mahen23 Posted October 16, 2010 Share Posted October 16, 2010 This is a walkthrough on how to make a user login on prestashop without passing through the login screen. This is helpful if you do not want the user to login again like when you want to transfer his session from one website to prestashop. Step 1 Eliminate the need for password salting. Under config/settings.inc.php, set _COOKIE_KEY_ to blank. Note this also means that you must create a new customer. Or you can delete the old md5 password from DB and add your own. Step 2 In the authentication.php file paste the following lines after line 6: $customer = new Customer(); //$authentication = $customer->getByEmail(trim($email), trim($passwd)); $authentication = $customer->getByMd5(trim($email), trim($passwd)); //modified version of getByEmail if we are not accepting $passwd in cleartext but in md5. /* Handle brute force attacks */ sleep(1); if (!$authentication OR !$customer->id) $errors[] = Tools::displayError('authentication failed'); else { $cookie->id_customer = intval($customer->id); $cookie->customer_lastname = $customer->lastname; $cookie->customer_firstname = $customer->firstname; $cookie->logged = 1; $cookie->passwd = $customer->passwd; $cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') AND (empty($cookie->id_cart) OR Cart::getNbProducts($cookie->id_cart) == 0)) $cookie->id_cart = intval(Cart::lastNoneOrderedCart(intval($customer->id))); Module::hookExec('authentication'); if ($back = Tools::getValue('back')) Tools::redirect($back); //Tools::redirect('my-account.php'); //cut redirection to break infinite loop } The above code is what makes the user login using $email as username and $passwd as password in plaintext. The original code comes from the if (Tools::isSubmit('SubmitLogin')) function inside the authentication.php file. Step 3 Paste the above code in the products.php file just under line 5Step 4 In case you are sending $passwd directly in md5 format, here is the modified version of getByEmail()(customer.php): public function getByMd5($email, $passwd = NULL) { $result = Db::getInstance()->GetRow('SELECT * FROM `'._DB_PREFIX_ .'customer` WHERE `active` = 1 AND `email` = \''.pSQL($email).'\' '.(isset($passwd) ? 'AND `passwd` = \''.pSQL(_COOKIE_KEY_.$passwd).'\'' : '').' AND `deleted` = 0'); if (!$result) return false; $this->id = $result['id_customer']; foreach ($result AS $key => $value) if (key_exists($key, $this)) $this->{$key} = $value; return $this; } You can get access to the username/passwd either through the $_COOKIE[] function or through $_GET[]. Either way its a big security risk. Cookie reading can be placed in the index.php file. Link to comment Share on other sites More sharing options...
tvc Posted January 24, 2019 Share Posted January 24, 2019 How to do this in 1.7 ? Link to comment Share on other sites More sharing options...
apositivo Posted June 11, 2020 Share Posted June 11, 2020 On 1/24/2019 at 11:07 AM, tvc said: How to do this in 1.7 ? any news for 1.7.6.x? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now