Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Allows Elgg site owners to change their account password in case the "Lost password" function fails (running on platform where e-mail doesn't work or lost access to the e-mail account)
// Allows changing password without e-mail.
// Place this script in the root of your Elgg install
$maxAge = 60;
if ((time() - filemtime(__FILE__)) > $maxAge) {
die("Touch this file for $maxAge seconds of use. You'll need a valid username and the value of the password"
." column in the users_entity table.");
} else {
require __DIR__ . '/engine/start.php';
$un = get_input('un', '', false);
if ($un) {
$user = get_user_by_username($un);
if ($user && (get_input('pwd', '', false) === $user->password)) {
$ia = elgg_set_ignore_access();
$user->password = generate_user_password($user, get_input('new_pwd', '', false));
system_message('Changed password for ' . htmlspecialchars($user->name, ENT_QUOTES, 'UTF-8'));
echo "<p>You have " . ($maxAge - (time() - filemtime(__FILE__))) . " seconds to complete this form.</p>";
echo "<form action='' method='post' autocomplete='off'>";
echo "Username: " . elgg_view('input/text', array('name' => 'un')) . '<br>';
echo "users_entity.password: " . elgg_view('input/password', array('name' => 'pwd')) . '<br>';
echo "New password: " . elgg_view('input/password', array('name' => 'new_pwd')) . '<br>';
echo elgg_view('input/submit', array('value' => 'Change password'));
echo "</form>";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.