Friday, September 24, 2010

PrestaShop Tips - How to reset or recovery back office admin password

Have you ever forgot your back office admin password of PrestaShop website? The system provides "forgot password" function to help you reset your password and send email the new temporary password.

But if the email function (SMTP) is not set correct, for example you installed PrestaShop at your home machine for development purpose, you will never receive the email. Here are two solutions to help you regain your access to your back office.

Solutions 1: Modify DB using _COOKIE_KEY_ and MD5


0. Please make sure you have access to the database.
1. Please look up the _COOKIE_KEY_ from your configuration file /config/setting.inc.php
2. RUN following SQL statement to your PrestaShop database to update your employee record.


UPDATE ps_employee SET passwd = md5('_COOKIE_KEY_YOUNEWPASSWORD') WHERE email = 'YOUEMAILADDRESS';

Note:
x. Please replace _COOKIE_KEY_ with the value you looked up from setting.inc at 1.
x. Please replace YOUNEWPASSWORD with you new password.
x. Please replace YOUEMAILADDRESS with you real email address in your PrestaShop database table
x. Please replace ps_employee with your real table name if you changed prefix at installation.

Click below image to see more detailed instructions on how to create SQL statement.


After running this SQL statement against your database via MyPhpAdmin. You should be able to login with the new password.

Solution 2: Bypass authentication


This solution works if you don't have database access. But in order to do so, you must have permission access and modify the source code of PrestaShop website. It doesn't matter via FTP tools or website control panel.

How to do it:
1. Connect to PrestaShop website via FTP or control panel file manager.
2. Download following file from your website
/YourPrestaShopRoot/admin/login.php

Note:
- Usually the admin folder is changed for security reason, in that case, please replace it with your correct folder name for admin.
- If you have not changed your admin folder, please changed it immediately!

3. Backup login.php file before you modify it.(make a copy)
4. Change following line 52 (line number may different for different version)


$employee = $employee->getByemail($email, $passwd);


After change


$employee = $employee->getByemail($email, NULL);

5. upload the modified login.php file to your website and replace existing one.
6. Now you can login to you back office with any password password that meets password criteria! (By default it requires at least 6 characters).
7. After you login, go to change your password at "Employee" tab
8. Restore the login.php file with one you backed up at above 3.

Cautions!
The methods introduced below are to by-pass authentication and gain access to your website. If you any other way to recovery your password, please do so. Here are some other ways to do.
1. Use forgot password function of the system.
2. Ask another admin to reset password for you.
3. Above Solution 1 in this post

8 comments:

Anonymous said...

solution 2 is not working for me. the page simply refreshes. any ideas?

Alvin said...

Please make sure
1. You email address is correct and registered as employee.
2. The password must meets password criteria. By default, it requires at least 6 characters.

Mikhail Klishevich said...

thank you solution 1 works as well.

Unknown said...

pls can u update the guide for the version 1.4.1 I can't see the cookie_key. neither is the second option helping me.

Thank u in advance

Alvin said...

it should be the same for 1.4x

The cookie key is defined in your setting file in

YourSiteRoot/config/settiings.inc.php

Anonymous said...

what does it mean " RUN following SQL statement to your PrestaShop database to update your employee record." ? please can you explain me simply? thanks in advance.

Mayank said...

Thanks for the help!!

Vouchers said...
This comment has been removed by a blog administrator.