Dive in the code of password validation
Open app/code/core/Mage/Admin/Model/Session.php and find the function called 'login'. And the code below should be found in the function.$user->login($username, $password);
Open app/code/core/Mage/Admin/Model/User.php and find the login function. The following code will be spotted.
if ($this->authenticate($username, $password)) {
Follow the 'authenticate' method and you will find the code
Mage::helper('core')->validateHash($password, $this->getPassword()
Open app/code/core/Mage/Core/Helper/Data.php and move to 'validateHash' method. There is only one sentence of code:
$this->getEncryptor()->validateHash($password, $hash);
Open app/code/core/Mage/Core/Model/Encryption.php which is literally the password validation method.
$hashArr should be an array comprised of two elements. The first element is the hashed password and the last element is the random hash key, and the hash method follows the equation below:
Hashed Password = md5(Actual Password + Hash Key)
The password value in the database is a string which consist of Hashed Password as the first part and Hash Key as the second part and these two parts are delimited by a colon symbol(:)
Update the password by sql query
select password from admin_user where user_id=1; #user_id 1 should be replaced by the user_id whose password needs to be updatedA result, which is similar as ceccc111cf1c3600a7ad5d464934ea24:HH6gy344GGuoZzDm3U6dKSoXPcpuqIsQ, will be found.
If you want to use 123 as your password, execute the following sql query in the database:
select md5('ceccc111cf1c3600a7ad5d464934ea24123');# the result is 6711eaa5577250a42aefdb9c04ad90ed
Use the sql query below to update the password:
update admin_user set password='6711eaa5577250a42aefdb9c04ad90ed:HH6gy344GGuoZzDm3U6dKSoXPcpuqIsQ' where user_id=1 limit 1;
Here we are and the new password can be used to log in the admin
