OpenCart

Reset OpenCart user password manually (in database)

Today we will see how to reset the OpenCart password (e-commerce system in PHP) manually, directly in the database; generating the hash and the salt manually with a function created by me.

Function that generates salt and new password

Here I leave the code, and the explanation at the end.

<?php
function token($length = 32) {
 // Create random token
 $string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 
 $max = strlen($string) - 1;
 
 $token = '';
 
 for ($i = 0; $i < $length; $i++) {
  $token .= $string[mt_rand(0, $max)];
 } 
 
 return $token;
}

function generar_pass($passTextoPlano){
 $sal = token(9);
 $hash = sha1($sal . sha1($sal . sha1($passTextoPlano)));
 return [
  "sal" => $sal,
  "hash" => $hash,
 ];
}

// Demostrar uso
$datosPass = generar_pass("hunter2");
$pass = $datosPass["hash"]; // Este va en el campo password
$sal = $datosPass["sal"]; // Este va en el campo salt
printf("La sal es %s y la pass es %s", $sal, $pass);

The function returns an array that has the salt and the password, the way to call it is to pass the password in plain text.

Once you have the salt and the password just do an update of your database table.

In my case:

update oc_user set salt = "vpBBLdiEH", password = "993100efe6af8b0f1b5cb6371430f9a43cb83b27" where username = "parzibyte";

My table is called oc_user because when I installed OpenCart I used that prefix, in your case it can vary.

The algorithm and the way that OpenCart uses it

Thanks to OpenCart is open source we can see how it generates the salt and saves the hashes.

In its source code it implements obtaining a cryptographically secure random string and then uses sha1 to hash it, concatenating it with the user’s password.

The generation of the salt is as follows:

Generate salt for opencart password

It uses the function called token defined in helpers/general. php and then calls it, obtaining a random string of 9 digits. Then concatenate it and hash it with SHA1:

Hashed OpenCart password with SHA1

Finally, in the database it saves everything in the user table in the salt and password fields:

Salt location and user password in OpenCart database

Knowing all those things we could write a function that generates the salt and the password to be able to reset the password of a user manually in OpenCart.


I am available for hiring if you need help! I can help you with your project or homework feel free to contact me.
If you liked the post, show your appreciation by sharing it, or making a donation

parzibyte

Freelancer programmer ready to work with you. Web, mobile and desktop applications. PHP, Java, Go, Python, JavaScript, Kotlin and more :) https://parzibyte.me/

Compartir
Publicado por
parzibyte

Entradas recientes

Receipt designer for thermal printers – Free and open source

In the last months I have been working on a ticket designer to print on…

12 months hace

JavaScript: store and read files with the Origin Private File System

In this post you will learn how to use the Origin Private File System with…

1 year hace

JavaScript: download file with fetch

In this post you will learn how to download a file in the background using…

1 year hace

SQLite3 with vanilla JavaScript and OPFS – Hello world

In this post I will show you how to use SQLite3 directly in the web…

1 year hace

Python Thermal Printing: A Comprehensive Guide for Printing on Thermal Printers

In this tutorial, we'll explore how to effortlessly print receipts, invoices, and tickets on a…

1 year hace

Image printing on Thermal printer

When printing receipts on thermal printers (ESC POS) sometimes it is needed to print images…

1 year hace

Esta web usa cookies.