Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This script allows to login to PrestaShop without password. Put it on the root of your shop by FTP then visit the URL http://yourshop/ps_logtoadmin.php
<?php
/**
* 1. Change the password below, it's encoded with m5d https://duckduckgo.com/?q=md5+toto
* 2. Put this file at the root of your shop
* 3. Visit the URL http://yourshop/ps_logtoadmin.php
**/
$auth_pass = "f71dbe52628a3f83a77ab494817525c6"; //toto
// display login screen
if (!isset($_POST['pass'])
|| (md5($_POST['pass']) != $auth_pass)
) {
?><!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<title data-l10n-id="title">Admin login</title>
<link rel="stylesheet" href="http://dhbhdrzi4tiry.cloudfront.net/cdn/sites/foundation.min.css">
</head>
<body>
<br/>
<div class="row">
<div class="medium-12 columns">
<div class="callout alert">
<h5>This form allows to login in administration panel when you forgot your password.</h5>
<p>Don't forget to delete it after use.</p>
</div>
</div>
<form method="post">
<div class="medium-12 columns">
<label for="pass">Password : <input type="password" name="pass" id="pass" autofocus /></label>
</div>
<div class="medium-12 columns">
<input type="submit" value="Send" class="button">
</div>
<div class="medium-12 columns">
<input type="checkbox" name="sucide" id="suicide" checked="checked"/>
<label for="suicide">Delete this file</label>
</div>
</form>
</div>
</body>
</html><?php
exit;
}
// delete this file
if (isset($_POST['sucide'])) {
@unlink(__FILE__);
}
require(dirname(__FILE__).'/config/config.inc.php');
Configuration::set('PS_SHOP_ENABLE', 1);
//include_once(_PS_ROOT_DIR_.'/init.php');
// find admin dir
$files = scandir(_PS_ROOT_DIR_);
foreach ($files as $file) {
if (!in_array($file, array('.', '..'))
&& is_dir(_PS_ROOT_DIR_.DIRECTORY_SEPARATOR.$file)
&& file_exists(_PS_ROOT_DIR_.DIRECTORY_SEPARATOR.$file.DIRECTORY_SEPARATOR.'get-file-admin.php')
) {
$admin_dir = $file;
$admin_path = __PS_BASE_URI__.$file.'/';
break;
}
}
// get an administrator
if (!defined('_PS_ADMIN_PROFILE_')) {
define('_PS_ADMIN_PROFILE_', 1);
}
$employees = Employee::getEmployees();
foreach ($employees as $e) {
$employee = new Employee($e['id_employee']);
if ($employee->id_profile == _PS_ADMIN_PROFILE_) {
break;
}
}
// login
$cookie = new Cookie('psAdmin', $admin_dir);
$cookie->id_employee = $employee->id;
$cookie->lastname = $employee->lastname;
$cookie->firstname = $employee->firstname;
$cookie->email = $employee->email;
$cookie->profile = $employee->id_profile;
$cookie->passwd = $employee->passwd;
if (method_exists('Tools', 'getRemoteAddr')) {
$cookie->remote_addr = ip2long(Tools::getRemoteAddr());
}
$cookie->write();
// redirect to admin
?><!doctype html>
<html>
<meta http-equiv="Refresh" content="0;URL=<?php echo Tools::safeOutput($admin_path, true); ?>">
<head>
<script language="javascript" type="text/javascript">
window.location.replace("<?php echo Tools::safeOutput($admin_path, true); ?>");
</script>
<div style="text-align:center; margin-top:250px;"><a href="<?php echo Tools::safeOutput($admin_path, true); ?>">Click here to launch Administration panel</a></div>
</head>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.