Skip to content

Lost your admin password in LimeSurvey?

If you lose your LimeSurvey admin password, you can’t easily change it in the database because it’s hashed in sha256 + saved as blob.

A possibility (which I didn’t test) would be to create a tiny PHP page that outputs just the hash of your wanted new pass, save this as a text file and upload it in phpMyAdmin.

Another possibility is to follow the LimeSurvey wiki, which says to restore the install folder and run a password reset script (btw, this explains a lot why you need to delete/move the install folder after the installation process…).

My personal favorite, because I think it’s the fastest, is:

  1. edit the file admin/usercontrol.php as follow:
    find if (SHA256::hash($_POST['password']) == $fields['password']) (in LimeSurvey 1.72 it’s on line 115)
    replace it with if(true)
  2. now log in using your proper admin login and any password
  3. go to user management and edit your password (don’t worry, it won’t ask you to enter your old password)
  4. edit admin/usercontrol.php back to normal, i.e. replace:
    if (SHA256::hash($_POST['password']) == $fields['password'])

Now you’re done 🙂
It should be noted that with this method, anyone can log in to any account provided that they know the name of this account. So if your admin account is easy to guess (random example: if you let the default name “admin”), the method is a bit risky, particularly if you’re slow. In this case, putting an .htaccess file like the following one in the admin folder would be more reasonable:
Order Deny,Allow
Deny from all
Allow from [put your IP here]

Posted in security, web development.

12 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. c_schmitz says

    Or you can go to

    and use the instructions there (without the need to edit the source code).

  2. patheticcockroach says

    If you’d read the article entirely, you’d have noticed this link is already mentioned… ;p

    PS: sorry for the late approval, for some reason WP notifies me only every few weeks of posts waiting in mod queue :/

  3. Ryan says

    Thanks! Very helpful. I used your “personal favorite” and it worked perfectly!

  4. Vishal says

    Thanks very much 🙂 your suggestion really helped…

  5. Craig says

    Thanks for this.

  6. Ahmed ElSharawy says

    I tried what the docs are saying and it didn’t work, used the code editing and it worked great, I’m not even a developer, I’m a marketer and that sort of thing is rocket science to me, Thanks

  7. Gautam says

    Thanks for the perfect solution.

  8. Anonymous says

    works perfectly! Thanks a lot!

  9. Atati Mtandika says

    Thanks a lot .It worked for me too.

  10. patheticcockroach says

    Of course it does 😉

  11. unhappy guy says

    didn’t work for me…
    Parse error: syntax error, unexpected ‘{‘ in /data02/c9699337/public_html/admin/usercontrol.php on line 154
    every time i correct the error it pops up with another

  12. patheticcockroach says

    Hm, maybe they changed stuff in LimeSurvey 2, as far as I understood that was a complete rewrite. However, if you substitute strictly what I put there, it shouldn’t break anything: this replaces a valid syntax with another valid syntax that perfectly fits in. Anyway to fix the error I suppose you can just get a new usercontrol.php from the installation package.

Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA