Magento Master Password Archives - gj https://blog.gaiterjones.com/tag/magento-master-password/ gaiterjones Wed, 16 Mar 2011 13:19:20 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Magento Master Password 5 Minute Fix https://blog.gaiterjones.com/magento-master-password/ https://blog.gaiterjones.com/magento-master-password/#comments Mon, 14 Feb 2011 10:35:48 +0000 http://blog.gaiterjones.com/?p=93 Continue reading]]> It can be annoying when you want to troubleshoot a Magento eCommerce site customer login problem, and you must first reset the customers account password to login as the customer and troubleshoot the problem yourself.  It can also be useful to quickly login as the customer to examine their shopping cart or place an order on their behalf. To do this we need a so called “master password” to override the customer password in the Magento database and allow us to login to the Magento frontend as the customer.

This is a 5 minute quick fix! All we need is an MD5 hash and one or two  lines of code to configure an encrypted Magento store frontend master password to allow you to login to the frontend of your Magento eCommerce store with any registered users account.

FREE EXTENSION

A free extension to implement this solution is now available here.

DO IT YOURSELF

First we need a master password, I always recommend using a Strong Password Generator to generate a “good” hard to guess / remember password with at least 8 characters, for example lets use : Qbc55H8m
We don’t want this password to appear in plain text in our PHP code so lets make a one way MD5 hash of the password. Using the MD5 generator below I can create the MD5 hash by entering my strong password string – Qbc55H8m

Enter a string:
 


Calculated MD5 hash: 

Using the password “Qbc55H8m” I generated the following MD5 hash:

acb1bb6a30a54a54f4558f3d3984bda6

Create your MD5 hash now with your own password.

Now we are all set with our encrypted Magento universal master password, next we need to add two lines of code to the customer password authentication function within the core Magento code. We don’t want to edit the actual core files as these will be overwritten during an upgrade, so we will create a local copy of the file and make our modifications there.

In your /app/code/local folder create the following folder structure:

Mage/Customer/Model (note folder names are case sensitive.)

Now copy the Magento core php file customer.php from app/code/core/Mage/Customer/Model to app/code/local/Mage/Customer/Model

Open your app/code/local/Mage/Customer/Model local copy of customer.php in a text editor and around about line 300 (1.3.x) or 340 (1.4.x) you will see the function validatePassword($password) this is the function that validates the customer login password with the encrypted password in the Magento database. Add the following two lines of code to this function, remember to include the MD5 password you generated above :

if (md5($password) == 'YOUR GENERATED MD5 PASSWORD') {
return true;
}

So that your function now looks something like this

    public function validatePassword($password)
    {
        // Master Password Check - PAJ 14.02.2011
		if (md5($password) == 'YOUR GENERATED MD5 PASSWORD') {
                return true;
        }

        if (!($hash = $this->getPasswordHash())) {
            return false;
        }
        return Mage::helper('core')->validateHash($password, $hash);
    }

Save the file and refresh your Magento cache. Thats it, select a customer account and confirm that you can login with your master password. Remember to keep your master password safe!

Tested with Magento 1.3.3.0, 1.4.2.0, 1.5.0.0

Googled resources used to develop this solution :
http://www.webtoolkit.info/javascript-md5.html
http://strongpasswordgenerator.com/

]]> https://blog.gaiterjones.com/magento-master-password/feed/ 4