Magento: Set user’s password through database

05.Nov.2013

Magento uses md5 hashed values stored in the database as user’s password. This means that you can not retrieve the real password value no matter what and how important it is. And that’s actually really good since it protects user’s privacy and is more ethic way of storing personal data. And anyway, you can always reset user’s password if there comes need to it.

I’m going to talk about how to set password programmatically, since sometimes you need to do it for a lot of users and going through admin and doing it one by one can be painful and everlasting. And we don’t want that (:

Passwords in Magento are formed in the following way:

– select desired passphrase (line 2)
– select desired salt value. Salt value can basically be any two characters, you can set them manually or let system do it for you randomly (line 3)
– form a string containing salt+passphare (line 4)
– make md5 of that string (line 4)
– add “:” + salt to it (line 4)
– store it to databse. User passwords are stored in the customer_entity_varchar table. For it you need a customer ID (line 6)
– call your missus and tell her to congratulate you on a job well done (:

1
2
3
4
5
6
   $write = Mage::getSingleton('core/resource')->getConnection('core_write');
   $passphrase = "topsecretpassword";
   $salt = "SC";
   $password = md5($salt . $passphrase) . ":SC";
 
   $write->query("update customer_entity_varchar set value='$password' where entity_id=$customer_id and attribute_id in (select attribute_id from eav_attribute where attribute_code='password_hash' and entity_type=1)");