We know Magento support multiple currency. I have found…
December 10, 2015
Magento: 客户登陆验证 How magento store password and validate password
Magento uses MD5 and salt algorithems to store password for customer as well admin user.
How magento create encrypted password
Magento create encrypted password with,
Mage::getModel('core/encryption')->decrypt($password);
Here is the logic of decrypt($password) function,
$password = "12345678"; $salt = "at"; $encyPasswod = md5($salt.$pass).":".$salt;
In above function, $salt is randomly generated string of two alphanumeric character.
How magento validate password
Bellow functiona will validate the user password,
Mage::getModel('customer/customer')->authenticate($email, $password);
Logic behind above function is,
$email = "techbandhus@gmail.com"; $password = "123456"; //Load a customer by email address $customer = Mage::getModel('customer/customer') ->setWebsiteId(Mage::app()->getStore()->getWebsiteId()) ->loadByEmail($email); // if loaded! get stored password from database $hash = $customer->getData("password_hash"); // Get last two digits separate by :"; $hashArr = explode(':', $hash); public function validateHash($password, $hash) { $hashArr = explode(':', $hash); switch (count($hashArr)) { case 1: return $this->hash($password) === $hash; case 2: return $this->hash($hashArr[1] . $password) === $hashArr[0]; } Mage::throwException('Invalid hash.'); }
So, it simply means that even if you have not added salt key and only MD5 text as password, login will work.
实例:
- 客户端 To get Customers authenticated
// Or whatever the path to your app/Mage.php happens to be ... require_once( dirname(__FILE__).'/app/Mage.php' ); // Initialize Magento ... Mage::app("default"); // Set the variables that we care about. $id = 1; // The Store ID. Since Magento can handle multiples, this may change. $username = 'their.email@their.domain.com'; // Their email address / username (the same thing) $password = 'theirpassword'; // Their password. try{ $blah = Mage::getModel('customer/customer')->setWebsiteId($id)->authenticate($username, $password); }catch( Exception $e ){ $blah = false; }
- 后台 To get Customersadmins
// Or whatever the path to your app/Mage.php happens to be ... require_once( dirname(__FILE__).'/app/Mage.php' ); // Initialize Magento ... Mage::app("default"); // Set the variables that we care about. $username = 'admin'; // Or whatever username we're going with. $password = 'password'; // Obviously, replace this with whatever the actual password you're looking to validate is. $blah = Mage::getModel('admin/user')->authenticate($username, $password);
After either of these blocks of code, depending on whether you’re validating an admin or customer, $blah
will contain TRUE
for it being valid, or FALSE
for it being invalid!
或者我个人写的一个函数:
function customer_exists($email, $password, $data = array()) { $website = Mage::app()->getStore()->getWebsiteId(); if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return 'invalid email'; else { $customer = Mage::getModel('customer/customer'); $customer->setWebsiteId($website); $customer->loadByEmail($email); if ($customer->getId()) { if(strlen($password)*1 >= 6) { try{ $blah = $customer->setWebsiteId($website)->authenticate($email, $password); } catch( Exception $e ){ $blah = 0; } } else $blah = 'invalid password'; } else { if(strlen($password)*1 < 6) return 'invalid password'; else { $current_date = date('Y-m-d H:i:s',time()); $customer->setEmail($email); $customer->setFirstname($data['first_name']); $customer->setLastname($data['last_name']); $customer->setWebsiteId($website); $customer->setPassword($password); $customer->setCreatedAt($current_date); $customer->setUpdatedAt($current_date); $customer->setIsActive('1'); $customer->save(); $customer->setConfirmation(null); $customer->save(); $blah = $customer->getId(); } } return $blah; } }
本文:Magento: 验证客户密码 How magento store password and validate password