Jump to content
thirty bees forum

Locked out.

Framemonkey

By Framemonkey
in English

 Share

Recommended Posts

datakick Experienced

datakick

Posted
Posted
9 hours ago, Framemonkey said:

Just this, We don't know the password he used.  Ugh. When we hit forgot password, It tells us that this is not the email.

If you don't have access to back office, and you don't even know what email address was used for administration account, then you need to use FTP and upload unlock php script to your store.

You should have some access to your hosting provider control panel. If you don't know access credentials, contact them, and ask them to provide one.

Using control panel you should be able to set up FTP access. It might even be possible to directly upload files using web interface.

Script to reset passwords for all employees is here:

File to download: reset-admin.php

Content: 

<?php
include_once __DIR__ . '/config/config.inc.php';

header("Content-Type: text/plain");
$employees = new PrestaShopCollection('Employee');
/** @var Employee $employee */
foreach ($employees as $employee) {
    $newPassword = Tools::passwdGen(8);
    $employee->passwd = Tools::hash($newPassword);
    echo $employee->email . " = " . $newPassword . "\n";
    $employee->save();
}

Upload this script into root directory of your thirty bees installation under file name reset-admin.php

And then visit your shop www.domain.com/reset-admin.php

The script will change passwords for all employees, and displays the new passwords on the screen. Very dirty and unsafe 🙂

After you do that, delete the script from your store!!!!

  • Like 2
Link to comment
Share on other sites
  • 2 weeks later...
datakick Experienced

datakick

Posted
Posted
6 hours ago, Framemonkey said:

OK, I just received access to our account @ 123cheapdomains.com. phew.. Now what?. sorry all the questions..

 

Thanks!

So you probably have access to some control panel. It should contain some SQL tool (PHPMyAdmin or similar). Use this to connect to your database, and run this query: 

SELECT * FROM tb_employee;

That will list all employees in your database. If this does not work, you have different database table prefix -- the table can be named like tb123_employee, ps_employee, or whatever.

Look into the list of employees, and find the employee email address for which you want to change password. Let's say it's employee@email.address.com

Then run this SQL query (change email address with the one you chose in previous step) 

UPDATE tb_employee SET passwd = '$2y$10$tGwJd/0V1mZJM0ZlHYdUkebHMr/5dJzl3N0UAt2e3IfWwQP.JJPmC' WHERE email = 'employee@email.address.com';

that will change passwords for this employee to changeme1234

Now you can go to your admin login page, enter the employee email address and this new password, and you will be able to log in. Then go to your preferences in upper right corner dropdown menu, and change your password to something more secure.

  • Like 1
Link to comment
Share on other sites
  • 1 month later...
datakick Experienced

datakick

Posted
Posted

Note: previous suggestion no longer works for bleeding edge / thirty bees 1.5.

Employee record in database now contains 'signature' column that ensures employee password/email/role is not modified externally. This is to prevent attackers from accessing your back office in case of SQL injection vulnerability.

 If you are locked-out, you can use auto login script from this thread: 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...