這是如何在不通過登錄屏幕的情況下在prestashop上進行用戶登錄的演練。如果您不希望用戶再次登錄,例如當您想將他的會話從一個網站轉移到prestashop時,這會很有幫助。Noob在Prestashop中登錄用戶的方式
第1步消除密碼salting的需要。在config/settings.inc.php下,將_COOKIE_KEY_設置爲空白。請注意,這也意味着您必須創建一個新客戶。或者您可以從數據庫中刪除舊的md5密碼並添加自己的密碼。
步驟2在authentication.php文件粘貼以下行線路6之後:
$customer = new Customer();
//$authentication = $customer->getByEmail(trim($email), trim($passwd));
$authentication = $customer->getByMd5(trim($email), trim($passwd)); //modified version of getByEmail if we are not accepting $passwd in cleartext but in md5.
/* Handle brute force attacks */
sleep(1);
if (!$authentication OR !$customer->id)
$errors[] = Tools::displayError('authentication failed');
else
{
$cookie->id_customer = intval($customer->id);
$cookie->customer_lastname = $customer->lastname;
$cookie->customer_firstname = $customer->firstname;
$cookie->logged = 1;
$cookie->passwd = $customer->passwd;
$cookie->email = $customer->email;
if (Configuration::get('PS_CART_FOLLOWING') AND (empty($cookie->id_cart) OR Cart::getNbProducts($cookie->id_cart) == 0))
$cookie->id_cart = intval(Cart::lastNoneOrderedCart(intval($customer->id)));
Module::hookExec('authentication');
if ($back = Tools::getValue('back'))
Tools::redirect($back);
//Tools::redirect('my-account.php'); //cut redirection to break infinite loop
}
上面的代碼是什麼使使用$電子郵件作爲用戶名和$用戶登錄passwd作爲明文口令。原始代碼來自authentication.php文件中的if (Tools::isSubmit('SubmitLogin'))
函數。
第3步只是線下5
步驟4在products.php文件上面的代碼粘貼如果您要發送$ passwd文件直接在MD5格式,這裏是getByEmail()(客戶的修改版本。 PHP):
public function getByMd5($email, $passwd = NULL)
{
$result = Db::getInstance()->GetRow('SELECT * FROM `'._DB_PREFIX_ .'customer` WHERE `active` = 1 AND `email` = \''.pSQL($email).'\' '.(isset($passwd) ? 'AND `passwd` = \''.pSQL(_COOKIE_KEY_.$passwd).'\'' : '').' AND `deleted` = 0');
if (!$result)
return false;
$this->id = $result['id_customer'];
foreach ($result AS $key => $value)
if (key_exists($key, $this))
$this->{$key} = $value;
return $this;
}
你可以訪問用戶名/ passwd文件或者通過$ _COOKIE []功能,或通過$ _GET []。無論哪種方式都有很大的安全風險。 Cookie讀取可以放在index.php文件中。