How to Change Customer Password in Magento

How to Change Customer Password in Magento

Andy Holland

In today’s era of online e-commerce, we’ve all got countless accounts across a wide range of retailers. Although many of us rotate between a secret choice of passwords, it can be difficult remembering all of your login details. An online retailer must be ready for this scenario, providing a solution to reset the password. This must be quick and stress-free – you won’t want any reason to lose the customer before they checkout.

For user’s passwords, Magento utilises md5 values which means that the original password cannot be retrieved. That’s regardless of the scenario or how important that password was; it’s actually impossible to send the user their original password. This is very clever and provides the ultimate protection for the consumer. Aside from this, it’s also good practice of ethics as no personal data is stored.

Aside from the common ‘Forget password’ request which can be resolved through Magento admin, there may be occasions where you need to manually change passwords across a huge database of customers. As with many functions in Magento, this can be done programmatically saving the hassle of having to do one user at a time in admin. All it requires is some simple code and the customer ID’s of those which need their password changing.

The code

Firstly, the following code is what should be inputted to change user’s passwords through a database:

Line 1: $write = Mage::getSingleton(‘core/resource’)->getConnection(‘core_write’);

Line 2: $passphrase = “secretpassword”;

Line 3: $salt = “LK”;

Line 4: $password = md5($salt . $passphrase) . “:LK”;

Line 5:

Line 6: $write->query(“update customer_entity_varchar set value=’$password’ where entity_id=$customer_id and attribute_id in (select attribute_id from eav_attribute where attribute_code=’password_hash’ and entity_type=1)”);


So here’s the method to this code:

As you can see, line 2 is where you choose the desired passphrase. For the sake of this example, we chose ‘secretpassword’. Line 3 is for your chosen salt value which can be any two characters – it doesn’t make a difference which two. Here you can set them manually or if you leave it blank, Magento will assign them at random.

Next you’ll need to create a string in line 4 which includes the salt and passphrase. Start the string with md5 followed by ‘:’ and the salt which you chose earlier which in our case was ‘LK’.

Finally, for line 6 you’ll need to store it to a database. All customer passwords are stored in the ‘customer_entity_varchar’ table. Therefore, line 6 includes the ‘update customer_entity_varchar’ command following by the parameters. This includes setting the value which is ‘$password’ followed by the ‘entity_id’ which defines the specific user(s) of those that need a password change. For this, you will need the Magento assigned customer ID number. Input all the desired customer ID numbers for the password change and apply the code.

Voila, the password should be instantaneously reset across the desired users. Now you’ll have a much faster solution for applying larger scale password changes.

Andy Holland

Author Andy Holland

More posts by Andy Holland