Password reset failed

[duckling]

Hi,

 

I have just started up a new shop and made a password reset to my admin account. However, the password email does not work, so I cannot reach my admin account again for the BO. No email is sent with the necessary info.

 

So, what do I do to reset that password by force?

Can I go in and do something in the DB (remove the user etc)?

 

Cheers,

 

Bjorn

[duckling]

I can see now that there is an error message:

"Warning: mail(): Bad parameters to mail() function, mail not sent. in /hsphere/local/home/_myshop_details/tools/swift/Swift/Plugin/MailSend.php on line 160"

This was received when I tried to get a new password.

 

This is strange as I have tested and used the mail function, so it has worked before. If we can fix this, then I can of course retrieve a password..

[PrestaHeroes USA]

This may help: http://forge.prestashop.com/browse/PSCFI-3590

[bellini13]

elpatron, nice find in bug tracker, but i think it may be slightly different. in the bug tracker, the email worked properly and the warning was just a false positive.

 

in this case the user stated that the email is not working, since it is not being received.

 

@duckling, do you have coding experience? if so, i would add some debug statements in the MailSend code and track what parameters are being passed to the function. you might find that something odd is being passed in.

[duckling]

@bellini13: That might be a good idea, but I would need some guidance as to what kind of debug code should be added - I can certainly go in and modify the code as long as I know what you suggest.

 

I guess I could set something up so that the paramters you are thinking of are given in a prompt/dialogue?

 

Strange this really... I had a bit of a hurry and just assumed that the password reset function would work as it should - otherwise I would have looked harder for my note with the password........

[duckling]

Another Q: What happens if I just remove the user from the DB directly?

[bellini13]

since this is the admin account, you don't want to remove it manually from the database.

 

the password reset functionality is in the admin/password.php file, around line 64 you will see

$pwd = Tools::passwdGen();
$employee->passwd = md5(pSQL(_COOKIE_KEY_.$pwd));
$employee->last_passwd_gen = date('Y-m-d H:i:s', time());
$result = $employee->update();

 

this code is creating a new password for your employee, encrypting it and then storing it in the database. if your goal is to get the password so you can atleast log into the back office, then add the following into the right after that last line

 

error_log('password is: '.$pwd);

 

so it looks like this

$pwd = Tools::passwdGen();
$employee->passwd = md5(pSQL(_COOKIE_KEY_.$pwd));
$employee->last_passwd_gen = date('Y-m-d H:i:s', time());
$result = $employee->update();
error_log('value is: '.$pwd);

 

this will cause the password to be written to a php error log. typically the error log will be located in the admin folder. after doing this look for a file called error_log in the admin folder.

 

make sure you remember to remove that line when you are finished.

[duckling]

HI Bellini13,

 

That code did not generate that error log, so I guess it was not exectuted, or possibly it ends up somewhere else, but I could not find it.

 

What do you think?

 

Cheers!

[bellini13]

you can try this approach instead. replace /var/tmp with a valid directory on your host.

 

error_log('value is: '.$pwd, 3, "/var/tmp/my-errors.log"

[duckling]

No, that did not help either... I think that line is not executed. Something goes bad before that...

[duckling]

OK, No further suggestions - Reinstall the whole thing maybe ;-)

 

It is strange that such a critical function does not work better. There also does not seem to be a way around this?