Christmas Sale: 20% off on all products. Coupon code: FMECS2024

How to Use Root Script to Log Into Magento 2 Admin Panel Without a Password?

How to Use Root Script to Log Into Magento 2 Admin Panel Without a Password?

Before we move towards the main discussion, do note that this is something which you should never do in a production environment. The reason is that unauthorised individuals can gain access to the admin panel and steal sensitive information. They may even prevent you from accessing your own store until you decide to pay a ransom amount. Therefore, be careful when using root PHP script to retrieve the data from the UserFactory and logging in without a password.

But why would you want to log into your Magento 2 admin panel without a password? There are several reasons.

Why Log Into Magento 2 Admin Panel Without a Password?

Password Recovery

The common most reason is that you have lost access to the admin panel and recovering it via email or database reset is not possible due to whatever reason.

Development

When your store is in development or testing phase, using root script to log in saves a lot of time and effort.

Learning Purposes

Lastly, learning how to do this can be a good from a learning experience. You know never know when it may come in handy.

Creating the Root PHP Script

Step 1: The first thing you need to do is navigate to your store’s root directory. This is where your index.php file is located.

Step 2: You will need to create a new file called ‘adminLogin.php’ in this directory.

Step 3: For the next step, all you need to do is copy the below script and then paste it into the ‘adminLogin.php’ file. 


use Magento\Framework\App\Bootstrap;

require __DIR__ . '/../app/bootstrap.php';


/* code for dispaly error */

ini_set('display_errors', 1);

ini_set('display_startup_errors', 1);

error_reporting(E_ALL);


class adminLoginApp extends \Magento\Framework\App\Http implements \Magento\Framework\AppInterface {


    public function launch()

    {

        $areaCode = 'adminhtml';

        $username = 'admin'; // admin user name '{username}'


        $this->_request->setPathInfo('/admin'); // magento admin path exam. example.com/admin

        $this->_state->setAreaCode($areaCode);

        $this->_objectManager->configure($this->_configLoader->load($areaCode));


        $user = $this->_objectManager->get('Magento\User\Model\User')->loadByUsername($username);

        $session = $this->_objectManager->get('Magento\Backend\Model\Auth\Session');

        $session->setUser($user);

        $session->processLogin();


        if($session->isLoggedIn()) {


            $remoteAddress = $this->_objectManager->get('Magento\Framework\HTTP\PhpEnvironment\RemoteAddress');

            $adminSessionInfo = $this->_objectManager->create('Magento\Security\Model\AdminSessionInfo');

            $adminSessionInfo->setData('session_id', $session->getSessionId());

            $adminSessionInfo->setData('user_id', $user->getUserId());

            $adminSessionInfo->setData('ip', $remoteAddress->getRemoteAddress());

            $adminSessionInfo->setData('status', '1');

            $adminSessionInfo->save();


            $cookieManager = $this->_objectManager->get('Magento\Framework\Stdlib\CookieManagerInterface');

            $cookieValue = $session->getSessionId();

            if ($cookieValue) {

                $sessionConfig = $this->_objectManager->get('Magento\Backend\Model\Session\AdminConfig');

                $cookiePath = str_replace('autologin.php', 'index.php', $sessionConfig->getCookiePath());


                $cookieMetadata = $this->_objectManager->get('Magento\Framework\Stdlib\Cookie\CookieMetadataFactory')

                    ->createPublicCookieMetadata()

                    ->setDuration(3600)

                    ->setPath($cookiePath)

                    ->setDomain($sessionConfig->getCookieDomain())

                    ->setSecure($sessionConfig->getCookieSecure())

                    ->setHttpOnly($sessionConfig->getCookieHttpOnly());

                $cookieManager->setPublicCookie($session->getName(), $cookieValue, $cookieMetadata);

            }


            $backendUrl = $this->_objectManager->get('Magento\Backend\Model\UrlInterface');

            $path = $backendUrl->getStartupPageUrl();

            $url = $backendUrl->getUrl($path);

            $url = str_replace('adminLogin.php', 'index.php', $url); // adminLogin.php script file name

            header('Location: '.$url);

            exit;

        }

        return $this->_response;

    }

}


$bootstrap = Bootstrap::create(BP, $_SERVER);

$bootstrap = \Magento\Framework\App\Bootstrap::create(BP, $_SERVER);

/** @var \Magento\Framework\App\Http $app */

$app = $bootstrap->createApplication('adminLoginApp');

$bootstrap->run($app);

Step 4: After pasting the code, you need to replace the $username = “admin” value with the actual admin username.

Step 5: Now, you have two options to log into the Magento 2 admin panel without entering the password. First, you can enter the script into the command line. Second, you can simply enter the following in your browser:

https://your-website.com/adminLogin.php

Do note that you can change adminlogin.php filename for further security.

Final Thoughts

This concludes our article on how to use root script to access the admin panel without using a password. As mentioned earlier, use this option carefully since it increases security risks. We recommend using it only in developing or staging environments and never on a live site. If you have any security concerns or require help with any aspect of your Magento store, then reach out to our support centre.

Read More Magento 2 Blogs:

This blog was created with FME's SEO-friendly blog