Thanks to Fabian Blechschmidt, I came up with the following that works for me (using the event customer_save_before
):
public function detectPwdChange(Varien_Event_Observer $observer) {
$event = $observer->getEvent();
$customer = $event->getCustomer();
$postData = Mage::app()->getRequest()->getPost();
if($customer instanceof Mage_Customer_Model_Customer && !$customer->isObjectNew()) {
if( $postData['change_password'] == 1 && $postData['current_password'] != $postData['password'] ) {
// Do something
}
}
return $this;
}
THIS ANSWER APPLIES TO MAGENTO 1
You do not need to modify Magento's authentication classes.
You can import passwords already MD5 encrypted. I have tested this.
How Magento 1 CE stores passwords:
- Password chosen by user:
Foobar!
- Salt random generated by Magento:
2sM0lWnxa
- Password before MD5 encyption:
2sM0lWnxaFoobar!
(that is <salt><password>
)
- Password in MD5 encryption:
b55bd20f0ef25e759dc77b09fe7e4dfd
- Password stored in database:
b55bd20f0ef25e759dc77b09fe7e4dfd:2sM0lWnxa
(that is <md5 password>:<salt>
)
How to format already MD5 encrypted password for import (without salt):
- Simply add a
:
(colon) to the end of the already MD5 encrypted password
How does this work?
We can see that Magento looks for a :
(colon) in the string, and assumes what comes after it is the salt
. If you place a :
(colon) at the end of your already encrypted password and then nothing further, Magento will realise that there IS no salt for that password.
Getting the password into Magento
Alright, so now we know what we need to do to our passwords, how do we get them into Magento? Normally Magento will automatically encrypt a password you give it, but in our case we DON'T want it to because it's already done.
Turns out, this is simple too! When creating, or updating an existing customer by code you normally use this to set their password:
$customerModel = Mage::getModel("customer/customer");
// ... further code here to create customer (or update existing customer) ...
$customerModel->setPassword("Plain Text Password");
$customerModel->save();
Instead of using the setPassword
method on Customer Model, use setPasswordHash
:
$customerModel->setPasswordHash("<md5 encrypted password>:");
Best Answer
First you need to convert all the password to hash password. then on the sheet use password_hash instead of password for set password.
Use magento core helper class for generate
hash_password: