I am using magento version 1.9.0.1.
For switching to magento purposes I need to create a login function for customers outside the magento framework.
I have looked up the method magento uses to hash and validate passwords, but the method doesn't seem to work anymore.
Below the code I use to validate a user login outside magento. This code is just to try proof of concept and is not being used in a live environment for obvious reasons :).
function checkPassword($entity,$passwordInput){
$query = mysql_query("SELECT value FROM customer_entity_varchar WHERE entity_id = '$entity' AND attribute_id = '12' LIMIT 1");
$fetch = mysql_fetch_object($query);
$fetch_data = explode(':',$fetch->value);
$hashed_password = $fetch_data['0'];
$salt = $fetch_data['1'];
$hashInput = md5($passwordInput . $salt);
if($hashInput == $hashed_password){
return 'Success';
}
else{
return 'Failure';
}
}
$entity
is the entity_id passed after email validation,
$passwordInput
is the password entered in the login form.
It returns Failure. Which I'm not surprised about because when I return $hashInput
and compare it with $hashed_password
it's not the same.
Has the way Magento hashes passwords been changed? Or is there a mistake in my code?
If you check in
\app\code\core\Mage\Customer\Model\Customer.php
you can find something like this (near line 430) :The
helper('core')
is\app\code\core\Mage\Core\Helper\Data.php
In
\app\code\core\Mage\Core\Helper\Data.php
, you find :and
getEncryptor()
function is :$this->_encryptor
is in\app\code\core\Mage\Core\Model\Encryption.php
and in this file you can find :and
(string)Mage::getConfig()->getNode('global/crypt/key');
is in/app/etc/local.xml
file.Your variable
$hashed_password
pass by this last method.Your variable
$hashInput
also pass there ?So, you can change in your
checkPassword()
function :to
Thereby,
$hashInput
and$hashed_password
will follow the same way.