Adding and Removing Users | OpsBlu Docs

Adding and Removing Users

How to add and remove team members in Opencart. Covers invitation workflows, role assignment, access revocation, and user lifecycle management for.

Overview

OpenCart manages three types of users:

  • Admin Users: Access to admin panel (staff, developers, agencies)
  • Customers: Frontend users who make purchases
  • Affiliates: Users who earn commission from referrals

Each user type has different management requirements and permissions.

Managing Admin Users

Admin users have access to your OpenCart admin panel and can manage store settings, products, orders, and more.

Adding Admin Users

Via Admin Panel

  1. Navigate to Users Section

    Admin Panel > System > Users > Users

  2. Click Add New User

    • Click the blue + button (top-right)

  3. Enter User Details

    General Tab:

    • Username: Unique login name (e.g., john.smith)
    • User Group: Select permission level (see User Groups section)
    • First Name: User's first name
    • Last Name: User's last name
    • E-Mail: Valid email address
    • Image: Optional profile picture
    • Status: Enabled/Disabled

    Password Tab:

    • Password: Strong password (8+ characters, mix of letters, numbers, symbols)
    • Confirm: Re-enter password

  4. Save User

    • Click blue Save button (top-right)
    • Success message appears

Via Database (Emergency Access)

If locked out of admin panel:

-- Connect to your database via phpMyAdmin or MySQL client

-- Insert new admin user
INSERT INTO oc_user (
    user_group_id,
    username,
    password,
    salt,
    firstname,
    lastname,
    email,
    status,
    date_added
) VALUES (
    1,                                  -- User Group ID (1 = Administrator)
    'emergency_admin',                  -- Username
    SHA1(CONCAT('salt123', SHA1(CONCAT('salt123', SHA1('Password123!'))))),  -- Password
    'salt123',                          -- Salt
    'Emergency',                        -- First Name
    'Admin',                            -- Last Name
    'admin@yourstore.com',             -- Email
    1,                                  -- Status (1 = Enabled)
    NOW()                              -- Date Added
);

Important: Change 'Password123!' and 'salt123' to your desired values.

Better password generation:

-- Generate password with random salt
SET @salt = MD5(RAND());
SET @password = 'YourSecurePassword123!';

INSERT INTO oc_user (
    user_group_id,
    username,
    password,
    salt,
    firstname,
    lastname,
    email,
    status,
    date_added
) VALUES (
    1,
    'emergency_admin',
    SHA1(CONCAT(@salt, SHA1(CONCAT(@salt, SHA1(@password))))),
    @salt,
    'Emergency',
    'Admin',
    'admin@yourstore.com',
    1,
    NOW()
);

Editing Admin Users

  1. Navigate to Users List

    Admin Panel > System > Users > Users

  2. Find User to Edit

    • Use filter/search if needed
    • Click Edit button (pencil icon)

  3. Update Information

    • Change any fields as needed
    • Note: Cannot change username after creation (delete and recreate instead)

  4. Save Changes

    • Click Save button

Disabling Admin Users

Instead of deleting, disable users to preserve audit trail:

  1. Edit User

    Admin Panel > System > Users > Users > Edit

  2. Change Status

    • Status: Disabled
    • Click Save

Result: User cannot log in but user record remains.

Deleting Admin Users

Warning: Deleting removes user permanently. Consider disabling instead.

  1. Navigate to Users

    Admin Panel > System > Users > Users

  2. Select User(s)

    • Check checkbox next to user(s) to delete
    • Or use checkbox in header to select all

  3. Click Delete

    • Click red Delete button (trash icon)
    • Confirm deletion

Via Database:

-- Delete specific user
DELETE FROM oc_user WHERE username = 'username_here';

-- Delete user by ID
DELETE FROM oc_user WHERE user_id = 5;

-- View users before deleting
SELECT user_id, username, email, status FROM oc_user;

Password Reset for Admin Users

Self-Service Reset (Email)

  1. Admin Login Page

    https://yourstore.com/admin/

  2. Click "Forgotten Password"

    • Enter your email address
    • Click Reset Password
    • Check email for reset link

Manual Password Reset (Database)

-- Reset password for specific user
SET @salt = MD5(RAND());
SET @password = 'NewSecurePassword123!';

UPDATE oc_user
SET
    password = SHA1(CONCAT(@salt, SHA1(CONCAT(@salt, SHA1(@password))))),
    salt = @salt
WHERE username = 'admin';

-- Verify update
SELECT username, email FROM oc_user WHERE username = 'admin';

Via PHP File (Temporary)

File: reset_admin_password.php (place in OpenCart root)

<?php
// DELETE THIS FILE AFTER USE!

// Load OpenCart config
require_once('config.php');

// Database connection
$mysqli = new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);

if ($mysqli->connect_error) {
    die('Connection failed: ' . $mysqli->connect_error);
}

// Configuration
$username = 'admin';                    // Username to reset
$new_password = 'NewSecurePassword123!'; // New password

// Generate salt
$salt = bin2hex(random_bytes(9));

// Hash password (OpenCart 3.x method)
$password_hash = sha1($salt . sha1($salt . sha1($new_password)));

// Update database
$stmt = $mysqli->prepare('UPDATE ' . DB_PREFIX . 'user SET password = ?, salt = ? WHERE username = ?');
$stmt->bind_param('sss', $password_hash, $salt, $username);

if ($stmt->execute()) {
    echo "Password reset successful for user: $username<br/>";
    echo "New password: $new_password<br/>";
    echo "<br/><strong>DELETE THIS FILE IMMEDIATELY!</strong>";
} else {
    echo "Error: " . $stmt->error;
}

$stmt->close();
$mysqli->close();
?>

Usage:

  1. Upload to OpenCart root
  2. Visit: https://yourstore.com/reset_admin_password.php
  3. DELETE FILE IMMEDIATELY after use

Managing Customers

Customers are frontend users who browse products and make purchases.

Adding Customers

Via Admin Panel

  1. Navigate to Customers

    Admin Panel > Customers > Customers

  2. Click Add New

    • Click blue + button

  3. Enter Customer Details

    General Tab:

    • First Name: Customer's first name
    • Last Name: Customer's last name
    • E-Mail: Valid email (used for login)
    • Telephone: Phone number
    • Newsletter: Subscribe to newsletter (Yes/No)
    • Customer Group: Default, Wholesale, etc.
    • Status: Enabled/Disabled
    • Safe: Mark customer as safe (not flagged for fraud)

    Password Tab:

    • Password: Customer's password
    • Confirm: Re-enter password

    Address Tab:

    • Click Add Address button
    • Fill in address details
    • Can add multiple addresses

  4. Save Customer

    • Click Save button

Via Frontend Registration

Customers can register themselves:

  1. Customer visits store

    https://yourstore.com/

  2. Click Account > Register

    • Or: https://yourstore.com/index.php?route=account/register

  3. Fill Registration Form

    • First Name, Last Name
    • E-Mail, Telephone
    • Password, Confirm Password
    • Address information
    • Privacy Policy agreement

  4. Submit Registration

    • Account created and active (if auto-approval enabled)
    • Or pending approval (if manual approval required)

Configure Registration Settings:

Admin Panel > System > Settings > Edit Store > Option tab
Account Terms: Select terms & conditions page
Customer Group: Default group for new customers
Customer Approval: Automatic or Manual

Editing Customers

  1. Navigate to Customers

    Admin Panel > Customers > Customers

  2. Find Customer

    • Use filters: Name, E-Mail, Customer Group, Status
    • Click Filter button

  3. Edit Customer

    • Click Edit button (pencil icon)
    • Modify details
    • Click Save

Disabling Customers

Prevent login without deleting account:

  1. Edit Customer

    Admin Panel > Customers > Customers > Edit

  2. Change Status

    • Status: Disabled
    • Click Save

Deleting Customers

Warning: Deleting customer removes all associated data (orders, addresses, reviews).

  1. Navigate to Customers

    Admin Panel > Customers > Customers

  2. Select Customer(s)

    • Check checkbox next to customer(s)

  3. Delete

    • Click Delete button (trash icon)
    • Confirm deletion

Best Practice: Disable instead of delete to preserve order history.

Customer Password Reset

Self-Service (Frontend)

  1. Customer clicks "Forgotten Password"

    https://yourstore.com/index.php?route=account/forgotten

  2. Enter Email Address

    • Click Continue
    • Reset link sent to email

Admin Reset (Backend)

  1. Edit Customer

    Admin Panel > Customers > Customers > Edit

  2. Password Tab

    • Enter new password
    • Confirm password
    • Click Save

  3. Notify Customer

    • Email customer with new password (manual)

Managing Affiliates

Affiliates earn commission from referred sales.

Enabling Affiliate System

Admin Panel > System > Settings > Edit Store > Option tab
Affiliate: Enable
Affiliate Terms: Select affiliate terms page
Affiliate Commission: Set default commission percentage

Adding Affiliates

Via Admin Panel

  1. Navigate to Affiliates

    Admin Panel > Marketing > Affiliates

  2. Click Add New

    • Click blue + button

  3. Enter Affiliate Details

    General Tab:

    • First Name: Affiliate's first name
    • Last Name: Affiliate's last name
    • E-Mail: Email address
    • Telephone: Phone number
    • Website: Affiliate's website (optional)
    • Commission: Percentage (overrides default)
    • Status: Enabled/Disabled

    Payment Tab:

    • Tax ID: Tax identification
    • Payment Method: Cheque, PayPal, Bank Transfer, etc.
    • Cheque Payee Name: For cheque payments
    • PayPal Email: For PayPal payments
    • Bank Account Details: For bank transfers

  4. Save Affiliate

    • Click Save

Via Frontend Application

Affiliates can apply themselves:

  1. Navigate to Affiliate Application

    https://yourstore.com/index.php?route=affiliate/register

  2. Fill Application Form

    • Personal information
    • Payment details
    • Agree to terms

  3. Submit Application

    • Admin reviews and approves
    • Affiliate receives notification

Approving Affiliate Applications

Admin Panel > Marketing > Affiliates
Find affiliate with Status: Disabled
Edit affiliate
Change Status: Enabled
Save

Deleting Affiliates

Admin Panel > Marketing > Affiliates
Select affiliate(s)
Click Delete button
Confirm deletion

Note: Deleting affiliate removes commission tracking history.

Bulk User Management

Export Users

Customers:

Admin Panel > System > Maintenance > Backup/Restore
Export table: oc_customer
Download SQL file

Via Extension:

Install export extension from OpenCart Marketplace:

  • Export Import PRO by iSenseLabs
  • Customer Export by Journal3

Import Users

Via SQL:

-- Import customers from CSV
LOAD DATA INFILE '/path/to/customers.csv'
INTO TABLE oc_customer
FIELDS TERMINATED BY ','
ENCLOSED BY '"'
LINES TERMINATED BY '\n'
IGNORE 1 ROWS
(firstname, lastname, email, telephone, customer_group_id, status);

Via Extension:

Use import extension to bulk import customers from CSV/Excel.

Bulk Status Change

Via Database:

-- Disable all customers in specific group
UPDATE oc_customer
SET status = 0
WHERE customer_group_id = 3;

-- Enable all customers with specific email domain
UPDATE oc_customer
SET status = 1
WHERE email LIKE '%@example.com';

-- Disable inactive customers (no login in 2 years)
UPDATE oc_customer c
LEFT JOIN oc_customer_activity ca ON c.customer_id = ca.customer_id
SET c.status = 0
WHERE ca.date_added < DATE_SUB(NOW(), INTERVAL 2 YEAR)
OR ca.customer_id IS NULL;

Security Best Practices

Admin Users

  1. Strong Passwords

    • Minimum 12 characters
    • Mix of uppercase, lowercase, numbers, symbols
    • Avoid dictionary words

  2. Unique Usernames

    • Don't use "admin" (common target)
    • Use unique, non-obvious usernames

  3. Limit Admin Accounts

    • Create only necessary admin users
    • Delete/disable unused accounts

  4. Use User Groups

    • Assign minimum required permissions
    • Don't give Administrator access unless necessary

  5. Two-Factor Authentication

    • Install 2FA extension
    • Recommended: Google Authenticator extension

  6. Monitor Login Attempts

    Admin Panel > System > Users > User Login

    Review failed login attempts regularly.

Customers

  1. Approval Process

    • Enable manual approval for high-risk stores
    • Review new registrations

  2. Fraud Detection

    • Monitor customer activity
    • Flag suspicious accounts
    • Use fraud detection extensions

  3. GDPR Compliance

    • Collect only necessary data
    • Provide data export/deletion
    • Enable consent checkboxes

Troubleshooting

Can't Log In to Admin

Solutions:

  1. Clear browser cache and cookies
  2. Try different browser/incognito mode
  3. Check username/password (case-sensitive)
  4. Reset password via database (see Password Reset section)
  5. Check user status in database:
    SELECT username, email, status FROM oc_user;
    Status should be 1 (enabled)

Customer Can't Register

Check:

  1. Registration enabled:

    System > Settings > Edit > Option tab
Account: Enable registration

  2. Email configuration:

    System > Settings > Edit > Mail tab
Verify mail settings correct

  3. Check for JavaScript errors (F12 console)

  4. Disable required fields temporarily to test

Affiliate Commission Not Tracking

Solutions:

  1. Verify affiliate enabled:

    System > Settings > Edit > Option tab
Affiliate: Enable

  2. Check affiliate status: Must be "Enabled"

  3. Verify tracking code:

    Affiliate > Tracking
Add tracking code to affiliate links

  4. Check commission settings:

    Marketing > Affiliates > Edit > Commission
Set percentage > 0

Next Steps

Additional Resources

Nach oben