Tips & Tricks: recover Smartstore Admin access
Thursday, July 22, 2021

Tips & Tricks: recover Smartstore Admin access

A customer writes:

I suddenly have no access to my store as an administrator with my mail address. If I want to request a new Password request, Smartstore shows me that my mail address is not registered.

Answer: You can help yourself by setting the encrypted password entries in the store database for your admin account to zero values and entering a temporary password in plain text.

Prerequisite: You have access to the shop database via an SQL program, such as the free "Microsoft SQL Server Management Studio".

In addition, you should have experience in changing records and configuration files. If you do not feel confident doing this, you should hire a technician.

As always, it is recommended to perform a complete backup of the database and store files before you start making any serious changes begin. Many hosters already offer backups automatically.

The steps in detail:

The first thing you need to do is enter the store database credentials, you can get them from your web host or you can find them in the Admin Panel of your web host under "Database" or similar.

When you are successfully connected to your store database in SQL Studio, open in the Object Explorer - the window on the left side - the "dbo.Customer" table. In it, all customers/users and also you as admin are listed with your credentials.

Right-click dbo.Customer in the Object Explorer. A context menu will appear, select "Top. Edit 200 rows." After some time, you will see your customer table in an Excel-like editing window.

You are now looking for your user, usually this is the first row of the customer table.

Now it gets technical, and you need to be absolutely precise about it.

  • In the dbo.Customer table, delete the values for your admin user for PasswordSalt by typing in the word "NULL".
    If you did this correctly, NULL will be written in slanted font afterwards! (Because you don't want to store the word "NULL", but the database null value. NULL in slanted font means that the value for PasswordSalt is is unknown or missing).
  • In Password enter a temporary secret password, e.g. testuser.
  • Further, change the value in PasswordFormatId to the digit "0" (zero).

Confirm these inputs on the line with the RETURN key, so that these changes are really written into the database.

To be on the safe side, you need to verify that the "Microsoft SQL Server Management Studio" has really applied your changes.
Go to the dbo.Customer table again and right-click on the context menu and select "Select the first 1000 rows to select."

Does everything look correct? If not, you need to repeat the above process.

You see: With these steps you have taken your password out of the encryption and stored a new password in the table in plaintext. "testuser" is now your new temporary password.

Storing it in plaintext is obviously not a permanent solution and completely insecure.You should immediately log in with your temporary access in Smartstore and set a new password here. You can do this in the normal customer menu in your store.

The advantage: the password you set in the customer menu is automatically re-encrypted (without further technical intervention on your part) and also "salted" in the database, as it corresponds to the state of the art and should be in your webshop should be set.

You can check this by calling the first rows of the user table dbo.Customer in SQL Studio again after all this.

In my local smartstore installation on my PC it looks like this: The secret password set in the customer menu is encrypted, the passwordFormatId is set from 0 to 1 and thus the encryption is active, and the passwordSalt is changed from the "NULL" value to a random value. So everything is as it should be.

Leave your comment