I have existing customer data, which includes email addresses and passwords (already MD5 hashed.)
Can I import this data into Magento, whilst keeping the customers' existing passwords?
Will an override of Magento's customer authentication class be required?
Best Answer
THIS ANSWER APPLIES TO MAGENTO 1
You do not need to modify Magento's authentication classes. You can import passwords already MD5 encrypted. I have tested this.
How Magento 1 CE stores passwords:
Foobar!
2sM0lWnxa
2sM0lWnxaFoobar!
(that is<salt><password>
)b55bd20f0ef25e759dc77b09fe7e4dfd
b55bd20f0ef25e759dc77b09fe7e4dfd:2sM0lWnxa
(that is<md5 password>:<salt>
)How to format already MD5 encrypted password for import (without salt):
:
(colon) to the end of the already MD5 encrypted passwordHow does this work?
We can see that Magento looks for a
:
(colon) in the string, and assumes what comes after it is thesalt
. If you place a:
(colon) at the end of your already encrypted password and then nothing further, Magento will realise that there IS no salt for that password.Getting the password into Magento
Alright, so now we know what we need to do to our passwords, how do we get them into Magento? Normally Magento will automatically encrypt a password you give it, but in our case we DON'T want it to because it's already done.
Turns out, this is simple too! When creating, or updating an existing customer by code you normally use this to set their password:
Instead of using the
setPassword
method on Customer Model, usesetPasswordHash
: