Skip to content

Instantly share code, notes, and snippets.

@Shagshag
Last active November 18, 2018 21:21
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save Shagshag/8939db3e40febb2a3f68 to your computer and use it in GitHub Desktop.
This script allows to login to PrestaShop without password. Put it on the root of your shop by FTP then visit the URL http://yourshop/ps_logtoadmin.php
<?php
/**
* 1. Change the password below, it's encoded with m5d https://duckduckgo.com/?q=md5+toto
* 2. Put this file at the root of your shop
* 3. Visit the URL http://yourshop/ps_logtoadmin.php
**/
$auth_pass = "f71dbe52628a3f83a77ab494817525c6"; //toto
// display login screen
if (!isset($_POST['pass'])
|| (md5($_POST['pass']) != $auth_pass)
) {
?><!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<title data-l10n-id="title">Admin login</title>
<link rel="stylesheet" href="http://dhbhdrzi4tiry.cloudfront.net/cdn/sites/foundation.min.css">
</head>
<body>
<br/>
<div class="row">
<div class="medium-12 columns">
<div class="callout alert">
<h5>This form allows to login in administration panel when you forgot your password.</h5>
<p>Don't forget to delete it after use.</p>
</div>
</div>
<form method="post">
<div class="medium-12 columns">
<label for="pass">Password : <input type="password" name="pass" id="pass" autofocus /></label>
</div>
<div class="medium-12 columns">
<input type="submit" value="Send" class="button">
</div>
<div class="medium-12 columns">
<input type="checkbox" name="sucide" id="suicide" checked="checked"/>
<label for="suicide">Delete this file</label>
</div>
</form>
</div>
</body>
</html><?php
exit;
}
// delete this file
if (isset($_POST['sucide'])) {
@unlink(__FILE__);
}
require(dirname(__FILE__).'/config/config.inc.php');
Configuration::set('PS_SHOP_ENABLE', 1);
//include_once(_PS_ROOT_DIR_.'/init.php');
// find admin dir
$files = scandir(_PS_ROOT_DIR_);
foreach ($files as $file) {
if (!in_array($file, array('.', '..'))
&& is_dir(_PS_ROOT_DIR_.DIRECTORY_SEPARATOR.$file)
&& file_exists(_PS_ROOT_DIR_.DIRECTORY_SEPARATOR.$file.DIRECTORY_SEPARATOR.'get-file-admin.php')
) {
$admin_dir = $file;
$admin_path = __PS_BASE_URI__.$file.'/';
break;
}
}
// get an administrator
if (!defined('_PS_ADMIN_PROFILE_')) {
define('_PS_ADMIN_PROFILE_', 1);
}
$employees = Employee::getEmployees();
foreach ($employees as $e) {
$employee = new Employee($e['id_employee']);
if ($employee->id_profile == _PS_ADMIN_PROFILE_) {
break;
}
}
// login
$cookie = new Cookie('psAdmin', $admin_dir);
$cookie->id_employee = $employee->id;
$cookie->lastname = $employee->lastname;
$cookie->firstname = $employee->firstname;
$cookie->email = $employee->email;
$cookie->profile = $employee->id_profile;
$cookie->passwd = $employee->passwd;
if (method_exists('Tools', 'getRemoteAddr')) {
$cookie->remote_addr = ip2long(Tools::getRemoteAddr());
}
$cookie->write();
// redirect to admin
?><!doctype html>
<html>
<meta http-equiv="Refresh" content="0;URL=<?php echo Tools::safeOutput($admin_path, true); ?>">
<head>
<script language="javascript" type="text/javascript">
window.location.replace("<?php echo Tools::safeOutput($admin_path, true); ?>");
</script>
<div style="text-align:center; margin-top:250px;"><a href="<?php echo Tools::safeOutput($admin_path, true); ?>">Click here to launch Administration panel</a></div>
</head>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment