MyBB Documentation

Login Problems

Resolve issues with logging in to your forum.

Cookie Settings

Most of the time this is a problem with your cookie settings being incorrect or inadequate.

By default, MyBB suggests Cookie Domain to be blank, and Cookie Path to be /. Although this theoretically will work, in many cases it is inadequate.

You can use this tool to generate appropriate cookie settings, but here are some examples of what valid cookie settings look like:

Forum URL Cookie Domain Cookie Path Cookie Secure Flag / Yes /directory/ Yes / Yes /directory/ Yes / No

These cookie settings should work on all MyBB installations. If you have site-integration, your cookie settings may need to be more generalized.

  • Using the ACP

    The board’s cookie settings can be found in the Admin CP’s Configuration → Settings → Site Details.

  • Using the Cached Settings File

    When not able to log into the Admin CP, the cookie settings can be temporarily changed by modifying the inc/settings.php file.

    Locate the values cookiedomain, cookiepath, and cookiesecureflag that may look like this:

    $settings['cookiedomain'] = "";
    $settings['cookiepath'] = "/directory/";
    $settings['cookiesecureflag'] = "1";

    Apply the necessary changes (1 for Yes, or 0 for No), save the file on the server and try logging in.

    Once you are able to login into the Admin CP, re-apply the change in Settings to make it permanent.

After you change your cookie settings, you may have to advise your users to log out and clear cookies stored by their browser, so that the new cookies can take effect.

Password Change

It’s possible to change a user’s password by executing an SQL query — replace NEW_PASSWORD with desired password, and USER_ID with targeted user’s ID:

UPDATE mybb_users SET `password` = md5(CONCAT(md5('temp-salt'), md5('NEW_PASSWORD'))), salt = 'temp-salt' WHERE uid = USER_ID;

After this operation, you should change the password again using MyBB’s interface.

Admin CP PIN Change

The Secret PIN can be changed by editing the configuration file (inc/config.php):

$config['secret_pin'] = '1234';

Setting an value empty removes PIN verification.

Admin CP Lockout Reset

To allow more login attempts after an administrator account has been locked out, execute the following SQL query (change USER_ID to user ID of the account):

UPDATE mybb_adminoptions SET loginattempts = 0 WHERE uid = USER_ID;

Admin CP 2FA Bypass

To log into the Admin CP without using the Two-Factor Authentication code:

  1. Enter your Username and Password and proceed,
  2. Once you are prompted to enter an Authentication code, execute the following SQL query (change USER_ID to user ID of the account):
    UPDATE mybb_adminsessions SET authenticated = 1 WHERE uid = USER_ID;
  3. Go to your Admin CP’s URL again.

If you need to reset Two-Factor Authentication or disable it completely for your account, got to Home → Preferences.

Edit this page on GitHub