delete/move the install folder after the installation process…).
My personal favorite, because I think it’s the fastest, is:
- edit the file admin/usercontrol.php as follow:
if (SHA256::hash($_POST['password']) == $fields['password'])(in LimeSurvey 1.72 it’s on line 115)
replace it with
- now log in using your proper admin login and any password
- go to user management and edit your password (don’t worry, it won’t ask you to enter your old password)
- edit admin/usercontrol.php back to normal, i.e. replace:
if (SHA256::hash($_POST['password']) == $fields['password'])
Now you’re done 🙂
It should be noted that with this method, anyone can log in to any account provided that they know the name of this account. So if your admin account is easy to guess (random example: if you let the default name “admin”), the method is a bit risky, particularly if you’re slow. In this case, putting an .htaccess file like the following one in the admin folder would be more reasonable:
Deny from all
Allow from [put your IP here]