stackoom
  简体   繁体   中英

Prestashop 1.7 Customer Password Encryption?

 原文  2019-04-28 23:13:58       php/ prestashop/ bcrypt/ prestashop-1.7/ password-hash

Question

I made some third party system based with php for Prestashop 1.6. It works with connecting directly the Prestashop Database. And know Im upgraded my Presta to 1.7.5.1 and IT WORKS. Only It dont log in customers anymore because as I can see Password encryption is changed. I was using md5(COOKIE_KEY.'password') for 1.6, but I see the passwords on 1.7 nothing like md5. Could you tell me how encryption is. (it become much better if you tell me with php code)

Prestashop 1.7.5.1

$2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym

for 123456

1 answers

solution1
 2  2019-04-29 00:43:10

PrestaShop 1.7.x now uses bcrypt as the preferred hash method (md5 is still supported though).

To better understand the behavior between PrestaShop v1.6.x vs 1.7.x for checking passwords, let's have a look at the getByEmail() method in the Customer class:

/**
  * Return customer instance from its e-mail (optionally check password).
  *
  * @param string $email e-mail
  * @param string $plaintextPassword Password is also checked if specified
  * @param bool $ignoreGuest
  *
  * @return bool|Customer|CustomerCore Customer instance
 */
 public function getByEmail($email, $plaintextPassword = null, $ignoreGuest = true)

If $plaintextPassword is provided the encrypted version of the password is retrieved with:

$this->passwd = $crypto->hash($plaintextPassword);

The Hashing class can be instancied by doing:

$crypto = ServiceLocator::get('\\PrestaShop\\PrestaShop\\Core\\Crypto\\Hashing');

Solution for your example using PrestaShop 1.7 classes/methods:

<?php

namespace PrestaShop\PrestaShop\Core\Crypto;
include('config/config.inc.php');

$plaintextPassword = '123456';
$crypto = new Hashing;
$encryptedPassword = $crypto->hash($plaintextPassword, _COOKIE_KEY_);

echo 'Clear: '.$plaintextPassword.'<br />Encrypted: '.$encryptedPassword;

/* Result (example)
Clear: 123456
Encrypted: $2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym */

Alternate solution, without the need to include any PrestaShop files/methods:

<?php

$plaintextPassword = '123456';
$encryptedPassword = password_hash($plaintextPassword, PASSWORD_BCRYPT);
echo var_dump(password_verify($plaintextPassword, $encryptedPassword)); // True if encryption is matching

I hope this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Prestashop 1.7 - Send a second email to the customer after registration Change Prestashop 1.5.6.2 customer password requirements Magento customer login with SHA1 password encryption How to change password and sent mail to customer group programmatically Magento 1.7? Add discounts in prestashop 1.7 Overriding controllers in Prestashop 1.7 Prestashop 1.7 hookDisplayAdminProductsExtra is not working? Prestashop 1.7 Payment module how to pagination in Prestashop 1.7? Prestashop 1.7 disable payment
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM