Search the Community

Boost your PrestaShop's security with 'PrestaSecure': Advanced password rules, mass reset and change reminders, password creation and productivity tooltips. Improve password strength, customize requirements, enhance security for all users, increase customer confidence, enable account activation, easily reset passwords, and strengthen cyber security with 'PrestaSecure'. Demo: Front Office: https://test11.megventure.com/en/index.php?controller=registration Backoffice: https://test11.megventure.com/ Username: [email protected] Password: demodemo Product link: https://www.megventure.com/en/prestashop-modules/45-empower-password-8691246220325.html Features: Enhanced Security: Bolster your platform's safety with sophisticated password rules, protecting your customer's sensitive information and reducing potential security risks. Mass Password Reset: In the face of a security breach or routinely for enhanced security, quickly reset all customer passwords with a single click. Automated Reminder Emails: Send automated notification emails urging customers to change their passwords, maintaining account security over time. Flexible Password Requirements: Set customized password strength requirements. Choose from various complexity levels, including minimum length, the requirement for special characters, numbers, and upper and lower-case letters. Mask/unmask Password Displays: Set a typical eye icon to the password fields to mask / unmask passwords while typing. User-Friendly Interface: An intuitive design allows your customers to gauge password strength dynamically as they type, encouraging the use of stronger passwords. Compatibility: Integrates seamlessly with your existing PrestaShop setup, ensuring smooth performance across different versions of the platform. Multilingual Support: Equipped with multi-language support to cater to a global customer base. Comprehensive Documentation: Detailed instructions and support materials included for an effortless integration process.

Bonjour depuis quelques jours impossible de me connecter a mon backoffice sur prestashop 1.7.6.7 habituellement j’y accede depuis mon iphone, mon ipad, mon mac (depuis safaris ou chrome) et depuis mon pc alors que l’accès était toujours possible depuis mon mac, c’est l’accès sur l’iphone qui a commencé à ne plus fonctionner j’ai donc décidé de modifier le mot de passe depuis l’interface du backoffice mais, deja, le comportement n’était pas normal puisque après enregistrement j’ai un message qui me dit que « le compte existe déjà » alors que je ne vois pas le rapport avec le changement de mot de passe ! étape suivante : je decide de faire une demande de nouveau MDP depuis la page de login, je reçois le lien et je modifie le MDP et je parviens alors a me connecter ! ensuite j’essaie de me connecter depuis un autre navigateur mais impossible, ni depuis l’iphone ! après déconnection sur le mac, meme problème, je n’arrive plus a me reconnecter je refais donc une nouvelle demande de MDP mais je ne savais pas qu’il fallait attendre 360 minutes entre 2 demandes !!! ce qui est deja incroyable !!! j’attends donc le temps demandé car pas le choix, je reçois bien le lien mais, cette fois, je ne peux plus me connecter et depuis j’ai deja réessayé 3 fois et meme si je reçois bien le mail indiquant que j’ai changé le MDP je ne peux plus me connecter je suis assez inquiet j’ai déjà regardé sur les forums mais je n’ai pas trouvé d’aide a ce sujet si quelqu’un à une aide à m’apporter j’en serais très reconnaissant. merci

Hi, I am getting errors when trying to reset the password. I change some changes as per suggestions in the ps_configuration table and others but had no success in solving the problem. I found code in below file related to error message. prestashop\controllers\front\PasswordController.php I feel token from email and system do not match as per code condition. if($customer->getValidResetPasswordToken() !== $reset_token) protected function changePassword() { $token = Tools::getValue('token'); $id_customer = (int) Tools::getValue('id_customer'); $reset_token = Tools::getValue('reset_token'); $email = Db::getInstance()->getValue( 'SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL($token) . '\' AND c.id_customer = ' . $id_customer ); if ($email) { $customer = new Customer(); $customer->getByEmail($email); if (!Validate::isLoadedObject($customer)) { $this->errors[] = $this->trans('Customer account not found', [], 'Shop.Notifications.Error'); } elseif (!$customer->active) { $this->errors[] = $this->trans('You cannot regenerate the password for this account.', [], 'Shop.Notifications.Error'); } elseif ($customer->getValidResetPasswordToken() !== $reset_token) { $this->errors[] = $this->trans('The password change request expired. You should ask for a new one.', [], 'Shop.Notifications.Error'); } if ($this->errors) { return; } if ($isSubmit = Tools::isSubmit('passwd')) { // If password is submitted validate pass and confirmation if (!$passwd = Tools::getValue('passwd')) { $this->errors[] = $this->trans('The password is missing: please enter your new password.', [], 'Shop.Notifications.Error'); } if (!$confirmation = Tools::getValue('confirmation')) { $this->errors[] = $this->trans('The confirmation is empty: please fill in the password confirmation as well', [], 'Shop.Notifications.Error'); } if ($passwd && $confirmation) { if ($passwd !== $confirmation) { $this->errors[] = $this->trans('The password and its confirmation do not match.', [], 'Shop.Notifications.Error'); } if (!Validate::isPasswd($passwd)) { $this->errors[] = $this->trans('The password is not in a valid format.', [], 'Shop.Notifications.Error'); } } } if (!$isSubmit || $this->errors) { // If password is NOT submitted OR there are errors, shows the form (and errors) $this->context->smarty->assign([ 'customer_email' => $customer->email, 'customer_token' => $token, 'id_customer' => $id_customer, 'reset_token' => $reset_token, ]); $this->setTemplate('customer/password-new'); } else { // Both password fields posted. Check if all is right and store new password properly. if (!$reset_token || (strtotime($customer->last_passwd_gen . '+' . (int) Configuration::get('PS_PASSWD_TIME_FRONT') . ' minutes') - time()) > 0) { Tools::redirect('index.php?controller=authentication&error_regen_pwd'); } else { $customer->passwd = $this->get('hashing')->hash($password = Tools::getValue('passwd'), _COOKIE_KEY_); $customer->last_passwd_gen = date('Y-m-d H:i:s', time()); if ($customer->update()) { Hook::exec('actionPasswordRenew', ['customer' => $customer, 'password' => $password]); $customer->removeResetPasswordToken(); $customer->update(); $mail_params = [ '{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, ]; if ( Mail::Send( $this->context->language->id, 'password', $this->trans( 'Your new password', [], 'Emails.Subject' ), $mail_params, $customer->email, $customer->firstname . ' ' . $customer->lastname ) ) { $this->context->smarty->assign([ 'customer_email' => $customer->email, ]); $this->success[] = $this->trans('Your password has been successfully reset and a confirmation has been sent to your email address: %s', [$customer->email], 'Shop.Notifications.Success'); $this->context->updateCustomer($customer); $this->redirectWithNotifications('index.php?controller=my-account'); } else { $this->errors[] = $this->trans('An error occurred while sending the email.', [], 'Shop.Notifications.Error'); } } else { $this->errors[] = $this->trans('An error occurred with your account, which prevents us from updating the new password. Please report this issue using the contact form.', [], 'Shop.Notifications.Error'); } } } } else { $this->errors[] = $this->trans('We cannot regenerate your password with the data you\'ve submitted', [], 'Shop.Notifications.Error'); } }

Hi, I would like to know whether it is possible to import customers record with password from version 1.7.1.1 store to 1.7.6.4 store. I want to upgrade my PrestaShop store from 1.7.1.1 to 1.7.6.4. I tried to use the 1-click-upgrade module but it failed. So I am left with no choice but established a new store of 1.7.6.4 and move everything over. Everything works until I imported the customer record. I used a third party module (export customers) to export the customers from 1.7.1.1. I then used the import function in 1.7.6.4 to import the customer records. The import is fine but I cannot edit the customers information in the 1.7.6.4 backend. I used the phpmyadmin to compare the records of a customer in 1.7.1.1 and 1.7.6.4. The passwd and the secure_key are different in the two versions. I think the import procedure has rehashed those fields. I tried to copy these two fields from 1.7.1.1 to 1.7.6.4 using phpmyadmin. Still doesn't work. Is there a way to transfer over the customer records with password between my two servers? I have over 700 customers in my database. I don't want to inform them that they have to reset their password with email link. If there is a way, can you please give me the step-by-step to do it? Thank you very much. Regards, Simon

Hi there! This is my first contribution to the community. I hope it helps someone. I would like to share my approach on how to integrate Zen-Cart / OSCommerce passwords with Prestashop. I have a Zen-Cart shop with 50k registered customers which I am migrating to Prestashop. The "Back Office -> Tools -> CSV Import" tool works like a charm to import your customers but they will not be able to login on Prestashop because passwords are encrypted in different ways on both store managers. This solution requires no database modification (aside from creating a support table) and only one php code modification (/classes/Customer.php). It will let your legacy customers login and change passwords through admin panel or "forgot my password" if they'd like. Actually they would not notice anything different at all. If you want to understand some of the inner workings of both systems, I would recommend you to learn a little about password hashing and hash salting. You can skip this part if you want to get your hands dirty fast. How Zen-Cart / OSCommerce passwords work: Format: 32 alphanumeric characters + colon + 2 alphanumeric characters salt E.g: e56d64755f66a86996b54114bb4102bf:08 35 characters total It has a salting function which generates a random salt for every password. The password is hashed with MD5 and salted with 2 aditional characters. These two aditional characters are then appended to the password with a colon. How Prestashop passwords work: Format: 32 alphanumeric characters (a standard MD5 salted hash) E.g: e56d64755f66a86996b54114bb4102bf 32 characters total It uses a per-installation random constant called _COOKIE_KEY_ as salt. As you can see, they simply don't match. After some tries, I ended up with the following solution: ================================== IMPORTANT NOTES: - It works for Prestashop V1.4.7X (needs to be tested for other versions); - DO A BACKUP BEFORE ANY CHANGES IN YOUR DATABASE/CODE; - Try it in a development environment; - I'm obviously not responsible if you screw your shop; - Have I already mentioned to do backups? - English is my second language. Sorry you grammar nazis. DATABASE: 1) Export the prefix_customers table from Zen-Cart / OSCommerce / OpenCart into a CSV file; 2) Import your users through Prestashop's CSV Import tool; 3) Create this table in your Prestashop database: CREATE TABLE zc_legacy_passwords ( id INT NOT NULL, PRIMARY KEY(id), email VARCHAR(100), password VARCHAR(35), updated BOOLEAN NOT NULL ); 4) Populate this table using the previously created .CSV file or create a .SQL file from the following query and import into the zc_legacy_passwords table: SELECT customers_id, LOWER(customers_email_address), customers_password FROM PREFIX_customers ORDER BY customers_id Now we have all the data needed to allow our customers log into Prestashop, but we still need to change how the login process work. CODING STEPS: Modify the /classes/Customer.php file with the following: 1) Look for the public function getByEmail($email, $passwd = NULL) <- line 203 2) Replace lines 217 and 218, turning it from... if (!$result) return false; ...to... // == BEGIN ZEN-CART / OSCOMMERCE TO PRESTASHOP PASSWORD INTEGRATION == // == BY João Cunha - [email protected] // == @ 31/03/2012 // == USE AND MODIFY AT WILL // == TESTED ON PRESTASHOP V1.4.7X if (!$result) { //<- INVALID PRESTASHOP LOGIN, IT MAY BE A ZEN-CART / OSCOMMERCE PASSWORD //CHECK IF THE GIVEN EMAIL MATCHES A ROW IN OUR LEGACY TABLE AND RETRIEVES THE LEGACY PASSWORD $resultZC = Db::getInstance()->getRow(' SELECT `password` FROM `zc_legacy_passwords` WHERE `email` = \''.pSQL($email).'\' AND `updated` = 0'); if (!$resultZC) return false; //<- EMAIL NOT FOUND IN NONE OF THE TABLES, SO IT IS AN INVALID LOGIN //ENCRYPTS THE GIVEN PASSWORD IN ZEN-CART / OSCOMMERCE FORMAT $salt = substr($resultZC['password'], strrpos($resultZC['password'],':')+1, 2); $ZCpassword = md5($salt . $passwd) . ':' . $salt; if ($ZCpassword != $resultZC['password']) return false; //<- WRONG ZEN-CART/OSCOMMERCE PASSWORD GIVEN //WE'LL UPDATE THE CUSTOMER TABLE WITH ITS PRESTASHOP ENCRYPTED PASSWORD... Db::getInstance()->Execute(' UPDATE `'._DB_PREFIX_ .'customer` SET `passwd` = \''.md5(pSQL(_COOKIE_KEY_.$passwd)).'\' WHERE `email` = \''.pSQL($email).'\''); //...AND FLAG IT AS UPDATED, SO THE NEXT TIME HE LOGS IN, HE WON'T ENTER THIS ROUTINE. Db::getInstance()->Execute(' UPDATE `zc_legacy_passwords` SET `updated` = 1 WHERE `email` = \''.pSQL($email).'\''); //USER IS AUTHENTICATED, OVERWRITE THE EMPTY $result VARIABLE $result = Db::getInstance()->getRow(' SELECT * FROM `'._DB_PREFIX_ .'customer` WHERE `active` = 1 AND `email` = \''.pSQL($email).'\' AND `deleted` = 0 AND `is_guest` = 0'); } // == END ZEN-CART / OSCOMMERCE TO PRESTASHOP PASSWORD INTEGRATION ================================== And you're done! I don't know if there is another way of achieving the same results without modifying the Customer.php core file, but that would be great. Since I'm a Prestashop noob, I would like to hear any thoughts from you guys. Cheers, João Cunha Brazil

Buenas noches! A ver si alguien podría ayudarme por aquí! No puedo entrar en mi Prestashop ni recordar contraseña da que me da error. He intentado por PHP MyAdmin con la cookie key pero sigue sin dejarme entrar. ¿Alguna otra solucion? No sé porque el mail de recordar contraseña no funciona me indica: Hay un error. El empleado no existe o la contraseña introducida es incorrecto. Muchas gracias!

Salve a tutti, prestashop 1.6.0.14 + tema leo desidero fare alcune prove perciò ho installato sul server prestashop 1.7.3 Per quanto riguarda la migrazione di tutti gli articoli e pagine varie, ammettiamo che di santa pazienza avendo file csv se ne venga a capo.... rimane il problema delle password dei clienti.... ho letto vari post in rete e qui .... ma alcuni sono datati e altri non giungono ad una chiara (per me) soluzione. Qualcuno ha consigli o considerazioni a riguardo? Grazie e buona serata R.

Salve, esiste un modo per rendere visibile la password al cliente nelle email di registrazione e successivamente nell'eventuale mail di reset della stessa? Grazie per le risposte

Hi All. I am new on this forum and I hope I can solve this rare problem I detected today. I have installed a fresh prestashop 1.7.6.5 on my hosting via a manager called Softaculous. The installation were without errors. I was checking the entire functionality and I fount that once I ask for a new administrator password with an email like [email protected] , the page says: ******************************************************* Please, check your mailbox. A link to reset your password has been sent to you. ******************************************************* And nothing is sent to my admin email. I tested with the possibility to create another users with . CLOUD and .com domains and the system goes as expected only in .com domains. As as notice to developers, and if someone can lead them this "bug" or tell me how can I report this, advice them to consider the new domains approved to send mail in the recover password page of the employees in Prestashop. Thanks for your attention. Greetings PhB

Bonjour, Mes clients rencontrent actuellement un problème lors de la récupération du mot de passe oublié. Le client reçoit bien l'e-mail mais le lien n'est pas cliquable. Est-ce que quelqu'un aurait une piste ou une solution concernant ce problème ? Je vous remercie d'avance. Gaëtan

Hi, I receive an error when trying to reset password (I am working in local). I found this other thread with same problem but I do have both password_query.txt & .html files in the mails folder. 1. The error prompts when entering the email to reset a password, I am actually doing this because it seems my login does not work: Hay 1 error : Error occurred when sending the e-mail. 2. Emails configuration at the BO end (BackOffice > Preferences > Emails) is: own SMTP (tried mail () PHP but it doesnt work either): Mail domain: left it blank. SMTP server: smtp.1and1.es SMTP user: [email protected] SMTP password: my email password. Encryption: SSL Port: 465 (tried 587 too) Thank you for your help apprentice

Hello, i am the only user of the platform and i made some cleaning on the laptop, including i have to enter the passwords, and i realize i don't remember the one for prestashop. The problem is that it is not sending me any email to reset it, and it is also the time frame of 6h waiting. It is a problem because i need to manage the new orders. How can i acces the platform otherways? Kind Regards Liliana

Buongiorno, apro un nuovo topic poiché quelli esistenti sull'argomento sono un po' datati. Il mio cliente vuole trasferire manualmente il suo sito passando da OsCommerce a Prestashop (v. 1.7.6.1). Io, non essendo una programmatrice, non posso garantire il buon esito dell'operazione e ho consigliato l'acquisto e l'uso dell'apposito modulo per avere meno problemi possibili. Comunque lui vuole provare, ma ha un dubbio sul passaggio delle password dei clienti: dice che nel sistema attuale (OsCommerce) sono memorizzare in formato md5 mentre, sull'account cliente di prova che ha creato su Prestashop, sembrerebbe essere in un altro formato. Qualcuno sa darmi delucidazioni? Ringrazio in anticipo per l'aiuto.

PORTUGUES: Eu crie uma pasta junto com os arquivos do prestashop. Queria saber como eu faço uma requisição para usar como as funcoes de validação de senha fora do ambiente prestashop. ENGLISH: I create a folder along with the prestashop files. I was wondering how I make a request to use as the password validation functions outside the prestashop environment..

Hello, i am trying to build a customer login form using prestashop webservices. I am using prestashop 1.7, i've noticed that 1.7 uses bcrypt as encoding method, i've also noticed that the salt that is being used is dynamic so if i use the COOKIE_KEY as salt i can never get the same password as the one stored in the database. So my question is what do i need to do to generate the same password with the one stored in the database. Thanks in advance

Hallo, Due at ftp migration problem I lose some files of my shop on ver 1.7.4.3, then I operate in this way. I create a fresh installation of Prestashop 1.7.4.3, after I configurate the shop with theme, module, language, image etc. as previous installation. Then using phpmyadmin I replaced the database, first with drop tables and then with import of the old detabase still intact. Everything works fine, even login as administrator and login as a customer, user name and password. But logically I can not test all the clients because I do not know their passwords, This is the question, I have not changed the values for 'secret' and 'cookie_key' inside the parameters.php file (they are those of the new installation), is this right? Should I leave them as they are or do I have to replace them with those from the old shop? thank you all for your help.

Hallo zusammen PrestaShop Version: 1.7.3.4 Ich habe für einen Kunden einen WebShop aufgestellt bei dem man Bücher kaufen kann. Den Produkten wurden sowohl kostenlose Download Artikel zugewiesen, als auch welche bei denen man einen Benutzernamen + Passwort braucht. Wenn man einen Download-Artikel herunterladen möchte, bei dem man einen Benutzernamen + Passwort braucht, dann kommt das Formular(siehe Screenshot) wo man Benutzernamen + Passwort eingeben muss. Dies funktioniert hervorragend. Jedoch wenn man auf «Abbrechen» klickt, gelangt man auf eine Standard Seite, welche vom Plesk-Server erstellt wurde. Auf dieser Seite erscheint: Server Error 401 Authorization Required Dann hat man die Auswahl die Seite zu reloaden, zurück zur vorherigen Seite zu gelangen oder auf die Home Page. Kann man diese umgehen und eine eigene erstellen? Vielen Dank für die Antworten. Grüsse

Hi. I have a classic migration problem: in the store from which I import data, passwords are encrypted by plain MD5. So I need to inject a password reencryption procedure on login attempts. That is, first received password must be compared to MD5 value, upon success in which the MD5 value is deleted from the database and received password is encrypted using Presta's own procedure. My question is, if there are people who've already written this, which files did you have to modify, which classes/methods did you extend? Thank you.

Hi there! I've just opened source for PasswordStrength module. If you are programmer you can build it from sources form here: https://github.com/promedeli/passwordstrength If you are not programmer and you are interested with this module and my support you can buy it here: https://addons.prestashop.com/en/website-security-access/39622-password-strength-meter.html More informations and short description is here: https://promedeli.com/prestashop/module/passwordstrength Demo can be found here: http://ps.promedeli.com/login?create_account=1 🙏 NAMASTE! Life is good!

Hallo zusammen Prestashopversion: 1.7.3.4 Wenn man sich registrieren möchte, muss man den Vornamen, Nachnamen, die E-Mail und das Passwort angeben. Gibt man beim Passwort ein Zeichen ein und geht auf speichern, so kommt folgende Fehlermeldung "ihre Eingabe muss mit dem geforderten Format übereinstimmen" <-- Diesen Text möchte ich gerne anpassen. Im Backend habe ich hierzu nichts gefunden. Bei den Übersetzungen habe ich auch schon nachgesehen. Kann mir da jemand helfen? Vielen Dank im Voraus. Visars

buenas tardes cual es la función de prestashop que cambia el password de prestashop en el lado del administrador

Hola buenas tardes necesito una ayuda con algún modulo gratuito para prestashop 1.6 que me indique cuando una contraseña es débil mientras un cliente se registra , gracias Ayuda urgente!

Hello, I forgot my password to access my back office. I keep on clicking on "lost password" and entering my email address to receive it back. I get the confirmation pop up message: "your new password has been emailed to you". However, everytime I check my email inbox or even my spam there is no such email from Prestashop. I am completely blocked without access to my back office. Thank you so much in avance for your valuable assistance.

Good Day all i am wondering is there away i can remove the password from the account creation form so they i can provide them a password once their account has been validated thanks in advance

Salve a tutti, Ho un problema con l'accesso alla back-end di Prestashop. In sostanza ho fatto l'installazione, che è andata a buon fine, e non riesco ad eseguire l'accesso con il mio utente. l'ultimo passo dell'installazione prevedeva l'inserimento dei dati di accesso per l'utente amministratore ed ho inserito la mia e-mail e la password. Sono sicuro di inserire la password corretta ma Prestashop me la da errata quindi faccio la procedura di recupero ma senza ricevere nessuna e-mail. Qualcuno sa dirmi come fare a fare il primo accesso oppure reinstallo tutto e faccio tutto da capo? Grazie in anticipo.