validation - Has the hash password function changed in magento? If so, to what? -

-

i using magento version 1.9.0.1.

for switching magento purposes need create login function customers outside magento framework.

i have looked method magento uses hash , validate passwords, method doesn't seem work anymore.

below code use validate user login outside magento. code try proof of concept , not being used in live environment obvious reasons :).

function checkpassword($entity,$passwordinput){     $query = mysql_query("select value customer_entity_varchar entity_id = '$entity' , attribute_id = '12' limit 1");     $fetch = mysql_fetch_object($query);     $fetch_data = explode(':',$fetch->value);     $hashed_password = $fetch_data['0'];     $salt = $fetch_data['1'];      $hashinput = md5($passwordinput . $salt);     if($hashinput == $hashed_password){         return 'success';     }     else{         return 'failure';     } }

$entity entity_id passed after email validation,

$passwordinput password entered in login form.

it returns failure. i'm not surprised because when return $hashinput , compare $hashed_password it's not same.

has way magento hashes passwords been changed? or there mistake in code?

if check in \app\code\core\mage\customer\model\customer.php can find (near line 430) :

/**  * encrypt password  *  * @param   string $password  * @return  string  */ public function encryptpassword($password) {     return mage::helper('core')->encrypt($password); }

the helper('core') \app\code\core\mage\core\helper\data.php

in \app\code\core\mage\core\helper\data.php, find :

/**  * encrypt data using application key  *  * @param   string $data  * @return  string  */ public function encrypt($data) {     if (!mage::isinstalled()) {         return $data;     }     return $this->getencryptor()->encrypt($data); }

and getencryptor() function :

/**  * @return mage_core_model_encryption  */ public function getencryptor() {     if ($this->_encryptor === null) {         $encryptionmodel = (string)mage::getconfig()->getnode(self::xml_path_encryption_model);         if ($encryptionmodel) {             $this->_encryptor = new $encryptionmodel;         } else {             $this->_encryptor = mage::getmodel('core/encryption');         }          $this->_encryptor->sethelper($this);     }     return $this->_encryptor; }

$this->_encryptor in \app\code\core\mage\core\model\encryption.php , in file can find : 

/**  * encrypt string  *  * @param string $data  * @return string  */ public function encrypt($data) {     return base64_encode($this->_getcrypt()->encrypt((string)$data)); }

and 

/**  * instantiate crypt model  *  * @param string $key  * @return varien_crypt_mcrypt  */ protected function _getcrypt($key = null) {     if (!$this->_crypt) {         if (null === $key) {             $key = (string)mage::getconfig()->getnode('global/crypt/key');         }         $this->_crypt = varien_crypt::factory()->init($key);     }     return $this->_crypt; }

(string)mage::getconfig()->getnode('global/crypt/key'); in /app/etc/local.xml file.

your variable $hashed_password pass last method.

your variable $hashinput pass there ?

so, can change in checkpassword() function : 

$hashinput = md5($passwordinput . $salt);

to

$hashinput = encryptpassword($passwordinput);

thereby, $hashinput , $hashed_password follow same way.


Comments

Post a Comment

Popular posts from this blog

python - pip install -U PySide error -

-
does know how avoid following error when running pip install -u pyside per official website instructions here: https://pypi.python.org/pypi/pyside/#installing-pyside-on-a-mac-os-x-system note have done brew install qt successfully. you using pip version 7.0.3, version 7.1.2 available. should consider upgrading via 'pip install --upgrade pip' command. collecting pyside using cached pyside-1.2.4.tar.gz installing collected packages: pyside running setup.py install pyside complete output command /applications/anaconda/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-build-cpxemt/pyside/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-0r7hri-record/install-record.txt --single-version-externally-managed --compile: ...
Read more

arrays - C++ error: a brace-enclosed initializer is not allowed here before ‘{’ token -

-
simple question: i'm trying initialize array within c++ class declaration: using namespace std; #include <string> class myclass{ public: string myarray[] = {"a","b","c"}; }; and i'm getting error: error: brace-enclosed initializer not allowed here before ‘{’ token no, without complied c++11 compiler, cannot initialize member array in declaration. have initialize array member in constructor. , don't use open array if know number of elements initialize array.
Read more

cytoscape.js - How to add nodes to Dagre layout with Cytoscape -

-
i trying add nodes dagre graph through cityscape.js. problem nodes not painted. code have: cy.add({ group: "nodes", data: { id:"n0",name:"n0",weight: 75 }, }); $.ajax(url).done(function(jsontree){ var newnodes=[]; for(var i=1;i<6;i++){ //var child = jsontree.result[i]; newnodes.push( { group: "nodes", data: { id: "n"+i, name:"n"+i}}, { group: "edges", data: { id: "e"+i, source: "n0", target: "n"+i } } ); } cy.add(newnodes); any ideas? have used loaded function reload graph not work. not know if have use specific function reload graph. thank in advance. you need add positions new nodes. cytoscape.js docs : it important note positions of newly added nodes must defined when calling cy.add(). nodes can not placed in graph without valid position — otherwise not displayed. yo...
Read more