Magento uses MD5 and salt algorithems to store password for customer as well admin user.
How magento create encrypted password
Magento create encrypted password with,
Mage::getModel('core/encryption')->decrypt($password);
Here is the logic of decrypt($password) function,
$password = "12345678"; $salt = "at"; $encyPasswod = md5($salt.$pass).":".$salt;
In above function, $salt is randomly generated string of two alphanumeric character.
How magento validate password
Bellow functiona will validate the user password,
Mage::getModel('customer/customer')->authenticate($email, $password);
Logic behind above function is,
$email = "techbandhus@gmail.com"; $password = "123456"; //Load a customer by email address $customer = Mage::getModel('customer/customer') ->setWebsiteId(Mage::app()->getStore()->getWebsiteId()) ->loadByEmail($email); // if loaded! get stored password from database $hash = $customer->getData("password_hash"); // Get last two digits separate by :"; $hashArr = explode(':', $hash); public function validateHash($password, $hash) { $hashArr = explode(':', $hash); switch (count($hashArr)) { case 1: return $this->hash($password) === $hash; case 2: return $this->hash($hashArr[1] . $password) === $hashArr[0]; } Mage::throwException('Invalid hash.'); }
So, it simply means that even if you have not added salt key and only MD5 text as password, login will work.
实例:
- 客户端 To get Customers authenticated
// Or whatever the path to your app/Mage.php happens to be ... require_once( dirname(__FILE__).'/app/Mage.php' ); // Initialize Magento ... Mage::app("default"); // Set the variables that we care about. $id = 1; // The Store ID. Since Magento can handle multiples, this may change. $username = 'their.email@their.domain.com'; // Their email address / username (the same thing) $password = 'theirpassword'; // Their password. try{ $blah = Mage::getModel('customer/customer')->setWebsiteId($id)->authenticate($username, $password); }catch( Exception $e ){ $blah = false; }
- 后台 To get Customersadmins
// Or whatever the path to your app/Mage.php happens to be ... require_once( dirname(__FILE__).'/app/Mage.php' ); // Initialize Magento ... Mage::app("default"); // Set the variables that we care about. $username = 'admin'; // Or whatever username we're going with. $password = 'password'; // Obviously, replace this with whatever the actual password you're looking to validate is. $blah = Mage::getModel('admin/user')->authenticate($username, $password);
After either of these blocks of code, depending on whether you’re validating an admin or customer, $blah
will contain TRUE
for it being valid, or FALSE
for it being invalid!
转自:Magento: 验证客户密码 How magento store password and validate password
相关推荐
MagentoBeginner's Guide.pdf [Packt]出品,最早的Magento精品书之一,原书地址:http://www.amazon.com/Magento-Beginners-Guide-William-Rice/dp/1847195946
NULL 博文链接:https://justcoding.iteye.com/blog/2100394
MySQL 数据库:magento 用户名:magento 密码:password123 这是基于的工作而进行的一些更改,以简化启动和运行过程Windows支持去做添加memcached支持使用percona sql代替mysql 为生产和开发服务器创建标签
magento:magento-ce 2.4.0
Magento:registered:2数据集成借助Datatric Connect扩展程序,可以轻松地将Magento:registered:2商店与Datatrics平台连接起来。安装在开始安装过程之前,我们建议您对webshop文件以及数据库进行备份。 有两种安装...
通过SFTP或SSH导航到Magento [Magento]/app/code/ 。 上载带有扩展名的Dropday/OrderAutomation目录。 打开终端并导航到Magento根目录。 运行以下命令以启用Dropday扩展: php bin/magento module:enable Dropday_...
Apress.The.Definitive.Guide.to.Magento.Dec.2009.pdf Apress于2009重磅推出的Magento上手书籍,原书地址:http://www.apress.com/book/view/9781430272298
magento:Magento CE 1.x源代码
fresh-magento:新鲜的magento
Magento Python API 用于连接到Magento Web服务的Python库。 用法 import magento url = 'http://domain.com/' apiuser = 'user' apipass = 'password' # Create an instance of API client = magento . API ( url ...
Magento:registered:2的强制登录模块 Magento:registered:2的“强制登录”模块允许您限制访问者可以看到哪些页面。 如果访问者页面未标记为可访问,则将其重定向到登录页面。 Magento:registered:2的强制登录模块...
docker-magento:Mark Shust的Magento Docker配置
VueFrontCMS Connect App for Magento 显示你的 :red_heart: -给我们一个 :star: 帮助我们将这个项目发展到最好! VueFront是CMS不可知的SPA和PWA前端,适用于您的老式Blog和电子商务网站。 Magento通过最佳的电子...
You’ll start by getting a general understanding of what Magento is, why and how you should use it, and whether it is possible and feasible to migrate from an old web store to Magento 2. As you work ...
马恩托 magento 项目
Chapter 6, Creating a Magento 2 Theme, discusses the Magento 2 blank theme and how to use the fallback to create seasonal variations. It also explains how the new theme is set up and where files are ...
马真托Magento片段。
Gimmie Magento 插件 为 Magento 添加 Gimmie 奖励,让用户在购买和推荐朋友时获得积分并获得真正的奖励。 要安装此插件,我们提供。 建造 克隆此插件所需的所有子模块(gimmie php 项目) $git submodule init &&...
magento:megento电子商务网站
Tryton Magento集成 Magento电子商务平台与Tryton ERP的集成。 文献资料 可获取该项目的详细文档。 该文档是自动生成的,欢迎您对文档进行改进或翻译。 在开始任何事情之前,请创建一个问题,以避免重复工作。 ...