Magento 1.9 – How to Convert String Password to Hash

customerimportmagento-1.9password

I am trying to import customers using .csv file. I did it using data flow profiles in magento. I have list of customers and passwords but I have passwords in string format. How to convert string password into password_hash?

Best Answer

First you need to convert all the password to hash password. then on the sheet use password_hash instead of password for set password.

Use magento core helper class for generate hash_password:

Mage::helper('core')
->getHash('YOUR_PASSWORD', Mage_Admin_Model_User::HASH_SALT_LENGTH);

Related Solutions

Magento 1.7 – Event/Observer for Customer Password Change

Thanks to Fabian Blechschmidt, I came up with the following that works for me (using the event customer_save_before):

public function detectPwdChange(Varien_Event_Observer $observer) {
    $event              = $observer->getEvent();
    $customer           = $event->getCustomer();
    $postData           = Mage::app()->getRequest()->getPost();

    if($customer instanceof Mage_Customer_Model_Customer && !$customer->isObjectNew()) {

        if( $postData['change_password'] == 1 && $postData['current_password'] != $postData['password'] ) {
            // Do something
        }
    }

    return $this;
}

Existing Customer Import with MD5 Hashed Password in Magento 1.8

THIS ANSWER APPLIES TO MAGENTO 1

You do not need to modify Magento's authentication classes. You can import passwords already MD5 encrypted. I have tested this.

How Magento 1 CE stores passwords:

Password chosen by user: Foobar!
Salt random generated by Magento: 2sM0lWnxa
Password before MD5 encyption: 2sM0lWnxaFoobar! (that is <salt><password>)
Password in MD5 encryption: b55bd20f0ef25e759dc77b09fe7e4dfd
Password stored in database: b55bd20f0ef25e759dc77b09fe7e4dfd:2sM0lWnxa (that is <md5 password>:<salt>)

How to format already MD5 encrypted password for import (without salt):

Simply add a : (colon) to the end of the already MD5 encrypted password

How does this work?

We can see that Magento looks for a : (colon) in the string, and assumes what comes after it is the salt. If you place a : (colon) at the end of your already encrypted password and then nothing further, Magento will realise that there IS no salt for that password.

Getting the password into Magento

Alright, so now we know what we need to do to our passwords, how do we get them into Magento? Normally Magento will automatically encrypt a password you give it, but in our case we DON'T want it to because it's already done.

Turns out, this is simple too! When creating, or updating an existing customer by code you normally use this to set their password:

$customerModel = Mage::getModel("customer/customer");
// ... further code here to create customer (or update existing customer) ...
$customerModel->setPassword("Plain Text Password");
$customerModel->save();

Instead of using the setPassword method on Customer Model, use setPasswordHash:

$customerModel->setPasswordHash("<md5 encrypted password>:");

Best Answer

Related Solutions

Magento 1.7 – Event/Observer for Customer Password Change

Existing Customer Import with MD5 Hashed Password in Magento 1.8

THIS ANSWER APPLIES TO MAGENTO 1

Related Topic