Need help resetting InvoicePlane password as a non-technical user

Hello, I am a new user of InvoicePlane and I don’t have a lot of technical expertise, but I was able to successfully install it on my server after a few weeks of figuring it out.

During the initial InvoicePlane setup, I was able to configure the login email and password, and I was able to log in without any issues. However, the other day when I tried to log in again, it failed. I suspect I may have typed the wrong password.

The most concerning part is that I’ve now forgotten my password. InvoicePlane does have a “I forgot my password” option that is supposed to send a password reset email, but this isn’t working for me because I haven’t set up the email settings in InvoicePlane yet.

I’m not very familiar with programs like this or the underlying technical aspects. Is there a file I can delete in the server folder to reset my password? Or will I have to completely reinstall InvoicePlane from the beginning? If I do need to reinstall, should I change any of the settings in the MySQL database that I had set up previously?

I know my questions may seem a bit basic, but any guidance or hints you can provide would be greatly appreciated. Thank you very much for your help!

Hi there, Welcome

You don’t need to reinstall. There are a few steps and i would use something like phpMyAdmin to help you with that.
The steps are:

• Open phpMyAdmin
• Go to the users table
• Find the user that you created
• Click on the edit link, to edit the user
• Scroll to the user_password field
• The contents of user_password just delete that
• to the left of the empty field, you’ll see a select option, select the most bottom selection, password
• In your empty field type your new password

Save and let’s see if that helped

Thank you so much for the detailed instructions! Really appreciate you taking the time to walk me through this.

I just logged into phpMyAdmin and found the ip_users table. I have only one user account, and there are a few relevant columns:

user_password: This is a type “varchar(60)” field that contains a long string of characters.
user_password_token: This is a type “varchar(100)” field, also contains a long string of characters.

Could you please clarify which password field I should delete the contents of? Should I delete the contents of the user_password field?

Also, you mentioned to select the “most bottom selection”, I found that it is
“password_hash() PHP function”. Should I select that option before entering my new password?

Thank you again for your help - it’s greatly appreciated!

Yes, that’s the field

Yes, exactly that.

Hello, I went ahead and deleted the password in the user_password field, and then selected the “most bottom selection” (which I believe is the password_hash() function) from the options on the left. I then entered my new password in the field and saved the changes.

However, even after doing this, I’m still unable to log in. Is there anything else I should be doing?

Should I also be deleting the contents of the user_password_token field? Just want to make sure I’m resetting everything properly so I can regain access to my InvoicePlane account.

Thanks again!

Hi!

Sorry to ressurect this post, but I am having the same problem.
I could swear I’m typing in the correct password but not being able to login.
E-mail recovery is not working.

I tried the steps above ie accessing the DB and inputing a new password in plain text with the PASSWORD attribute which hashes it, but I still cannot login…

Any ideas or suggestions? TIA

• Open phpMyAdmin
• Go to the users table
• Find the user that you created
• Click on the edit link, to edit the user
• Scroll to the user_password field
• The contents of user_password just delete that
• to the left of the empty field, you’ll see a select option, select the most bottom selection, password
• In your empty field type your new password

Cheers, but that’s exactly what I’ve tried a few times now, no luck.
Is there a way that I can generate this hash outside of myPHPAdmin and then paste it? I’m wondering if that’s the issue because I have a whole lot of other options other than “PASSWORD” on that option list, wondering if it’s being generated correctly.

There’s no other way.
It’s purely hashing that password with that password function

Unless you find a way to go into the mysql command line itself, but i doubt that will help.

I had this happen to someone couple of years ago and i did reset the password for him with above steps:

• received his database,
• restored his database locally
• did the steps
• logged in
• backed up the database: here you go sir

I use painfully easy passwords to check if logging in works that way, but i do everything locally of course

Cheers.
I have confirmed I’m using the correct password as I took the hash that was originally stored and verified it against the password on an online generator. So at the minute everything is back as it was and I know I’m using the correct password, but it still won’t login. Baffles me! No idea what to do next…

I think it’s the salt.
There’s a column called user_psalt that salts the hash.

    public function db_array()
    {
        $db_array = parent::db_array();

        if (isset($db_array['user_password'])) {
            unset($db_array['user_passwordv']);

            $this->load->library('crypt');

            $user_psalt = $this->crypt->salt();

            $db_array['user_psalt']    = $user_psalt;
            $db_array['user_password'] = $this->crypt->generate_password($db_array['user_password'], $user_psalt);
        }

        return $db_array;
    }

    public function save_change_password($user_id, $password): void
    {
        $this->load->library('crypt');

        $user_psalt    = $this->crypt->salt();
        $user_password = $this->crypt->generate_password($password, $user_psalt);

        $db_array = [
            'user_psalt'    => $user_psalt,
            'user_password' => $user_password,
        ];

        $this->db->where('user_id', $user_id);
        $this->db->update('ip_users', $db_array);

        $this->session->set_flashdata('alert_success', trans('password_changed'));
    }

    public function generate_password($password, string $salt): string
    {
        return crypt($password, '$2a$10$' . $salt);
    }

Those are the functions used to create a user, ergo to save a password for the created user.

When i did that thing for that user years ago, i think the salt was the key back then.

The way you can generate your passwordks:

• install locally (Docker is your froend and if you’re on Windows, Laravel Herd is your friend)
• create user with your password that you checked is correct.

Then copy the contents of user_password and user_psalt from your local user to the site that you forgot the password of

Thanks. I was reading about this, not sure what functions are being used to verify, but from PHP 8.0 any specified salt is ignored and the generated salt is baked into the hash.

The thing is, I found the original password, and I have successfuly verified it against the hash that was stored originaly. So I restored the original hash and salt and I’m inputing the correct password, but it won’t login.
I checked a DB backup from about a month ago and nothing in the user data has changed.
So either the login error is being caused by someting else entirely, or maybe me editing the DB directly caused some problem with charsets/collation?

But I’ll try your suggestion, get another instance installed and copy over those fields.
Thanks again!

If you want, we can split off that problem in another forum post.
The trick at that point is to look at the “sessions” module.
And also then you’ll need your local install, so you can go ahead with that anyway

So, woke up this morning, opened the laptop and the login screen was still there. Tried again and it logged in! I didn’t change anything!
Does that point to the sessions module? Is there a login timeout if you input a wrong password, or multiple wrong tries?

Happy to split it into another thread if you think it helps others in the future. Problem is solved for now but I’d still like to know why or how it happened.

For the local install I tried Herd on Mac but DB is a premium feature. The docker image I tried from mhzawadi isn’t worling either, seems to be something wrong with it, I’ve reached out on github but no reply since yesterday. If need be I’ll setup something on a linux machine.

For the local install I tried Herd on Mac but DB is a premium feature.

Let’s clear the Laravel Herd database thing first:
Can you watch this video?

And now let’s tackle all your remarks:

Does that point to the sessions module? Is there a login timeout if you input a wrong password, or multiple wrong tries?

I’m not sure about that. There should have been something in the logs if there would have been a wrong tries tomeout.

Happy to split it into another thread if you think it helps others in the future. Problem is solved for now but I’d still like to know why or how it happened.

Glad it’s working again
Splitting didn’t work, i’ll try again once i’m on a desktop.

The docker image I tried from mhzawadi isn’t worling either, seems to be something wrong with it, I’ve reached out on github but no reply since yesterday.

I’ll take a look if i recognize the issue.

InvoicePlane has 2 Docker images itself.
The first one is in the .zip file (or in the github repository)

Just do docker-compose up -d and see what happens.

If need be I’ll setup something on a linux machine
The second one is this one: GitHub - InvoicePlane/InvoicePlane-Docker

It’s a way to run multiple projects at once through Docker (I use it daily)

You’ll have your “projects” directory and your “invoiceplane-docker” directory.

In the invoiceplane-docker directory you’ll have a “sites” directory with all your nginx config files.
When you start your Docker command (check the .sh files in your invoiceplane-docker directory)
The projects from the projects directory are a volume in the workspace container

Nginx will serve all your “sites” and in your config files you’ll tell where to find them.

If you would have InvoicePlane v1 and v2 locally, i would use that invoiceplane-docker project.

This is probably a good explanation:

I used this variation: Getting Started | Laradock

It’s an InvoicePlane issue, not an issue with mhzawadi’s image.
I’ve created a bug report on InvoicePlane’s bug tracker.

Open index.php
Find line 306.
Replace with:

$files = array_merge(
    glob(UPLOADS_TEMP_FOLDER . '*.pdf'),
    glob(UPLOADS_TEMP_FOLDER . '*.xml')
);

array_map('unlink', $files);

Issue on github: Code in index.php causes issue on Alpine Docker images · Issue #1304 · InvoicePlane/InvoicePlane · GitHub

Thank you for all the information!
I’ll try these things later today after I finish work!

A post was split to a new topic: Variables missing when generating PDFs