Geek asks and answers

Magento Transfer clients without a password.

I am moving my legacy Saas site to my new magento corporate installation and I don’t believe that I can transfer client passwords. They are encrypted using the perl crypt () function.

I am wondering what the best workflow for this might be, as I am sure that others must have come across something similar.

I do not mind to send an email asking all of our customers to create a new password or ask them the next time they log in.

But what should I put in the password field for import? For security, of course, I can’t give everyone the same temporary password.

We have almost 123,000 customers (many of which are probably no longer active, though), so it may take some time.

Thanks in advance.

+5
source share
3 answers

I think the best way is to automatically generate passwords along with accounts using Magento's built-in functionality, as shown below:

$customer = Mage::getModel('customer/customer');

$password = '123456';
$email = 'testuser@test.com';

$customer->setWebsiteId(Mage::app()->getWebsite()->getId());
$customer->loadByEmail($email);

if(!$customer->getId()) { // if customer does not already exists, by email
    // new data
    $customer->setEmail($email);
    $customer->setFirstname('Johnny');
    $customer->setLastname('Doels');
    $newPassword = $customer->generatePassword(); // generate a new password
    $customer->changePassword($newPassword); // set it

} else {
    // do something here for existing customers
}

try {
    $customer->save();
    $customer->setConfirmation(null);
    $customer->save();
    $customer->sendPasswordReminderEmail(); // save successful, send new password
}

catch (Exception $ex) {
    //Zend_Debug::dump($ex->getMessage());
}
+5
source

As indicated on this wiki page, Magento supports salting as well as unsalted MD5 hashes. This is technically true, but getting it to work is all straightforward.

Basically, you need to copy through MD5 hashed passwords with empty as salt.

For example, take the password "foobar", hash MD5 "3858f62230ac3c915f300c664312c63f". If you put this directly in db, it will not work. The authentication system looks for a ":" in the password hash to get the salt. At the bottom, add ":" to the end and Magento will not quarrel the password with anything, so you just get a regular MD5 hash.

"3858f62230ac3c915f300c664312c63f" → "3858f62230ac3c915f300c664312c63f:"

, , reset , , , .

+2

. , , reset.

Transfer client passwords to the magento database as their hash and solo combination. You can then overload the password hash method in purple to check if the old client has an old hash or a new hash.

If the client has an old hash, use your old crypt method and salt to verify the password. If you wanted, you could upgrade it to a new method that it successfully authenticated.

If you can create a hash function in php this would be easiest. Or just call the perl program from php.

0
source

More articles:


All Articles