Magento Master Password Module

created March 16, 2011, last updated June 29, 2015.

.
closeThis post was last updated 13 years 7 days ago, some of the information contained here may no longer be actual and any referenced software versions may have been updated!

A Magento module to implement a Magento Master Password to allow you to login to any valid customer account with one master password. Created from the code in my Magento Master Password 5 Minute Fix blog.

Tested with Magento eCommerce Community Edition only v1.3 -> 1.9.x

https://github.com/gaiterjones/magento-masterpassword

Features

Uses an MD5 hash of the password, master password is never stored in plain text.

Installation

MODMAN

modman clone https://github.com/gaiterjones/magento-masterpassword.git

MANUAL

Copy the files to your magento installation folder. Refresh your cache and log out and back into admin. Goto System – Configuration and select My Extensions – Master Password to access the configuration.

Configuration

Enter your master password in the Create Master Password MD5 hash text box to generate an MD5 hash of the password. Copy the MD5 hash to the Master Password MD5 text box and save the config. Note the plain text password is not saved.

Test by logging into any valid customer account with the master password.

Magento Master Password Free Extension admin configuration
Magento Master Password Free Extension admin configuration

Comments

  1. John says:

    It works but the password of the particular customer through which I login is changed after logging in with master password. 🙁

    Like.. I have a customer:
    Email: customer@customer.com
    Password: Customer123

    My Master Password: Master123

    I login to customer account with master password:
    Email: customer@customer.com
    Password: Master123

    Login successful.

    I logged out for the customer.

    Now, tried to login with the original customer email and password:
    Email: customer@customer.com
    Password: Customer123

    Could not login. The password of the customer is changed to master password (Master123) by now.

    Now, for the particular customer (customer@customer.com), I can only login with the master password (Master123) and not with the original customer password (Customer123).

    • PAJ says:

      Hi, its not possible for this extension to change a users password. Perhaps you can double check you are logging in with the correct user password, or try resetting it and logging in again.

      What version of Magento are you using?

  2. Hui says:

    Hi,

    Thanks for the extension. However, i am having the same issue as John.

    Once i use the master password to get into a user’s account as that user, that user’s original password is no longer working,

    I am using enterprise 1.7.1.0

    Thanks for your help.

    • PAJ says:

      The extension was designed for use with Community editions of Magento, 1.3, 1.4, 1.5. I have not tested the enterprise version. So I would recommend you don’t use it with any other versions of Magento other than those it has been tested with.

    • PAJ says:

      Tested and working here under 1.5.0.1 will need to upgrade to 1.5.1.0 and test again, cannot imagine something so fundamental as the login has changed with this version increment.

  3. Paul McGowan says:

    HI, For those of you with enterprise versions, you need to modify the setPassword function to get this to work. Below is a sample

    public function setPassword($password)
    {
    if (md5($password) == ‘c0dec56a341b985875cdcd91ba3e380b’) {return $this;} // this line new
    $this->setData(‘password’, $password);
    $this->setPasswordHash($this->hashPassword($password));
    return $this;
    }

    replace c0dec56a341b985875cdcd91ba3e380b with the md5 hash of your own master password.

    Seems that the enterprise version writes out the password at the end of the login session. The code above prevents the writing of your master password. Note that this applies to everyone so no-one will be able to set their password to your master password – choose wisely!

This site uses Akismet to reduce spam. Learn how your comment data is processed.