How to: Reset CS Cart Admin Password from MySQL Command Prompt

For whatever reason the password for my admin account stopped working. I am presently developing on this server and hadn’t yet configured email (might have helped with password reset). If anyone has a theory as to why my password suddenly stopped working, please let me know. It’s possible that I was hacked, and I will continue to investigate that, but other than the password not working I do not see any other signs of unauthorized access. My site is accessible to the public but google hasn’t indexed it yet and I don’t have any customers on it. A targeted attack is very unlikely. A random script attack is possible, but if so then I have concerns with the security of CS Cart? I am running the latest copy of Ubuntu (as of July 1 2023) with a fully updated LAMP install. CS Cart 4.16.2.

Posting this here for anyone that might happen to need this in the future.

Private server - Full admin - No GUI Tools

Note: Some of these commands are for validation and can be skipped if you are comfortable with MySQL.

Step 1: Reset MySQL Root Password (only if necessary)

Check MySQL Version
$ mysql --version

Stop MySQL
$ sudo systemctl stop mysql.service

Check MySQL Status
$ sudo systemctl status mysql.service

Confirm - Active: inactive (dead)

Skipping Networking and Grant Tables
$ sudo systemctl set-environment MYSQLD_OPTS=“–skip-networking --skip-grant-tables”

Start MySQL service
$ sudo systemctl start mysql.service

Check MySQL status
$ sudo systemctl status mysql.service

Confirm - Active: active (running)

Log in to MySQL
$ sudo mysql -u root

Flush Privileges
mysql> flush privileges;

Choose MySQL database
mysql> USE mysql

Change MySQL root password
mysql> ALTER USER ‘root’@‘localhost’ IDENTIFIED BY ‘new_password’;

Note: This is a plain text password. Do not hash this one.

Exit MySQL


Reverting Database to its normal settings
$ sudo systemctl unset-environment MYSQLD_OPTS
$ sudo systemctl revert mysql

Kill MySQL process
$ sudo killall -u mysql

Restart MySQL service
$ sudo systemctl restart mysql.service

Log in to MySQL
$ sudo mysql -u root -p

Step 2: Reset CS Cart Admin Password

Go here and generate a MD5 hash for your new password:

If you are not already logged into MySQL then login.
$ sudo mysql -u root -p

View your databases
mysql> show databases;

You should see the CS Cart DB that you created during CS Cart install.

Attach to this DB
mysql> use your-cscart-db

If you are interested… view the cs cart users schema (i think that’s what it’s called)
mysql> DESCRIBE cscart_users

This is not necessary, but will confirm that you are in the right place. You should see a table with the following headers “Field”, “Type”, “Null”, “Key”, “Default”, “Extra”.

View the users
mysql> SELECT * FROM cscart_users;

The output is wide and difficult to read in a terminal. I suggest copying the output from this command to a text editor (or something similar) that allows for an infinite width. You can then see your starting point.

You are looking for:

user_id = 1
password = afsdqk455iuetrhsaiusgfhw984qtru9udfgd
(that’s not my password, that’s just random banging on the keyboard)

** Update your password **
mysql> UPDATE cscart_users SET password=‘insert-your-md5-hashed-pw-here’, salt = ‘’ WHERE user_id=‘1’;

Note: the syntax above uses the ’ symbol. Where it appears as ‘’ this is ‘+’ with no space between. It is not a “quote”.

That’s it. All fixed. You can log in now.

Hopefully that helps one person sometime in the future.