You should only use direct DB modification as a last resort, as its very easy to accidentally mess up your wiki.Īlways backup your database before doing any manual modification. However, it's generally far easier and safer to use "Email new password" or use the changePassword.php script. To reset a password you can change the value of the user_password field inside the user table in your database. The resetpassword API provides the same functionality as Special:PasswordReset. Special:PasswordReset can be disabled with Manual:$wgPasswordResetRoutes setting, if that's the case, and you cannot access Special:ChangePassword, then you need to ask your system administrator for help. So if you cannot access Special:ChangePassword, use Special:PasswordReset to first get a temporary password to log in.īut if you can access the former page, use it directly to change the password, this eliminates the need for the email stage. In password change request (via Special:ChangePassword), you'll be able to directly change the password on the spot (give the old one, and choose new one), but login is required to access the page. No login is required to access this page, but might be restricted with internal permission checks. In password reset request (via Special:PasswordReset or from the login page), you will be asked to provide either an email and/or username (this is configurable) and then an email is automatically sent to you with a generated password. MediaWiki differentiates between "resetting" and "changing" a password. An automatically generated password will be emailed to the userįor automatically inserting the username in links, use Special:PasswordReset?wpUsername=Foo.ĭifferences between Special:PasswordReset and Special:ChangePassword.Type username you want to reset in box provided and click "Reset password".Special:PasswordReset allows accounts with the 'editmyprivateinfo' permission to reset account passwords for the local installation of MediaWiki. It is better to use "Email new password" to force the user to reset the password for their own account or to set a temporary password the user changes directly afterwards. If one of their accounts that uses the same password is compromised, then suspicion can be thrown on the administrator. System administrators should not know the unencrypted password for user accounts.Ī user may use the same password over many different sites. Php changePassword.php -user =example -password =newpassword # set the password for username 'example' to 'newpassword' If you know the email address for a user, but not their username, query the user table of the MediaWiki database to find the associated username.įor example, to find the username for run the following query: This will happen even if the email address has not been confirmed.įinding the username for a given email address To use the feature, visit the Special:UserLogin page for the relevant wiki, fill in the Username field of the form and press the ”Email new password" button.Ī temporary password, along with instructions on how to reset the account's password, will be sent to the email address associated with the username. If you know the username for an account, you can use the "Email new password" feature on the Special:UserLogin page. In situations in which the user forgets their account name or losing access to their email, additional measures may need to be taken by an administrator or system administrator. Typically, people either forget their password or experience some kind of security breach that may have disclosed their password.įor most situations, they can reset their own password using "Email new password". There are any number of situations where a user may need to reset their password.
0 Comments
Leave a Reply. |