You can use this query to reset a user's password. It is especially useful if you forget your admin password.
You need to replace new-password and 1 (the user_id). You don't have to change salt, but if you do then both instances need to be the same.
It's ugly and only uses SHA1, but it works. If you are paranoid about security then you should reset your password again in the Admin CP once you regain access. Resetting the password in the Admin CP will use SHA256 hashing with a proper salt.
You need to replace new-password and 1 (the user_id). You don't have to change salt, but if you do then both instances need to be the same.
Code:
UPDATE xf_user_authenticate
SET data = BINARY
CONCAT(
CONCAT(
CONCAT('a:3:{s:4:"hash";s:40:"', SHA1(CONCAT(SHA1('new-password'), SHA1('salt')))),
CONCAT('";s:4:"salt";s:40:"', SHA1('salt'))
),
'";s:8:"hashFunc";s:4:"sha1";}'
),
scheme_class = 'XenForo_Authentication_Core'
WHERE user_id = 1;
It's ugly and only uses SHA1, but it works. If you are paranoid about security then you should reset your password again in the Admin CP once you regain access. Resetting the password in the Admin CP will use SHA256 hashing with a proper salt.