I was working on a new Drupal 7 project. The client wanted his home page to be a single column with no sidebars. I put together the home page and, of course, in order to test it out in various browsers, I disabled the login block. It was the end of the day. I shut everything down went home, and the next morning, when I brought up the site, it looked great, except for one thing, I couldn't get into my admin panel. I couldn't login, there was no login panel. "Oh,no! Mr. Bill." I was dead in the water.
In reading through the various forums to find a solution, I found there were other problems logging into Drupal. I figured I'd collect the solutions, here, in one article for everyone's future reference.
Getting the Login Form Back
Drupal has a couple of built in tricks to help with this problem. First, if you type:
in your browser's URL window, the login form will come up. For example, the site I'm building is called "promises," I typed "localhost/promises/?q=user" and got my form back. Let's not get tricky here, I mean literally "user" not user/1, or your name, or your login name, just "user" or the form won't come up.
If you have clean URL's enabled, you can just type:
"http://www.promises.com/user" or "localhost/promises/user"
and that will bring up your login form.
If the above URL doesn't work, pay attention to what page you're taken to when you type the URL. If it's a new URL, try the new page URL. For example, if you typed: "http://promises.com/?q=user" and are taken to "http://www.promises.com" without the login form, try "http://www.promises.com/?q=user"
You may still need to include the index.php in your URL, like so, "localhost/promises/index.php?q=user" You can get rid of the need for the index.php in the URL, but that's for another article.
If you've done this a couple of times, without any luck, clear out your browser cache to make sure you're getting a new page.
Creating a Login Form in the Main Menu
Next trick, when your building your main menu, if you create a menu named "login" you'll find that Drupal will automatically populate that menu with the login form. So instead of typing the above URL, you can just click on the menu login, and you'll be able to login.
If you don't get a login screen, you may already be logged in, and looking at your profile or another page. When you login, if you have admin privileges, you should see the admin toolbar. Try going to "localhost/promises/?q=admin" and your admin options should come up.
Getting Past too Many Failed Login Attempts
Drupal 7 has a new "feature" to protect against brute force attacks that will block a user from logging into Drupal if they have more than five failed login attempts for six hours. Six hours, that's a lot. This is not in Drupal 6, and at the moment, it is not configurable in the administration panel. The error message reads: "Sorry, there have been more than 5 failed login attempts for this account. It is temporarily blocked. Try again later or request a new password."
If you request a new password, and don't have your email set up correctly, you will not get sent the new password. Now you don't know whether the password was reset or not, or you can still use the old password after six hours. What a mess! Hopefully, this will be more configurable with a module in the future, but what to do now.
Each login attempt that fails is recorded in the "flood" table in the database. To get rid of the blocked login error message and login to the account, open up phpMyAdmin and take a look in the "flood" table. Delete the rows with your failed login attempts, and your back in business.
Checking your Login Name
To check your username, bring up phpMyAdmin, open your Drupal database, and look at the "users" table in the "name" column, you'll find the username you should use to login.
While, I'm here, another trick you can use is when you initially set up your database, create a new username with administrator privileges. That way if you mess up and tell Drupal to change your password, and your not sure what password to use, you can go to the other username to get into the system.
Creating a New Password
Which brings us to the password problem. This is not so simple. Drupal 6 used MD5 encryption for its passwords, but Drupal 7 uses a deterministic hash, not an ecryption, based on SHA512. If you think you can reset your password with something like this:
"UPDATE users SET pass = md5('newpassword') WHERE uid = 1;"
DO NOT DO THIS IN DRUPAL 7, or you'll find your password will not work.
However, since Drupal 7 needs to hash passwords, there are several ways to reset your password in Drupal 7, assuming you have access to the server.
If you're the superuser, that is you are "uid=1", and the superuser name is "admin" using the Drush command line, type:
"drush upwd admin --password="theNewPassword"
Without Drush, from the command line, "cd" into the Drupal root directory, and if you're in windows type:
"php scripts/password-hash.sh 'theNewPassword' "
if you're on the server:
Drupal uses a script, at "scripts/password-hash.sh", to hash its passwords. The hash is unique for each server, keep this in mind when moving your database to a new server.
Take the output from the password-hash.sh command, and either use phpMyAdmin to enter it as the password for that user in the "users" table, or use MySQL to update the table. For example, if you're superuser, uid=1, named "admin", type:
"update users set name='admin', pass='...the hash output from above...' where uid=1;"
as an SQL query in your database. Now, you can use your new password to login to the site.
If a reader of this post has had other problems they've run into concerning logging into Drupal 7, post them in the comments, and we'll see if our readers can come up with a solution.