PrestaShop Back Office Lockout: The Ultimate Fix for 'Employee Not Found' Error

PrestaShop Back Office Lockout: A Developer's Guide to Regaining Access

As e-commerce experts at Migrate My Shop, we understand that few things are as frustrating for a store owner or developer as being locked out of their PrestaShop Back Office. It's a critical issue that can halt operations, prevent order processing, and ultimately impact your business. One of the most perplexing errors encountered is the persistent "This employee account does not exist or the password is incorrect" message, even when you're certain your credentials are correct and you have full FTP and database access.

This comprehensive guide, inspired by a real-world scenario from the PrestaShop forums, will walk you through advanced troubleshooting steps and provide a definitive solution to regain control of your PrestaShop store.

The Conundrum: "Employee Not Found" Despite Database & FTP Access

Consider the case of a merchant, sccustom, running a recent PrestaShop version (with Symfony enabled) on Infomaniak hosting. Despite having full FTP and phpMyAdmin access, they were completely locked out of their Back Office. The login page, accessed via a renamed admin folder (a common security practice), loaded correctly, but any login attempt resulted in the dreaded "This employee account does not exist or the password is incorrect" error.

This scenario is particularly challenging because it suggests a deeper issue than a simple forgotten password. The user had already taken several logical and advanced steps:

• Database Verification: Confirmed the employee's existence in the ps_employee table (or oqop_employee, indicating a custom table prefix for enhanced security). The account was marked as active (active = 1) and the email address was correct.
• Password Reset via phpMyAdmin: Attempted to reset the password directly in the database using password_hash('YOURPASSWORD', PASSWORD_BCRYPT). This is the correct hashing method for modern PrestaShop versions (1.7+). They also cleared reset_password_token and reset_password_validity.
• Shop Association Check: Verified or added the employee's link in the ps_employee_shop table, ensuring the employee was associated with the correct shop context.
• Cache Clearing: Emptied the /var/cache/ directory via FTP, a crucial step for many PrestaShop issues.
• Browser & Cookie Checks: Tried multiple browsers and even set PS_COOKIE_CHECKIP to 0 in ps_configuration to rule out IP-related cookie validation issues.
• Symfony Route Errors: Noted Symfony "No route found" errors for old reset URLs, which, while likely normal for deprecated routes, added to the overall sense of system instability.

Despite these exhaustive efforts, the problem persisted, leaving the merchant in a critical state of lockout.

What could cause such a stubborn lockout, bypassing all standard recovery methods? Often, it points to a subtle corruption in session handling, an environmental quirk, or an obscure database inconsistency that prevents the standard login flow from correctly validating credentials, even if the raw data is accurate.

The Breakthrough Solution: Direct Admin Creation Script

The solution, as discovered by sccustom, involved a clever workaround: directly injecting a new, fully functional administrator account into the database using a custom PHP script. This method bypasses the standard login and session validation mechanisms that might be failing, providing a clean slate for access.

Here’s the script and how to use it:

1. Create a PHP File: In the root directory of your PrestaShop installation (where config/ and index.php reside), create a new file named create_admin.php.
2. Insert the Code: Copy and paste the following code into create_admin.php.

firstname = 'New';
$employee->lastname = 'Admin';
$employee->email = 'YOUR_NEW_ADMIN_EMAIL@example.com'; // IMPORTANT: Use a unique email
$employee->passwd = password_hash('YOUR_SECURE_PASSWORD', PASSWORD_BCRYPT); // IMPORTANT: Choose a strong password
$employee->id_profile = 1; // 1 is for SuperAdmin
$employee->id_lang = 1; // Default language (e.g., English)
$employee->active = 1;

if ($employee->add()) {
    echo 'ADMIN CRÉÉ AVEC SUCCÈS'; // ADMIN CREATED SUCCESSFULLY
} else {
    echo 'ERREUR CRÉATION ADMIN'; // ADMIN CREATION ERROR
}
?>

Important Customizations:

• Replace 'YOUR_NEW_ADMIN_EMAIL@example.com' with a unique email address for your new admin.
• Replace 'YOUR_SECURE_PASSWORD' with a strong, complex password.
• id_profile = 1 assigns the SuperAdmin profile, granting full permissions.
• id_lang = 1 sets the default language for the admin interface. Adjust if your primary language is different.

3. Execute the Script: Open your web browser and navigate to https://YOUR_DOMAIN.com/create_admin.php.
4. Verify Creation: You should see the message "ADMIN CRÉÉ AVEC SUCCÈS". If you see an error, double-check your code and PrestaShop installation.
5. Log In: Go to your PrestaShop Back Office login page (e.g., https://YOUR_DOMAIN.com/your-renamed-admin-folder/) and log in with the new email and password you just created.
6. CRITICAL SECURITY STEP: Delete the Script! Immediately after successfully logging in, delete the create_admin.php file from your server via FTP. Leaving it accessible is a severe security vulnerability.

This method works by leveraging PrestaShop's own object model (PrestaShop\PrestaShop\Adapter\Entity\Employee) to create a new employee entry directly into the database, bypassing any front-end or session-related issues that might be preventing existing accounts from logging in.

Preventative Measures & Best Practices

While this solution is a lifesaver, prevention is always better than cure. Here are some best practices to minimize the risk of future lockouts:

• Regular Backups: Implement a robust backup strategy for both your PrestaShop files and database. This is your ultimate safety net.
• Keep PrestaShop Updated: Ensure your PrestaShop core and modules are always up-to-date. Updates often include security patches and bug fixes that can prevent such issues.
• Monitor Server Logs: Regularly check your server's error logs (Apache, Nginx, PHP-FPM) for any unusual activity or errors that might precede a lockout.
• Strong Passwords & Two-Factor Authentication (2FA): Use strong, unique passwords for all admin accounts and enable 2FA if your PrestaShop version or modules support it.
• Limit Admin Access: Only grant Back Office access to trusted personnel and assign appropriate profiles (e.g., Translator, Logistics, etc.) rather than SuperAdmin unless absolutely necessary.
• Understand Database Structure: Familiarize yourself with key PrestaShop database tables like ps_employee, ps_profile, ps_employee_shop, and ps_configuration.
• Secure Your Admin Folder: Renaming your admin folder, as sccustom did, is a good first step. Consider additional protections like IP restrictions or HTTP authentication.

Being locked out of your PrestaShop Back Office can be a daunting experience, but with the right knowledge and tools, it's a solvable problem. The direct admin creation script is a powerful last resort when standard troubleshooting fails. Remember to prioritize security by deleting the script immediately after use and always maintain regular backups.

At Migrate My Shop, we specialize in ensuring your PrestaShop store runs smoothly, from complex migrations to resolving critical development and integration challenges. If you encounter persistent issues or need expert assistance, don't hesitate to reach out to our team of PrestaShop specialists.