Jump to content

Edit History

friendofprestashop

friendofprestashop


Mentioning multishop

I also had this error on Prestashop 8.2.1

The installation had Multishop enabled and the error showed up in only one of three shops.

Instead of commenting out the whole check, i inserted some echo lines to see the values that were used, this one being the crucial one:

private function update(Customer $customer, $clearTextPassword, $newPassword, $passwordRequired = true)
    {
        if (!$customer->is_guest && $passwordRequired && !$this->crypto->checkHash(
            $clearTextPassword,
            $customer->passwd,
            _COOKIE_KEY_
        )) {
            // next line only for testing, show customer id on page
            echo("\$customer->id: $customer->id<br>");
            $msg = $this->translator->trans(
                'Invalid email/password combination',
                [],
                'Shop.Notifications.Error'
            );
            $this->errors['email'][] = $msg;
            $this->errors['password'][] = $msg;

            return false;
        }

And it turned out the shown customer id was not null or something to expect for a new customer object (i don't know Prestashop internals), but the id of an already existing customer. So the "checkHash" function was comparing the password of an already existing user with the password entered in the registration form, which fails.

The "solution" was to delete the browser cookies for the domain of the shop. After doing that registration did work.

I guess there was some old session data in the cookies and somehow Prestashop used it (which i think it should not).

Maybe this is a symptom of a bug?

I also had this error on Prestashop 8.2.1

Instead of commenting out the whole check, i inserted some echo lines to see the values that were used, this one being the crucial one:

private function update(Customer $customer, $clearTextPassword, $newPassword, $passwordRequired = true)
    {
        if (!$customer->is_guest && $passwordRequired && !$this->crypto->checkHash(
            $clearTextPassword,
            $customer->passwd,
            _COOKIE_KEY_
        )) {
            // next line only for testing, show customer id on page
            echo("\$customer->id: $customer->id<br>");
            $msg = $this->translator->trans(
                'Invalid email/password combination',
                [],
                'Shop.Notifications.Error'
            );
            $this->errors['email'][] = $msg;
            $this->errors['password'][] = $msg;

            return false;
        }

And it turned out the shown customer id was not null or something to expect for a new customer object (i don't know Prestashop internals), but the id of an already existing customer. So the "checkHash" function was comparing the password of an already existing user with the password entered in the registration form, which fails.

The "solution" was to delete the browser cookies for the domain of the shop. After doing that registration did work.

I guess there was some old session data in the cookies and somehow Prestashop used it (which i think it should not).

Maybe this is a symptom of a bug?

×
×
  • Create New...