Warning: You are browsing the documentation for PrestaShop 1.7, which is outdated.
You might want to read an updated version of this page for the current version, PrestaShop 8. Read the updated version of this page
Three types of users can be authenticated on PrestaShop:
Front-Office users and Back office users have access to a login form, where they must input email and password.
API consumers are authenticated using an API key.
Upon successfull verification of email and password, browser users are logged in through the creation of a Cookie in Context::updateCustomer()
.
Multiple hooks allow modules to interact with the authentication process, at different steps. Examples: actionAuthenticationBefore
, actionAuthentication
…
Front-Office users have all the same level of authorization, which grants them access to their My Account area on the Front-Office.
Back-Office users permissions can be customized from the Back-Office to allow different kind of accesses.
Sometimes, it is necessary to be able to identify a browser user without logging. The User property secure_key
serves this purpose. It is, for example, used to secure the “reset password” link sent by email when user has forgotten its password.
This secure_key
property is stored in the User SQL table and in the user Carts data.