Allows Elgg site owners to change their account password in case the "Lost password" function fails (running on platform where e-mail doesn't work or lost access to the e-mail account)

elgg-password-change.php

<?php
// Allows changing password without e-mail.
// Place this script in the root of your Elgg install

$maxAge = 60;

if ((time() - filemtime(__FILE__)) > $maxAge) {
	die("Touch this file for $maxAge seconds of use. You'll need a valid username and the value of the password"
	   ." column in the users_entity table.");
} else {
	require __DIR__ . '/engine/start.php';

	$un = get_input('un', '', false);
	if ($un) {
		$user = get_user_by_username($un);
		if ($user && (get_input('pwd', '', false) === $user->password)) {
			$ia = elgg_set_ignore_access();
			$user->password = generate_user_password($user, get_input('new_pwd', '', false));
			$user->save();
			elgg_set_ignore_access($ia);
			system_message('Changed password for ' . htmlspecialchars($user->name, ENT_QUOTES, 'UTF-8'));
			forward('login');
		}
	}

	echo "<p>You have " . ($maxAge - (time() - filemtime(__FILE__))) . " seconds to complete this form.</p>";
	echo "<form action='' method='post' autocomplete='off'>";
	echo "Username: " . elgg_view('input/text', array('name' => 'un')) . '<br>';
	echo "users_entity.password: " . elgg_view('input/password', array('name' => 'pwd')) . '<br>';
	echo "New password: " . elgg_view('input/password', array('name' => 'new_pwd')) . '<br>';
	echo elgg_view('input/submit', array('value' => 'Change password'));
	echo "</form>";
}