Jump to content

Back Office access denied


Recommended Posts

Hi all, as per title, I can't access the back office (prestashop is 1.7.8.5) After deleting the cookies and cache folders I activated debugging and I have a series of errors:

UndefinedMethodException

in controllers/admin/AdminLoginController.php (line 243)

238            $this->errors[] = $this->trans('Invalid email address.', [], 'Admin.Notifications.Error');

239        }

240       

241                 if (empty($passwd)) {

242           $this->errors[] = $this->trans('The password field is blank.', [], 'Admin.Notifications.Error');

243        } elseif (!Validate::isAcceptablePasswordLength($passwd)) {

244            $this->errors[] = $this->trans('Invalid password.', [], 'Admin.Notifications.Error');

245        }

246

247        if (!count($this->errors)) {

248            // Find employee

 

AdminLoginControllerCore->processLogin()in controllers/admin/AdminLoginController.php (line 211)

206                'controller' => $this,

207            ]

208        );

209

210        if (Tools::isSubmit('submitLogin')) {

211            $this->processLogin();

212        } elseif (Tools::isSubmit('submitForgot')) {

213            $this->processForgot();

214        } elseif (Tools::isSubmit('submitReset')) {

215            $this->processReset();

216        }

 

AdminLoginControllerCore->postProcess()in classes/controller/Controller.php (line 295)

290            if (!$this->content_only && ($this->display_header || (isset($this->className) && $this->className))) {

291                $this->setMedia();

292            }

293

294            // postProcess handles ajaxProcess

295            $this->postProcess();

296

297            if (!empty($this->redirect_after)) {

298                $this->redirect();

299            }

 

ControllerCore->run()in classes/Dispatcher.php (line 518)

513            if (isset($params_hook_action_dispatcher)) {

514                Hook::exec('actionDispatcher', $params_hook_action_dispatcher);

515            }

516

517            // Running controller

518            $controller->run();

519

520            // Execute hook dispatcher after

521            if (isset($params_hook_action_dispatcher)) {

522                Hook::exec('actionDispatcherAfter', $params_hook_action_dispatcher);

523            }

 

DispatcherCore->dispatch()in admin947sj3cpr/index.php (line 93)

88    if (!headers_sent()) {

89        header('Content-Type: text/html; charset=utf-8');

90    }

91

92    // Prepare and trigger LEGACY admin dispatcher

93    Dispatcher::getInstance()->dispatch();

94  }

Edited by skyfighters (see edit history)
Link to comment
Share on other sites

  • skyfighters changed the title to Back Office access denied
14 ore fa, Nickz dice:

What did you do, give as many details as you rememeber.

Hi, the shop runs on a Linux server with PHP version 7.4.33. I have not done anything! The day ago, everything worked, but since yesterday morning I can't access the BO. The shop (FO) is online and works, but clearly since we cannot access the administration everything is blocked. The debugging errors appear to be related to login and password 

Link to comment
Share on other sites

22 ore fa, RMK_Code dice:

Hello,
Which folders have you deleted?

Have you tried restoring your database from your backups? It can help to restore your prestashop. And could you try deleting the cache again to see if it does the same thing?

I deleted file in var/cache/dev and img/tmp

Link to comment
Share on other sites

in Edge console 

jquery.validate.js:2  Uncaught ReferenceError: jQuery is not defined
    at jquery.validate.js:2:20436
messages_it.js:25  Uncaught ReferenceError: jQuery is not defined
    at messages_it.js:25:3
login.js?v=1.7.8.5:1  Uncaught ReferenceError: $ is not defined
    at login.js?v=1.7.8.5:1:1

Link to comment
Share on other sites

You can restore your PrestaShop installation from a backup taken before the issue occurred. Afterward, reapply the modifications one by one to identify the source of the problem.

This problem may also be linked to a module you've installed or deleted or if you have made any updates. Please remember if this is the case.
The best option, as I said, is to restore from the backup.

Edited by RMK_Code (see edit history)
Link to comment
Share on other sites

On 12/3/2023 at 6:21 PM, skyfighters said:

in Edge console 

jquery.validate.js:2  Uncaught ReferenceError: jQuery is not defined
    at jquery.validate.js:2:20436
messages_it.js:25  Uncaught ReferenceError: jQuery is not defined
    at messages_it.js:25:3
login.js?v=1.7.8.5:1  Uncaught ReferenceError: $ is not defined
    at login.js?v=1.7.8.5:1:1

$ and jQuery are synonyms. Very likely there is another javascript error that caused the failure of the loading of jQuery.

Link to comment
Share on other sites

  • skyfighters changed the title to Back Office access denied

Hi all. Aruba hosting provider contact me.

Dear Customer, I inform you that we have detected malicious code in your web space. You can see for example:

classes/controller/Controller.php

classes/controller/FrontController.php

classes/controller/ModuleFrontController.php

classes/Dispatcher.php classes/Hook.php

From checks carried out, even the available weekly backup is also already compromised. To clean up PrestaShop you can consult the dedicated guide. This procedure cannot be performed by the Staff. I inform you that the operations described above can be performed via File manager or FTP client such as FileZilla which can be downloaded for free from this link. To configure FileZilla you can follow the dedicated guide. Furthermore, it is not possible to provide you with a list of compromised files, therefore it is necessary for you to proceed with the cleanup of the site following the guide indicated above. After the cleanup, I remind you to change the password of the PrestaShop administrator user and the associated email address. I also invite you to change the password for managing [email protected]

Link to comment
Share on other sites

Unless you made changes there - what isn't advised - you can replace by ftp the complete /classes directory with that of a fresh installation of the same version. Some other directories like can be replaced too.

What you also can do is to download some of the compromised files so that you can compare them to the original. That will enable you to search for compromised files.

But of course there is no guarantee that that will remove all entrypoints for the hacker. A specialist can do a more thorough cleaning. But even then you are advised to immediately upgrade and to watch carefully for any changes in the weeks afterward.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...