I have Migrated Magento 1.9.1.0 website in Magento 2.2.4,all data is migrated successfully.
When I am trying to login from front-end with existing old customer(Magento1)
it generating error
"You did not sign in correctly or your account is temporarily disabled."
While it is working fine for Newly creating customers in Magento 2.
I have debugged in Database customer_entity table and found that old Magento 1 was using SHA1 for password hashing and its length is "40" + salt = 73 character.Since magento 1 default using MD5 technique but in our Magento code old developers override core file and changed below code
class CD_Core_Model_Encryption extends Mage_Core_Model_Encryption
{
/**
* Hash a string
*
* @param string $data
* @return string
*/
public function hash($data)
{
return sha1($data);
}
}
Hence all passwords in Magento 1 saved in SHA1 format.
passwords are after migrated
6de015050ee16e5451019072f77f2bf50c3c02bc:VLAyPWtkZsHa00UMCWrFNtJ1ARoBp4Wc
Above password are not accepted in Magento 2 when login
Please help anybody how to support SHA1 password in Magento 2.
Best Answer
I think you are aware of possible solutions But let me clarify it:
Solution 1: Easy Quick Solution
what alan Storm Suggested:-
How you can do that: (
put in root folder & run
script for send password reset link to all customers)Solution 2. ( Not Recommended but also work)
Hash algorithm can not change from one to another (md5 to sh1/sh2). Magento2 doesn't support SHA1 (
deprecated
)you can't get back string(password) But you can check same hash value by
brute force
.Magento 1.x has stored password similar to
password =
353dc2ba6108461cf3468184bdd0e174:LM => md5($password.$salt):salt.Pseudo code
in your case
sh1(md5($password.$salt)):sha1(salt)
As Magento2 store in this way
5ca6a208eba1be74251419d22399925c01fbe36f72c5b472d110c40c119b8709:QTwASvDZV6kKPNCl8eHZGZfF1U8NaoRB:1
hash('SHA-256', $salt . $password):$salt:1
Hash Value:(random 32 bit character):(Hashing algorithm version default:1)
What you have to do now: authenticate users by extra step and also save in similar manner.
Pseudo code
Want to change in core files to support
SHA1
?write a plugin for extra authenticate step