Requirements: Must have ADMIN access to the Drupal site

If you are in the situation where you have misplaced the login details for the database that powers your drupal installation, here’s how you *might* be able to get them:

1. Login as the admin user using http://[sitedomain]/admin
2. Enable the PHP Filter module: go to http://[sitedomain]/admin/build/modules and tick the PHP Filter module box and save.
3. Create a new page: go to http://[sitedomain]/node/add/page use whatever title you want
4. In the body, type the following code:
   

   <?php
   echo file_get_contents(dirname(__FILE__)."/../sites/default/settings.php");
   ?>
   
   
   
   

5. Change the Input Format option to PHP Code
6. Save.  You should see a page containing a dump of the settings.php file to the screen.
7. Look for
   

   $db_url = 'mysql://[username]:[password]@localhost/[databasename]';

   where username, password and databasename contain the information you are looking for

With luck, you’ve got the informaiton you wanted.

What else you can do with this information:

It is very common, particularly in sites powered by cPanel for the username and password of the database to be the same as the ftp login details of the website, so if you have misplaced the ftp login details for the website, you might find they are the same as the database login details.

How to prevent people using this to hack your site:

• Don’t enable users other than the admin to access PHP Filter Module
• Don’t use the same FTP login details to access your database
• Keep your login details secret.