How to manually reset MODx Administrator user password using API
Modx does provide a way to manually reset an administrator user password by using code that they have provided. You will need to copy the provided code into a file and then place it on your server which then allows you to add a user to the administrator user group. The following article explains how to use the code for resetting the password for a Modx admin user.
Note: The following article will be using the code editor or editor found in the Cpanel File Manager. Please see Using the Cpanel File Manager for more information.
Using the MODx API Code for Resetting Administrator User Passwords
You will need to obtain the script and manipulate it to include the user name, password and email address you want for your admin user. Once the script has the information that you will need to add the user, the next step will be to copy it on your server so that you can run it through your internet browser. The information below breaks these steps down:
Viewing the Modx API Code for Changing the Admin Password
The original code from Modx can be found here: Resetting a Password via the API. This is a copy of the code that they have provided:
<?php
define('MODX_API_MODE', true); // Gotta set this one constant.// Reset the password and email of an existing user// and ensure they are a member of the specified group$username= 'theusername';$password= 'newpassword';$email= '
This email address is being protected from spambots. You need JavaScript enabled to view it.
';$user_group= 1; // 1 for Administrator // Full path to the MODX index.php filerequire_once('/full/path/to/index.php');// ====== Don't change anything below this line ======if(empty($username) || empty($password) || empty($email)) { die('ERROR: Missing criteria.');}$modx= newmodX();$modx->initialize('mgr');$query= $modx->newQuery('modUser');$query->where( array('username'=>$username) );$user= $modx->getObjectGraph('modUser', '{ "Profile":{}, "UserGroupMembers":{} }', $query);// print_r($user); exit;if(!$user) { die("ERROR: No user with username $username");}$user->set('username',$username);$user->set('active',1);$user->set('password', $password);$user->Profile->set('email', $email);$user->Profile->set('blocked', 0);$user->Profile->set('blockeduntil', 0);$user->Profile->set('blockedafter', 0);// Verify the user is a member of specified User Group$is_member= false;if(!empty($user->UserGroupMembers)) { foreach($user->UserGroupMembers as$UserGroupMembers) { if($UserGroupMembers->get('user_group') == $user_group) { $is_member= true; break; } }}// Add the User to the User Group if he is not a memberif(!$is_member) { // Verify the user group exists $UserGroup= $modx->getObject('modUserGroup', $user_group); if(!$UserGroup) { die("ERROR: User Group $user_group does not exist."); } $Member= $modx->newObject('modUserGroupMember'); $Member->set('user_group', $user_group); $Member->set('member', $user->get('id')); // Super User = role 2 $Member->set('role', 2); $Member->set('rank', 0); $user->addOne($Member,'UserGroupMembers');}/* save user */if(!$user->save()) { die('ERROR: Could not save user.');}print"SUCCESS: User $username updated.";?>
Using Cpanel to Create API File and Edit the Code
- Open your Cpanel and then click on FILE MANAGER in the FILES section of the Cpanel.
- Select "Web Root (public_html/www)" and "show hidden files", then click on GO at the bottom of the screen in order to proceed to the File Manager's main screen.
- You will then see the location on the server for your files and folders. It will look similar to the following:
- In the top left-hand corner of the file manager, click on NEW FILE and you will see the following dialog appear:
Type in a name for the file. Write down the name that you use. Do not use a name that might cause security issues for you later (e.g. "usethisforpwchanges" or "adminpwchanger"). - Click on the file that you have created in Cpanel file manager. The example below shows a file named "apimod":
In the menu bar of the file manager, click on either EDITOR or CODE EDITOR. You will see an initial pop-up window that suggests that you backup the file before converting character sets. You can simply leave the character set on the default value (utf-8) and then click on the EDIT button at the bottom. Editor is simply a generic text file editor Using Code Editor will bring up the same pop-up window for encoding, but the Code Editor adds line numbers. The screenshot below uses the Code Editor. - Copy the API code listed above. If you're not familiar with copying, you can highlight the text with your mouse by left clicking and dragging it across the text in your browser. After you have highlighted the text, you can use the key combination of CTRL + C to copy, or right-click with your mouse and select COPY. This places the text in memory. Next, paste it into the Code Editor window by left-clicking in the Code Editor window so that you see a cursor blinking, then use CTRL + V to paste or right-click and select paste to place the text that you copied into the editor. It should look like this (note: screenshot shows only a partial part of the code):
- In the editor click on lines 6-8 and modify them with the correct information. Replace the text in between the quotes for the following lines:
$username = 'theusername'; 'theusername' should be replaced with user name you want to use (e.g. 'user1')
$password = 'newpassword'; 'newpassword' should be replaced with the password you want to use (e.g. 'secret123')
$email = ' This email address is being protected from spambots. You need JavaScript enabled to view it. '; ' This email address is being protected from spambots. You need JavaScript enabled to view it. ' should be replaced with the email address (e.g. ' This email address is being protected from spambots. You need JavaScript enabled to view it. ')
Then scroll down the Code Editor a little and find line 13 - in line 12 (in the screenshot above), it's described as "//Full path to the MODX index.php file"
Change the text in the quotes with the appropriate path. You can find this path by looking in your Cpanel File Manager.
Note that the path that will be used for the code will normally be in the PUBLIC_HTML folder. This is the default web root for Web Hosting Hub websites. The screenshot to the right shows the INDEX.PHP file that we are looking for. Its path will be indicated in the box in the top left as illustrated by the arrow.
if you installed MODX directly into the webroot, then the path would simply be /public_html/. However, if you installed to a folder (add-on domain or subdomain) beneath the primary domain, then the path will look more like this:
/public_html/add-ondomain/
It is important to note that capital letters do make a difference for the path. Use lower case letters UNLESS you see that the path is using upper case.
- When you have finished making the text changes to the API code in the Code Editor, click on SAVE CHANGES in the top right hand corner.
Final Step - Execute the File and then Secure It from Further Use
- Go to your browser and type in the path to the file that you just created. For example, if you placed the file in the public_html folder and named it "apimod", then the path would be something like http://domainURL.com/apimod. This will add the user name and password to the Administrator User group.
- When you have completed using it, delete the file, or place it outside of the document root so that it is not accessed accidentally. If you want to keep the file but be really be sure that it cannot be used change the permissions on the file to prevent further use. Click on the file in the file manager, then in the far right hand column labeled PERMS, change the permissions on the file to 000 and hit OK. This will prevent any type of access to the file until you change the perms back to 755.
You should be very careful when using this script as it an obvious way to bypass your security and gain access to the data of your site. Use of this file should be limited to Administrators of the MODX installation. It is recommended that the file used to add the administrator user would be best used and then removed from the server for purposes of keeping your site secure.
Did you find this article helpful?
Tweet
Category
Managing Modx
Help Center Login
Managing Modx
Related Questions
Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!