PrestaShop1.6 / PrestaShop1.

6documentation / Englishdocumentation

SystemAdministratorGuide
CreadoporXavierBorderie,modificadoporltimavezporAlexandraEvenelmar17,2015

SystemAdministratorGuide
PHPconfiguration
Manipulatingphp.ini
Requiredsettings
Recommendedsettings
MySQLconfiguration
OneMySQLuserperwebapplication
Basicauthenticationestablishment(.htaccess)
MakingyourPrestaShopinstallmoresecure
Updates
Finetuning&performances
config.inc.phpfile
defines.inc.phpfile
smarty.config.inc.phpfile
ImprovingPrestaShop'sperformances
ImprovingPHPperformance
ImprovingMySQLperformance
Misc.improvements
NginxfriendlyURLs
Miscellaneous
ThePrestaShopfilestructure
MovingPrestaShop

SystemAdministratorGuide
ThisguidewillhelpyouconfigureabetterandsaferWebserver.
Oncethisisdone,youwillbereadytoinstallPrestaShop,usingourGettingStartedguide:
http://doc.prestashop.com/display/PS16/Getting+Started.

PHPconfiguration
Manipulatingphp.ini
Manyoftheadvicesinthisguiderequireyoutoeditthephp.inifile,foundinyourserver'sPHPinstallfolder(notinPrestaShop's
folder).
Notallhostswillallowyoutoeditorevenaccessthisfile,socontactyourhostifyoucannotaccessit.
Forinstance,youprobablywon'thaveaccesstophp.inionasharedhosting.Ifyourhostdoesn'tprovidetherequiredconfigurationby
defaultandyoucannottouchphp.ini,thenyoushouldeithermovetoadedicatedhosting,orchangetoamorepermissivehost.
Still,editingphp.iniremainsatechnicalandadvancedaction.Ifyourshopdoescurrentlyworkwell,there'snoneedforyoutotouch
thatfile,letalonechangehost.
EditingthePHPconfigurationrequiresyoutochangesomevaluesinthephp.inifile,mostofthetimefrom"On"to"Off"orviceversa.
Thefilecontainsalotofdocumentationforeachline:besuretoreadtheonespertainingtoyourchanges,inordertobetterunderstand
them.Becarefulofwhatyouedit,asthishasadirectimpactonthewayPHPruns,andthereforeonyourserversstabilityandeven
security.

Requiredsettings
InorderforPrestaShop1.6.xtorunproperly,yourPHPinstallationmustfeaturethefollowingsettingsandlibraries:
MySQL(orPerconaServer,see"ImprovingPrestaShop'sperformances"sectionbelow).
GDlibrary.
Domextension.
allow_url_fopen.
TheMySQLextensionenablestoaccessyourdata.PrestaShopsimplycannotworkwithoutit.
YoucanalsousethedropinreplacementPerconaServer,whichoffersbetterperformancethanthestandardMySQLserver.

TheGDlibraryenablesPHPtodynamicallymanipulateimages.PrestaShopusesittoresizeandreworktheimagefilesthatare
uploaded(watermarking,trimming,etc.).Withoutimages,anonlineshoplosesmostofitsinterest,somakesurethatGDisenabled!
TheDomextensionenablestoparseXMLdocuments.PrestaShopusesforvariousfunctionalities,liketheStoreLocator.Itisalsoused
bysomemodules,aswellasthepear_xml_parserlibrary.
Theallow_url_fopendirectiveenablesmodulestoaccessremotefiles,whichisanessentialpartofthepaymentprocess,among
othersthings.ItisthereforeimperativetohaveitsettoON.
Inshort,itisimperativetohavethefollowingdirectivessettotheindicatedvalues:

extension=php_mysql.dll
extension=php_gd2.dll
allow_url_fopen=On

Recommendedsettings
YourPHPinstallationshouldfeaturethefollowingsettingsandlibraries,forbestexperience:
GZIPsupport.
Mcryptlibrary.
register_globalsdisabled.
magic_quotesdisabled.
allow_url_includedisabled.
Safemodedisabled.
HavingGZipsupportenablesthewebservertopackwebpages,imagesandscriptsbeforesendingthemtothebrowser.Thismakes
navigatingtheshopfaster,andthereforeamoreagreeableexperience.
TheMcryptprovidesPHPwithahardenedsecuritylayer,whichenablestheuseofmorehashingandcryptographyalgorithms.
Theregister_globalsdirective,whenenabled,definesallenvironmentvariables(GET,POST,COOKIE,SERVER...)asglobal
variables.Itisunsafetouseunsetvariables,becauseausercouldeasilysetavalueintothisvariablebyusingtheGETmethod,for
example.Itisthereforeimperativetosetregister_globalstoOFF.
Themagic_quotesdirectiveautomaticallyescapes(or"addsantislashes",seehttp://php.net/manual/en/function.addslashes.php)toall
specialcharactersequences(',",\,NULL)forallenvironmentvariables(GET,POST,COOKIE,SERVER...).Thisoptionmustbeset
toOFFbecauseitwilladdslasheachvariableevenifitdoesnotneedtobeaddslashed.Moreover,someWebapplicationsoverlook
thisoption,sosomevariablescouldbeaddslashedtwice,resultingincorrupteddata.
Theallow_url_includedirectiveisusedtoallowtoincludeanyfileviatherequireandincludestatements,evenifitdoesnot
comefromyourWebserver.ThisoptionmustbesettoOFF,becauseifoneapplicationonyourwebserversuffersof"include
vulnerability",userswillbeabletoincludeanyfilefromanyserverandthosewillbeexecutedonyourownserver.
PHP'sSafeModeisdeprecatedinthelatestversionofPHP,andshouldnotbeusedanymore.ForPrestaShopinparticular,
havingtheSafeModeenabledcanrenderyourpaymentmodulesuseless.
Inshort,itishighlyrecommendedtohavethefollowingdirectivessettotheindicatedvalues:

register_globals=Off
magic_quotes_gpc=Off
allow_url_include=Off
safe_mode=Off
safe_mode_gid=Off

MySQLconfiguration
MySQLoftenhasanadministratoraccountasdefault("root","admin",...),whichgivesaccesstoallofthedatabases'content,no
matterwhothedatabaseismanagedby.Theadministratorhasalltherights,andcandoeverypossibleaction.Youthereforeneedto
safekeepyourdatabases,soastopreventyourwebapplicationsfromsuccumbingtoSQLinjections(whichcanhappenwhenauser
succeedsinobtainingtheadminpassword,readhttp://en.wikipedia.org/wiki/SQL_injection).

IfyoujustinstalledMySQL,doaddapasswordfortherootaccount,whichhasnopasswordasdefault.

OneMySQLuserperwebapplication
Eachtimeyouinstallanewwebapplicationonyourserver,youmustcreateanewMySQLuserwhenjustthenecessaryrightsto
handlethatapplication'sdata.DoNOTusethesameusernametohandlethedatabasesforallofyourinstalledwebapplications.

Thus,ifyouhaveaccesstoamasterMySQLaccountthatcancreateotherusers,here'showyoucoulddoitusingthecommandline:

mysqluUSERNAMEpPASSWORD
YoucouldalsousethefollowingSQLquery:

mysql>USEmysql;
mysql>CREATEUSER'username'@'servername'IDENTIFIEDBY'new_password';
NotethatyourhostmightgiveyouaccesstoanonlinetooltodoMySQLadministrationtasksmoreeasily,suchascPanel.Dousethat,
sinceyouprobablywon'thaveaccesstothecommandlineinthatcase.
Nowwehaveausernamewithjustenoughrightstoconnecttothelocaldatabase.
Weneedtoallowthisusertousethe'prestashop'database,andconfigurehisrightsatthesametime.HereisatemplatefortheSQL
querytodothat:

mysql>GRANTSELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER
>ON'prestashop'.*TO'new_user'@'localhost';
mysql>FLUSHPRIVILEGES;
Wenowhaveoneuserjustforour'prestashop'database.Remembertodothisforeachnewwebapplicationyouaddtoyourserver.
YoucannowinstallPrestaShopsafely.

Basicauthenticationestablishment(.htaccess)
InordertobetterprotectyourPrestaShopinstall,weneedtoestablishabasicauthenticationontheadmindirectory.
Oneoftheaimsofthe.htaccessfileistoprotectyourfoldersandallitssubfolders(readhttp://en.wikipedia.org/wiki/Htaccess).Itonly
worksonApacheservers,andafewothers.MakesureyourwebserverisApachebeforecreatinga.htaccessfile.
Toachievebasicauthenticationonyouradminfolder,weneedtoadda.htaccessfileinthatfolder(forinstance,
/var/www/prestashop/admin):

AuthUserFile/var/www/.prestashop_admin
AuthName"PrestashopAdminAccess"
AuthTypeBasic
Requirevaliduser
OptionsIndexes
Explanation:
AuthUserFile:Showsthepathtothefilecontainingallowedusersandtheirpasswords..prestashop_adminisatextfile.
AuthName:Definesthemessagetoshowwhentheauthenticationwindowpopsup.
AuthType:Definestheauthenticationtype.
Require:Requiresuserstologininordertoaccessthecontent.validuserenablesmultipleuserstoconnectandaccessthe
folder.
Options:Definesthefolder'soptions.Indexesdisablesautomaticgenerationofadirectoryindexifnoindexfileisavailable.
Hereisasamplecontentforthe.prestashop_adminfile,withaloginandapassword:

login1:$apr1$/wJeliK8$e9OzgRaVL8J8wSsFBXjor1
login2:$apr1$yV65Kqqz$cFt3sV2.Q7hhLRRUJDo5a/
Thisfilecontainsloginsandhashedpasswordwhoareallowedtoaccesstothefolder.
Tohashpassword,youcanusea.htpasswdfilegenerator:http://aspirine.org/htpasswd_en.html.
Itisstronglyrecommendedtoputthisfileintoadirectorythatisinaccessibletoyourwebapplications,sobeforethe/openbase_dir
folder.Itprevents.htpasswdfileinjection,incaseoneofyourswebapplicationsisvulnerable.
ItisalsopossibletoperformIPanddomainrestrictionsusingyour.htaccessfile:

OrderAllow,Deny
Denyfromall
Allowfrom.myprestashop.com
Allowfrom127.0.0.1
However,youshouldnotputthiskindofdirective:

<LIMITGETPOST>
Requirevaliduser
</LIMIT>

MakingyourPrestaShopinstallmoresecure
Therecommendationsbelowaresortedbyorderofimportance:
1. Secureyourbackoffice
a. Renameyour/adminfolderafterthePrestaShopinstallation.Thisisamust,andyouactuallycannotaccessyour
PrestaShopadministrationifyouhaven'tperformedthatchange.Makesuretopickareallyuniquename,ideallyamixof
letterandnumber,suchas"my4dm1n".
b. Protectyouradminfolderwiththe.htaccessand.htpasswdfiles,oraskyourwebhosttodoitforyou.
c. Donotletyourbrowserkeeptracesofyourpassword(cookieoranyotherhelper).
d. Pickacomplexpassword,bymixingletters,numbersandevenpunctuationmarks,suchas"5r3XaDR#".Youcanand
shoulduseapasswordgenerator,suchasSymantec's(http://www.pctools.com/guides/password/)orGRC's
(https://www.grc.com/passwords.htm).

Saferthanapassword:youcanuseapassphrase.Notonlyisapassphraseeasiertoremember,butitisalso
muchhardertocrack,evenwhenthehackerisusingautomatictools(bruteforceattackordictionaryattack).
Apassphraseonlyneedstobelongandeasytorememberforyou.Anypopularsayingshoulddo("DontThrow
theBabyOutwiththeBathwater"),butanabsurdphrasewillhaveevenlessriskofbeingdiscoveredbyahacker.
Forinstance,"Manyrecklessdriversconfusetractorwithrecordsleeves".
Therearesomegoodpassphrasegeneratorsonline,whichhelpyougetauniquephraseforyouonly.For
instance:http://passphra.se/orhttp://www.fourmilab.ch/javascrypt/pass_phrase.html.
PrestaShop'spasswordsarenotlimitedineithernumberofcharactersortypesofcharacters.

2. SecuringyourPHPinstallation
a. SeetherequiredandrecommendedPHPsettings,atthebeginningofthisveryguide.
3. Alwaysdeletethe/installfolderafterhavinginstalledorupdatedPrestaShop
4. Alwaysdeleteuselessfilesfromproductionserver:
a. Allreadme_xx.txtfiles.
b. TheCHANGELOGfile.
c. The/docsfolder.
5. Forbidaccesstoyourtheme'sfiles/templates,usinga.htaccessfilewiththefollowingcontent:

<FilesMatch"\.tpl$">
orderdeny,allow
denyfromall
</FilesMatch>

Updates
Yourapplications'PHPcodeistheonlyvulnerablepathtoyourserver.Itisthereforestronglyrecommendedtoalwaysupdateyour
server'sapplications:PHP,MySQL,Apacheandanyotherapplicationonwhichyourwebsiteruns.

Finetuning&performances
Thissectionwillhelpyoubetterunderstandconfigurationvariablesthanarenothandledusingthebackoffice,butdirectlyin
configurationfiles.
TherearefourconfigurationfilesinPrestaShop,allinthe/configfolder:
config.inc.php:coreconfigurationfileforPrestaShop.

defines.inc.php:containsallofPrestaShopconstantvalues.Previouslydefinedinsettings.inc.php.
settings.inc.php:containstheaccessinformationtothedatabase,aswellasthePrestaShopversionnumber.
smarty.config.inc.php:containsallconfigurationsettingspertainingtoSmarty,thetemplate/themeengineusedby
PrestaShop.

config.inc.phpfile
MostofthevariablesinthisfilearesetduringPrestaShop'sinstallation,andshouldnotbeeditedmanually.Changethisfileatyourown
risk.

defines.inc.phpfile
Inproductionmode,makesurethatdefine('_PS_MODE_DEV_',false);isindeedsettofalse.
InordertoputPrestaShopintodebug/testmode,andthustraceerrorsandmistakemoreeasily,setdefine('_PS_MODE_DEV_',
false);fromfalsetotrue.
Youcanalsoenablethecodeprofilingtool,whichdisplaysalotofinformationatthebottomofeverypage:setthe
define('_PS_DEBUG_PROFILING_',false);linetotrue,thenopenfrontofficeorbackofficepage.Atthebottomofit,youwillfinda
summaryofthepageloadingperformances.Notethatyoushouldreallydisableyourstore,sothatvisitorscannotseethisinformation.
Amongotherconstantvalues,thisfilecontainsthelocationforallfilesandfolders.Ifyouneedthesechanged,donotforgettokeepthe
originalathand,incaseyouwishtogobacktotheoriginalpath.

smarty.config.inc.phpfile
$smarty>caching=false;:Smarty'scachesystemmustbedisabledbecauseitisnotcompatiblewithPrestaShop.
IMPORTANT:inproductionmode,$smarty>force_compilemustbesetto"false",asitwillgivea30%improvementonpage
loadtime.Ontheotherhand,wheneditinga.tplfile,youwillhavetodeletethecontentofthe/tools/smarty/compilefolder
(exceptindex.php)inordertoseethechangeslive.Notethatthissettingcanalsobedoneinthebackoffice,inthe"Advanced
parameters">"Performance"page,inthe"Smarty"section.
$smarty>compile_checkshouldbeleftto"false".
$smarty>debugginggivesyouaccesstoSmarty'sdebugginginformationwhenyourpagesaredisplayed.

ImprovingPrestaShop'sperformances
HereareafewtipsthatshouldenableyoutooptimizePrestaShop.

ImprovingPHPperformance
Wheneverpossible,useanopcodecache(oraskyourwebhosttoinstalloneforyou),inordertoalleviatetheserver'sprocessingload.
Opcodemeans"operationcode",anddefinesthecompiledstateofthedynamicfiles,whichcanthenbeprocessedfaster.
PrestaShopiscompatiblewitheAccelerator(http://eaccelerator.net/)aswellasthenewOPcachefeaturefromPHP5.5.0:
http://www.php.net/manual/en/intro.opcache.php.

ImprovingMySQLperformance
EnableMySQL'scache(oraskyourwebhosttodoitforyou),andgiveitahighvalue(forinstance,256M).
Wheneverpossible,usetheMySQLdropinreplacementPerconaServer(http://www.percona.com/software/perconaserver),
whichprovidessignificantimprovementsoverthestandardMySQLserverthankstoitsXtraDBdatabaseengine.
Seethispageforaperformancecomparison:http://www.percona.com/doc/perconaserver/5.5/feature_comparison.html

Misc.improvements
Ifpossible,splityourstaticelementsbetweendifferentdomainsandsubdomains,inordertogetparallelHTTPconnections.Toput
thatinplace,openthe/config/defines.inc.phpfileandaddtheselines(adaptedtoyourneeds):

if($_SERVER['REMOTE_ADDR']!='127.0.0.1')
{
define('_THEME_IMG_DIR_','http://img2.xxx.com/');
define('_THEME_CSS_DIR_','http://css.xxx.com/');
define('_THEME_JS_DIR_','http://js.xxx.com/');
define('_THEME_CAT_DIR_','http://img1.xxx.com/c/');
define('_THEME_PROD_DIR_','http://img1.xxx.com/p/');
define('_THEME_MANU_DIR_','http://img1.xxx.com/m/');
define('_PS_IMG_','http://img1.xxx.com/');
define('_PS_ADMIN_IMG_','http://img1.xxx.com/admin/');
}else{
define('_THEME_IMG_DIR_',_THEMES_DIR_._THEME_NAME_.'/img/');
define('_THEME_CSS_DIR_',_THEMES_DIR_._THEME_NAME_.'/css/');
define('_THEME_JS_DIR_',_THEMES_DIR_._THEME_NAME_.'/js/');
define('_THEME_CAT_DIR_',__PS_BASE_URI__.'img/c/');
define('_THEME_PROD_DIR_',__PS_BASE_URI__.'img/p/');
define('_THEME_MANU_DIR_',__PS_BASE_URI__.'img/m/');
define('_PS_IMG_',__PS_BASE_URI__.'img/');
define('_PS_ADMIN_IMG_',_PS_IMG_.'admin/');
}
Alistoftips&tricksisalsoavailableonoursite:
TipsforOptimization:http://www.prestashop.com/en/toptips
10BestTipstospeedupyourPrestaShopstore:http://www.prestashop.com/blog/en/10besttipstospeedupyourprestashop
store3/

NginxfriendlyURLs
MostoftheserverinstructionsinthispagepertaintotheApachewebserver.ButsomeofyoumightprefertorelyontheNginxweb
server.PrestaShopworkswellwithNginx,butisnotabletogeneratethecorrectredirectionrulesforitsFriendlyURLs.
Herearethedirectionyoushouldputinyournginx.conffileinordertomakefriendlyURLswork:

location/PRESTASHOP_FOLDER/{
index/PRESTASHOP_FOLDER/index.php;

rewrite^/PRESTASHOP_FOLDER/api/?(.*)$/PRESTASHOP_FOLDER/webservice/dispatcher.php?url=$1last;
rewrite^/PRESTASHOP_FOLDER/([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/PRESTASHOP_FOLDER/img/p/$1
rewrite^/PRESTASHOP_FOLDER/([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/PRESTASHOP_FOLDER/img/p/$
rewrite^/PRESTASHOP_FOLDER/([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/PRESTASHOP_FOLDER/
rewrite^/PRESTASHOP_FOLDER/([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/PRESTASHOP_
rewrite^/PRESTASHOP_FOLDER/([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/PRES
rewrite^/PRESTASHOP_FOLDER/([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg
rewrite^/PRESTASHOP_FOLDER/([09])([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([0
rewrite^/PRESTASHOP_FOLDER/([09])([09])([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([
rewrite^/PRESTASHOP_FOLDER/c/([09]+)([_azAZ09]*)([09]+)?/.+\.jpg$/PRESTASHOP_FOLDER/img/c/$
rewrite^/PRESTASHOP_FOLDER/c/([azAZ]+)([09]+)?/.+\.jpg$/PRESTASHOP_FOLDER/img/c/$1.jpglast;
rewrite^/PRESTASHOP_FOLDER/([09]+)([_azAZ09]*)([09]+)?/.+\.jpg$/PRESTASHOP_FOLDER/img/c/$1
try_files$uri$uri//PRESTASHOP_FOLDER/index.php?$args;
}

Notethatthisexampleuses/PRESTASHOP_FOLDER/asthemarkerforPrestaShopfolder.Youmustreplaceallinstancesof
/PRESTASHOP_FOLDER/bythecorrectpathtoyourinstallationofPrestaShop.
Forinstance,ifPrestaShopisattherootofyourofyourserver,replace/PRESTASHOP_FOLDER/withsimply/:

location/{
index/index.php;

rewrite^/api/?(.*)$/webservice/dispatcher.php?url=$1last;
rewrite^/([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$1$2.jpglast;
rewrite^/([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$1$2$3.jpglast;
rewrite^/([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$1$2$3$4.jpglast;
rewrite^/([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$4/$1$2$
rewrite^/([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$
rewrite^/([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$
rewrite^/([09])([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$
rewrite^/([09])([09])([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/i
rewrite^/c/([09]+)([_azAZ09]*)([09]+)?/.+\.jpg$/img/c/$1$2.jpglast;
rewrite^/c/([azAZ]+)([09]+)?/.+\.jpg$/img/c/$1.jpglast;
rewrite^/([09]+)([_azAZ09]*)([09]+)?/.+\.jpg$/img/c/$1$2.jpglast;
try_files$uri$uri//index.php?$args;
}

IfyourinstallationofPrestaShopisusingthemultistoremode,youneedtoaddafewlinesforeachstore.Forinstance,ifoneofyour
storesiscalled"hightech":

location/PRESTASHOP_FOLDER/hightech/{
rewrite^/PRESTASHOP_FOLDER/hightech/(.*)$/PRESTASHOP_FOLDER/$1last;
try_files$uri$uri//PRESTASHOP_FOLDER/index.php?$args;
}

Miscellaneous
ThePrestaShopfilestructure
ThePrestaShopdevelopershavedonetheirbesttoclearlyandintuitivelyseparatethevariouspartsofthesoftware.
Hereishowthefilesareorganized:
/admin:containsallthePrestaShopfilespertainingtothebackoffice.Whenaccessingthisfolderwithyourbrowser,youwillbe
askedtoprovideproperidentification,forsecurityreasons.Important:youshouldmakesuretoprotectthatfolderwitha
.htaccessor.htpasswdfile!
/cache:containstemporaryfoldersthataregeneratedandreusedinordertoalleviatetheserver'sload.
/classes:containsallthefilespertainingtoPrestaShop'sobjectmodel.Eachfilerepresents(andcontains)aPHPclass,andits
methods/properties.
/config:containsallofPrestaShop'sconfigurationfiles.Unlessaskedto,youshouldnevereditthem,astheyaredirectly
handledbyPrestaShop'sinstallerandbackoffice.
/controllers:containsallthefilespertainingtoPrestaShopcontrollersasinModelViewController(orMVC),thesoftware
architectureusedbyPrestaShop.EachfilecontrolsaspecificpartofPrestaShop.
/css:containsallCSSfilesthatarenotattachedtothemeshence,thesearemostlyusedbythePrestaShopbackoffice.
/docs:containssomedocumentation.Note:itshouldbedeletedinaproductionenvironment.
/download:containsyourdigitalproducts,whichcanbedownloaded:PDFs,MP3s,etc.
/img:containsallofPrestaShop'sdefaultimages,iconsandpicturefilesthat,thosethatdonotbelongtothetheme.Thisis
whereyoucanfindthepicturesforproductcategories(/csubfolder,thosefortheproducts(/psubfolder)andthoseforthe
backofficeitself(/adminsubfolder).
/install:containsallthefilesrelatedtoPrestaShop'sinstaller.Youwillberequiredtodeleteitafterinstallation,inorderto
increasesecurity.
/js:containsallJavaScriptfilesthatarenotattachedtothemes.Mostofthembelongtothebackoffice.Thisisalsowhereyou
willfindthejQueryframework.
/localization:containsallofPrestaShop'slocalizationfilesthatis,filesthatcontainlocalinformation,suchascurrency,
language,taxrulesandtaxrulesgroups,statesandthevariousunitsinuseinthechosencountry(i.e.,volumeinliter,weightin
kilograms,etc.).
/log:containsthelogfilesgeneratedbyPrestaShopatvariousstages,forinstanceduringtheinstallationprocess.
/mails:containsallHTMLandtextfilesrelatedtoemailssentbyPrestaShop.Eachlanguagehasitsspecificfolder,whereyou
canmanuallyedittheircontentifyouwish.
/modules:containsallofPrestaShop'smodules,eachinitsownfolder.Ifyouwishtodefinitelyremoveamodule,firstuninstallit
fromthebackoffice,thenonlycanyoudeleteitsfolder.
/override:thisisaspecialfolderthatappearedwithPrestaShop1.4.ByusingPrestaShop'sregularfolder/filenameconvention,
itispossibletocreatefilesthatoverridePrestaShop'sdefaultclassesorcontrollers.ThisenablesyoutochangePrestaShop

corebehaviorwithouttouchingtotheoriginalfiles,keepingthemsafeforthenextupdate.
/pdf:containsallthetemplatefiles(.tpl)pertainingtothePDFfilegeneration(invoice,deliveryslips,etc.).Changethesefiles
inordertochangethelookofthePDFfilesthatPrestaShopgenerates.
/themes:containsallthecurrentlyinstalledthemes,eachinitsownfolder.
/tools:containsexternaltoolsthatwereintegratedintoPrestaShop.Forinstance,thiswereyou'llfindSmarty(template/theme
engine),FPDF(PDFfilegenerator),Swift(mailsender),PEARXMLParser(PHPtool).
/translations:containsasubfolderforeachavailablelanguage.However,ifyouwishtochangethetranslation,youmustdo
sousingthePrestaShopinternaltool,andnoteditthemdirectlyinthisfolder.
/upload:containsthefilesthatwouldbeuploadedbyclientsforcustomizableproducts(forinstance,apicturethataclient
wantsprintedonamug).
/webservice:containsfilesthatenablethirdpartyapplicationstoaccessPrestaShopthroughitsAPI.

MovingPrestaShop
APrestaShopinstallationdoesseldomremainatthesamephysicalplace.Therearemanyreasonswhyyouwouldneedtomoveyour
PrestaShopfilesanddataaround:
Movingyourshopfromyourlocalcomputertoyouronlineserver.
Movingyourshopfromatestsubdomaintothemaindomain.
Movingyourshopfromoneservertoanother.
Movingyourshopfromonedomainnametoanother.
Inallofthesecircumstances,youmustbecarefultoproperlymovebothallofyourfiles(includingthecustomimages,yourthemes,the
modulesyoubought...)andallyourdata(whichiscontainedinyourMySQLdatabase).

MovingPrestaShoptoaNewServer
Herearethemainstepswhenchangingservers,orcopyingfromyourlocalharddrivetoyouronlineserver:
1. Putyourshopinmaintenancemode,soastonotlosenewcustomersororderswhilemovingthedata.
Gotoyourbackoffice,andunderthe"Preference"menu,openthe"Maintenance"pageandsetthe"Enableshop"optionto
"No".
2. Moveyourfiles:
a. Makeabackupofallthefiles:connecttoyourFTPserver,andcopyallthefilesandfolderstoyourlocalharddrive.
b. Transferyourfilestoyournewhost:ConnecttotheFTPserverforyournewhost,andcopyallthefilesandfolders
thatyoujustdownloadedtoyourlocalharddrive,asis.
3. Moveyourdata:
a. Makeabackupofyoudatabase(a"dump"):connecttophpMyAdmin,clickonthe"Export"tab,selectthedatabaseof
yourPrestaShopinstallation,andclickthe"Go"button.Savethedownloadedfileonyourharddrive.IfphpMyAdmintimes
outbeforeitisabletoexportallyourdata,contactyourhost.
b. TransfertheSQLdumptothenewdatabase:connecttothenewserver'sphpMyAdmin,clickonthe"Import"tab,click
the"Browse..."button,findtheSQLfileyoujustdownloaded,andclickthe"Go"buttontouploadit.IfphpMyAdmintimes
outbeforeitisabletoimportallyourdata,contactyournewhost.
4. Configureyourshop:
a. Onthenewserver,openthe/config/settings.inc.phpfileandupdatethesettingsforthenewdatabaseserver(with
yourownsettingsinsteadoftheexampleshere):
define('_DB_SERVER_','sql.domainname.com');
define('_DB_NAME_','prestashop');
define('_DB_USER_','PSuser');
define('_DB_PASSWD_','djsf15');
define('_DB_PREFIX_','ps_');
b. Logintoyourbackoffice,gotothe"Preferences"menu,selectthe"SEO&URLs"page,andinthe"SetshopURL"
sectionchangethedomainnametoyournewdomain.DothesamefortheSSLdomain.
Ineffect,thiswillupdatethe"ps_shop_url"SQLtable(aswellasthe"PS_SHOP_DOMAIN"and
"PS_SHOP_DOMAIN_SSL"rowsinthe"ps_configuration"SQLtable,forretrocompatibilityreasons).
5. ConnecttoyournewFTPserveranddeleteeverythingexcepttheindex.phpfilesinthefollowingfolders:
/cache/smarty/cache
/cache/smarty/compile
6. Gotoyourbackoffice,andinthe"Maintenance"preferencepage,setthe"Enableshop"optionbackto"Yes".
Youshouldbegoodtogo!Checkthatallthelinksarefunctioning,thatallyourproducts,images,modulesandthemesarestillthere,
andtrytocreateanewaccountandplaceanordersoastomakesureyourshopisworkingasexpected.

MovingPrestaShoptoaNewDomain
HerearethemainstepswhenmovingPrestaShoptoanewdomainwithinthesameserver.Thesearemostlyasimplerversionofthe
abovestepswedonottouchthedata,whichstaysonthesameMySQLserver.
1. Putyourshopinmaintenancemode,soastonotlosenewcustomersororderswillmovingthedata.
Gotoyourbackoffice,andunderthe"Preference"menu,openthe"Maintenance"pageandsetthe"Enableshop"optionto
"No".
2. Moveyourfiles
a. Makeabackupofallthefiles:connecttoyourFTPserver,andcopyallthefilesandfolderstoyourlocalharddrive.
b. Transferyourfilestoyournewhost:ConnecttotheFTPserverforyournewhost,andcopyallthefilesandfolders
thatyoujustdownloadedtoyourlocalharddrive,asis.
3. Configuration
a. Onthenewserver,openthe/config/settings.inc.phpfileandupdatethesettingsforthenewdatabaseserver(with

yourownsettingsinsteadoftheexampleshere):
define('_DB_SERVER_','sql.domainname.com');
define('_DB_NAME_','prestashop');
define('_DB_USER_','PSuser');
define('_DB_PASSWD_','djsf15');
define('_DB_PREFIX_','ps_');
b. Logintoyourbackoffice,gotothe"Preferences"menu,selectthe"SEO&URLs"page,andinthe"SetshopURL"
sectionchangethedomainnametoyournewdomain.DothesamefortheSSLdomain.
Ineffect,thiswillupdatethe"PS_SHOP_DOMAIN"and"PS_SHOP_DOMAIN_SSL"rowsinthe"ps_configuration"SQL
table.
4. ConnecttoyournewFTPserveranddeleteeverythingexcepttheindex.phpfilesinthefollowingfolders:
/tools/smarty/cache
/tools/smarty/compile
/tools/smarty_v2/cache
/tools/smarty_v2/compile
5. Gotoyourbackoffice,andinthe"Maintenance"preferencepage,setthe"Enableshop"optionbackto"Yes".
Youshouldbegoodtogo!Checkthatallthelinksarefunctioning,thatallyourproducts,images,modulesandthemesarestillthere,
andtrytocreateanewaccountandplaceanordersoastomakesureyourshopisworkingasexpected.
rewrite^/([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$1$2.jpglast
rewrite^/([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$1$2$3.jpglast
rewrite^/([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$1$2$3$4.jpglast
rewrite^/([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$4/$1$2$3$4$5.jpglast
rewrite^/([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpglast
rewrite^/([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$/img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpglast
rewrite^/([09])([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$
/img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpglast
rewrite^/([09])([09])([09])([09])([09])([09])([09])([09])([_azAZ09]*)?([09]+)?/.+\.jpg$
/img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpglast
rewrite^/c/([09]+)([_azAZ09]*)([09]+)?/.+\.jpg$/img/c/$1$2.jpglast
rewrite^/c/([azAZ]+)([09]+)?/.+\.jpg$/img/c/$1.jpglast
rewrite^/([09]+)([_azAZ09]*)([09]+)?/.+\.jpg$/img/c/$1$2.jpglast