Applies to Mambo 4.7

In the vast majority of cases, a user password will be changed through the user management panel in the backend , or through the "forgot password" option.  There are times where a site owner may wish to change passwords for users directly in the database .

Until Mambo 4.6.3 and Mambo 4.7, it was simple enough to log in to MySQL and update the appropriate field, selecting MD5 as encryption.  However, in order to increase security Mambo has added a layer to the password handling, and it is not possible to simply use MD5 "as is".

1. Create an artificial 8 char salt (ex) 12345678. It doesn't really matter what you pick since it will update itself the next time you login. You just need something to get the format right.
2. Figure out what you want the password the be (ex) pass123
3. Figure out the username of the user (ex) admin for whom you want to change password.
   
4. Run an update statement against MySQL to manually update the password. The update statement I have created below will create the correct format for you. You just need to replace the salt in 2 places and your password in 1 place:

UPDATE mos_users
SET password = concat(concat(':',md5(concat('12345678',md5('pass123')))),':12345678')
WHERE username = 'admin'

If you are unfamilliar with working directly in the MySQL database, you may use tools such as phpMyAdmin, available on most webhosting accounts. 

If you are using phpMyAdmin, once you are logged in to your database, go to the user table, and select the "SQL" tab.  Copy/paste the snippet of code above, replacing the coloured text with the appropriate information, and click "Go".