Recover an unrecoverable Prestashop back office password

If you never found your Prestashop back office being unaccessible for no reason, call yourself lucky! But if you did, let’s see how to recover an unrecoverable password in Prestashop.

  • Compatibility: Prestashop 1.4 (not tested), Prestashop 1.5, Prestashop 1.6

Watch the screencast (text version below)

The Fact: The Employee does not exist, or the password provided is incorrect.

Prestashop wrong back office password

Have you ever tried logging in to your Prestashop back office, just to be presented with a nonsense message as the title above, without apparent reason? I bet. I did, and many other people as well. Then you tried password recovery, and it whether didn’t work, or you didn’t get any email. If it worked, once more, you have been lucky.

But if didn’t work then it’s absolutely fundamental to regain access to the back office as quickly as possible. Let’s see how to do it!

Manually regenerating the back office password

In order to be able to regenerate the back office password you need:

  • Database Access
  • FTP Access
  • A free tool to generate an MD5 hash (such as http://www.miraclesalad.com/webtools/md5.php)

First off, you should know that Prestashop saves our password as hashed md5 string, where another series of random characters is prepended to the real text. Here is the method taken from Tools.php:

	public static function encrypt($passwd)
	{
		return md5(_COOKIE_KEY_.$passwd);
	}

Now that we know it, we simply need to retriever the _COOKIE_KEY_ and prepend it to our string before generating the hash. Where is it located? In config/settings.inc.php:

...
define('_MEDIA_SERVER_3_', '');
define('_COOKIE_KEY_', '7oxINWn9ihNci5oODOaJPRJyktpRNZQJjtWXgCOKTvHUmABDcskMQ4Vw');
define('_COOKIE_IV_', 'rXFf5Wc9');
...

Grab that, choose a random string and paste it to the md5 generator as shown in the following image, where I am using ‘simplepassword’ as password.

Prestashop generate a new md5 password

That’s the hash we need. Copy it, then jump over to your database, ps_employee table, and locate the user you are interested in:

Prestashop database - replacing password

Replace the password field, and you’re done!

Alternative way: creating a password generator file

Before proceeding be aware that it’s risky to keep a password-generating file live on your server. Therefore, once used it should be swiftly removed and kept elsewhere.

In your Prestashop installation root, create a file named pwdgen.php, and add the following inside:

<?php
include(dirname(__FILE__).'/config/config.inc.php');
include(dirname(__FILE__).'/init.php');

if($pass = Tools::getValue('mypass'))
	echo Tools::Encrypt($pass);

Add that’s it! You only need to follow the last step and replace it into the database. But again, make sure you don’t keep this file live on the server after using it.

You like the tuts and want to say "thank you"? Well, you can always feel free to donate:

  • Damiano Cosco

    can you help me? In prestashop 1.7.1.2, this method not work. Thank you

Store Top Sales

You like the tuts and want to say "thank you"? Well, you can always feel free to donate: