Recently I had occasion to export some customer data and use it in another system. This way I don’t need 2 different sign-ons for an external CMS.
Magento stores the hashed password with its salt. You can use this code as a guide to checking Magento customer passwords outside (well, inside, too, I guess…) Magento. This is a php command line script.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | /* Substitute appropriate Mage path: */ require_once( "../../app/Mage.php" ); Mage::app()->setCurrentStore(Mage_Core_Model_App::ADMIN_STORE_ID); /* argv[1] is assumed to be the email address in our program * argv[2] is the password */ $customer = Mage::getModel('customer/customer')->setWebsiteId(Mage::app()->getStore()->getWebsiteId())->loadByEmail($argv[1]); echo "Customer ID: " . $customer->getId() . "\n"; /* Load in the password_hash: */ $hash_in_db = $customer->getPasswordHash(); echo "Hashed password as stored in the database: ". $hash_in_db . "\n"; /* The hashed password is stored as: * hash.':'.salt * We explode at the ':' such that hash is in element 0, salt is in element 1 */ $a = explode(':', $hash_in_db); $hash = $a[0]; $salt = $a[1]; /* Generate a hash based on what was passed in at argv[2] */ $password_in = $argv[2]; $computed_password = md5($salt . $password_in); echo "Database=[$hash] Computed=[$computed_password]\n\n"; /* Well, did it match? */ echo ( $computed_password === $hash ) ? "BOOM-MATCH!\n" : "*bbzzt* nope\n"; exit(0); |
Thank you, unexpected[it]!