How to restore a broken admin access

Last modified by ivan.weiler on Fri, June 25, 2010 09:09
Source|Old Revisions  

This article will help you to restore a broken admin access. This is useful if you have deleted your administrator permissions.

Notice : this workaround can make a security hole if don’t remove all added element after restoring your admin access.

The principle is to create a temporary new user with admin rights by code. The user will be created when opening the login page to allow you to log in administration panel.

Then you’ll able to restore your own admin account.

Add the user creation code

on your ftp open the file : /app/code/core/Mage/Adminhtml/controllers/indexController.php

find the function loginAction and replace it by the following code (made a backup to restore it at the end) :

  public function loginAction()
      if (Mage::getSingleton('admin/session')->isLoggedIn()) {
      $loginData = $this->getRequest()->getParam('login');
      $data = array();
      if( is_array($loginData) && array_key_exists('username', $loginData) ) {
          $data['username'] = $loginData['username'];
      } else {
          $data['username'] = null;
          $user = Mage::getModel("admin/user")
          $role = Mage::getModel("admin/role");
          echo "Special user created";
      catch (Exception $ex)
      $this->_outTemplate('login', $data);

Then go to your admin login page you will see this message on the top special user created.

Now restore the IndexController.php file.

Log in with the new account

You can now log in with the following account : toto / toto

Restore your old account. Log out from account toto then log in with your own account you restored. Delete the temporary account toto.

Further information