If you’ve forgotten your xibo_admin account password and don’t have any way to recover access to your Xibo system, you can reset the xibo_admin account password as follows:
- Connect to the Xibo database and run the following SQL. You could do that from the mysql command line application, or via a web interface such as PHPMyAdmin:
UPDATE `user` set `UserPassword` = MD5(‘password’), CSPRNG = 0 WHERE `UserID` = 1 LIMIT 1;
- Your xibo_admin password will then be “password”. Please ensure you then change it as soon as you can afterwards.
If you’re using PHPMyAdmin, there’s a helpful guide here showing you the steps to take to run the above SQL command here:
Thanks to @eduardo for writing those up!
MD5 Hashed Password Security
For those concerned to see the MD5 function being used there as part of the password reset routine, Xibo no longer actively uses MD5 hashes to store user passwords. It uses PBKDF2 derived salted and hashes since the 1.6 series. Passwords stored in the older MD5 hash format will be automatically upgraded to salted and hashed storage when the user next logs on. So in our example above, we set a legacy MD5-based password for the xibo_admin user, and then when we log on the password will be converted to the newer storage format automatically.
Since Xibo 1.8.0-beta, Xibo uses the newer PHP
password_hash() function to generate secure hashes for password storage, which uses the PHP default algorithm. At the time of writing, the default is
bcrypt. As time passes, and PHP update that default, passwords will be upgraded automatically as users log in to more secure formats.