Magento Add Admin User through programming code

Posted by Damodar Bashyal on April 25, 2012

 

We got a new magento project which was developed by another web development company and it wasn't finished. Client didn't have admin details but he had FTP details. He didn't know about control panel url, so couldn't access phpMyadmin. Instead of going back and forth with client about details, I wrote this code, so I could create admin user myself and access the admin.

I think it will be a good idea to create new admin user for every single admin user including developers, so if one developer quits we can just delete the user and don't need to worry about changing passwords again and again.

It can be further optimized and add some security rules as well, but for now I am going to just use this script to create user than add die() on top so, it can't be misused or i can delete the file itself, or comment out whole thing.

<?php
/*
 * Package: Magento E-Commerce
 * Purpose: Adding new Magento Admin User using form.
 * File URL: http://www.technooze.com/create_new_admin_user.php
 * Author: Damodar Bashyal
 */
include_once 'app/Mage.php';
umask(0);
Mage::app("default");
 
error_reporting(E_ALL);
$msg = '';
 
if(isset($_POST['username']) && !empty($_POST['username'])){
    $firstname = $_POST['fname'];
    $lastname = $_POST['lname'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    $salt = 'TN';
    $hash = md5($salt.$password).':'.$salt;
 
    $resource = Mage::getSingleton('core/resource');
    $read = $resource->getConnection('core_read');
 
    try{
        /*
         * Table:: admin_user
         * Fields: user_id, firstname, lastname, email, username, password, 
         *         created, modified, logdate, lognum, reload_acl_flag, 
         *         is_active, extra, failures_num, first_failure, lock_expires
         */
        $sql = "select extra from admin_user where extra is not NULL limit 1";
        $result = $read->query($sql);
        $result = $result->fetch();
        $extra = '';
        if(isset($result['extra'])){
            $extra = $result['extra'];
        }
 
        $sql = "insert into admin_user values('','{$firstname}','{$lastname}','{$email}','{$username}','{$hash}',now(),NULL,NULL,0,0,1,'{$extra}',0,NULL,NULL)";
        $result = $read->exec($sql);
 
 
        /*
         * Table:: admin_role
         * Fields: role_id,parent_id,tree_level,sort_order,role_type,user_id,
         *         role_name,gws_is_all,gws_websites,gws_store_groups
         */
        $sql = "select role_id from admin_role where role_name = 'Administrators' limit 1";
        $result = $read->query($sql);
        $result = $result->fetch();
        $parent_id = '';
        if(isset($result['role_id'])){
            $parent_id = $result['role_id'];
        }
 
        $sql = "insert into admin_role values ('','{$parent_id}',2,0,'U',(select user_id from admin_user where username = '$username'),'$username',1,'','')";
        $result = $read->exec($sql);
        $msg = '<h4 class="alert alert-success">Successfully added new admin user!</h4>';
    } catch (Exception $e) {
        $msg = '<h4 class="alert alert-error">'.$e->getMessage().'</h4>';
    }
}
 
$action = Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB) . 'create_new_admin_user.php';
?>
<html>
<head>
    <title>Create Admin User</title>
    <link type="text/css" href="https://raw.github.com/twitter/bootstrap/master/docs/assets/css/bootstrap.css" rel="stylesheet" media="all"/>
</head>
<body>
    <div class="container">
        <h1>Create New Admin User</h1>
        <?php echo $msg ?>
        <fieldset>
            <legend>User Details</legend>
            <form action="<?php echo $action ?>" method="post" name="admin_user">
                <label>Firstname:</label>
                <input name="fname" id="fname" type="text" value=""/><br />
 
                <label>Lastname:</label>
                <input name="lname" id="lname" type="text" value=""/><br />
 
                <label>Username:</label>
                <input name="username" id="username" type="text" value=""/><br />
 
                <label>Password:</label>
                <input name="password" id="password" type="password" value=""/><br />
 
                <input name="submit" id="submit" type="submit" />
            </form>
        </fieldset>
    </div>
</body>
</html>

That's all you need to create an admin user in magento through code/programming. If you want to add admin user through phpmyadmin or command line, you can get the idea from above and add easily. When running direct SQL statements, if you want you can just add any fake string as password and then use forgot password to generate new password for you.

So, What do you think? Let me know your thoughts. Please like, tweet and follow us on social networks.

michealrik posted on - Sunday 17th of June 2012 01:42:09 PM

Really Great!!!!Thanks for sharing such a valuable information in this blog and as a beginner this would really help me to update myself and explore more in Magento Keep updating new information as i would really love to visit your blog frequently and update myself...

isabellajordan posted on - Monday 11th of February 2013 07:40:42 PM

Thanks for sharing such a valuable information in this blog and as a beginner this would really help me to update myself
 
not published on website


QR Code: Magento Add Admin User through programming code