how opencart login works

In this post I am going to discuss regarding the opencart login say HOW OPENCART LOGIN WORKS.Files used in login functionality are

1) /oc2302/catalog/controller/account/login.php


3) /oc2302/catalog/model/account/customer.php

4) /oc2302/system/library/cart/customer.php file

flow of the opencart login functionality is as shown below.

opencart login functionality flow
opencart login functionality flow

When user visit My Account -> login the url is something like http://localhost/oc2302/index.php?route=account/login (here I have installed opencart in oc2302 directory)

The screen looks like as below at this url.

opencart login page
opencart login page

Here route=account/login so controller used is login.php and its full path is /oc2302/catalog/controller/account/login.php

login controller contains two functions index() and validate().

Let me drill down the index() function

Here I am going to highlight the important line of code only

Line no 6 is


This line loads customer model and its location is /oc2302/catalog/model/account/customer.php

Line no 9 is

if (!empty($this->request->get['token'])) {

which override login for admin users.this if loop ends at line no line no 44 check for if user is already logged in if it than it will redirect it to account page.Other wise it will goto line no 52

if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {

in above code snippet it checks for if method used is POST and also it use validate function.validate function records invalid login attempts if either email or password is wrong. If both email and password is ok than it will remove invalid attempts

in validate function at line no. 201

if (!$this->customer->login($this->request->post['email'], $this->request->post['password'])) {

this line call the model login method and its successful it will returned back to the index() method else it will show error message.

Here the login function is available at

/oc2302/system/library/cart/customer.php file

Here at login() method it will check for if email and password is exist in database or not and also check if user status is active. If it exits than It will return true.

Its my first post on opencart. will post more posts in future . if you need any specific post please feel free to contact me.

Good Day,




  1. hello, I hope you can help me about my problem.
    I have fresh install of opencart ver. with no errors, renamed both confir-dism.php s as config.php,,, renamed .htaccess checked all the things …. main page shows fine but when I try to login to admin page with correct user and password says nothing and refreshes the page again. website name and ….. /admin/index.php?route=common/login&user_token=2wCLKYiD4a7YKuIIzJg3Edsl3KyW4fEV what is the problem you think? couldn’t find any answer about it.
    I use free hosting right now. ( ) THANK YOU VERY MUCH FOR YOUR COMMENTS AND ADVICES

  2. hi,
    there may be two issues
    1) admin config.php is not avaialable / changed
    2) .htaccess file is not properly written.

    if still problem is not solved you may please feel free to contact me at my email.

  3. Hi, I need to make a login options by mobile number. i had changed the query in the system/library/cart/customer.php
    with below query.

    if ($override) {
    $customer_query = $this->db->query(“SELECT * FROM ” . DB_PREFIX . “customer where (LOWER(email) = ‘” . $this->db->escape(utf8_strtolower($email)) . “‘ or telephone = ‘” . $this->db->escape(utf8_strtolower($email)) . “‘) AND status = ‘1’”);
    } else {
    $customer_query = $this->db->query(“SELECT * FROM ” . DB_PREFIX . “customer WHERE (LOWER(email) = ‘” . $this->db->escape(utf8_strtolower($email)) . “‘ or telephone = ‘” . $this->db->escape(utf8_strtolower($email)) . “‘) AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1(‘” . $this->db->escape($password) . “‘))))) OR password = ‘” . $this->db->escape(md5($password)) . “‘) AND status = ‘1’ AND approved = ‘1’”);

    But. it not works. still only email login alone works. Can you please help me to clear this problem.

    1. hi,
      sure I will check it out and will sure help you . most probably I will make free extension so other can also get benefit. which version of opencart are you using ?

  4. hi
    you may try below code . I just tested and it worked fine for me.

    if ($override) {
    $customer_query = $this->db->query(“SELECT * FROM ” . DB_PREFIX . “customer WHERE LOWER(email) = ‘” .$this->db->escape(utf8_strtolower($email)) .”‘ “.” or telephone = “.$this->db->escape(utf8_strtolower($email)) .
    “‘ “.”AND status = ‘1’”);
    } else {
    $customer_query = $this->db->query(“SELECT * FROM ” . DB_PREFIX . “customer WHERE LOWER(email) = ‘” .$this->db->escape(utf8_strtolower($email)).”‘”.” or telephone = “.$this->db->escape(utf8_strtolower($email)) .
    ” ” .” AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1(‘” . $this->db->escape($password) . “‘))))) OR password = ‘” . $this->db->escape(md5($password)) . “‘) AND status = ‘1’ AND approved = ‘1’”);

    1. Hello sir., Now im in another problem., 🙁 Can’t able to login as customer through admin dashboard. I had revert back all changes but still unable to login as customer through admin dashboard. Awaiting for your response Thank you.

Leave a Comment

Your email address will not be published. Required fields are marked *