It is not uncommon for a User account to become inaccessible because of a lost/forgotten password. In many cases, this can easily be resolved by having the user use the Forgot Password link on the login form. But in some cases you may need to manually reset the password directly in the database. You will need access to the database containing the MODX tables in order to this, either via PHPMyAdmin or another database client that allows you to edit or UPDATE database records.
In MODX 2.1+, users are created by default with the a hashing algorithm called PBKDF2. Databases like MySQL or SQL Server generally do not have functions for calculating these hashes, and as a result, in order to manually reset the password in the database, you will also need to change the hash_class specified for the user from hashing.modPBKDF2 to hashing.modMD5. Then you can use the native MD5() function to set the value of the password field appropriately. Here is an example MySQL UPDATE statement:
If you want to then have the user password automatically converted back to PBKDF2, you can install the pbkdf2Convert Plugin available from Package Management.
In MODX 2.0.x, you can simply reset the password field with a valid MD5 hash value directly in the database table. Here is an example MySQL UPDATE statement that can reset a user's password by username:
You can also reset the password (or manipulate any part of the MODX application) by using the API. Below is a sample script to update the password and email address of a given user. It also ensures this user is in the Administrator User Group.
You can put this script anywhere on your server so long as you update the path to the primary index.php file. You can execute the script by hitting it in a browser or via the command line.
Be extremely careful when using a script like this! If possible, do NOT put it inside your document root – instead put it outside of your document root and execute the script via the command line.