I need to import customers from the other shop system (oxid e CE) to Magento 1.9.
The best result would be reusing their password, so the customers can log in with their existing data into the new shop.
As far as I know, oxid uses md5 hash plus salt for encryption.
Is it possible to use these both fields to generate a md5 hash that Magento can use?
If not possible, I would try to display a message on login attempt for the imported customers that they will receive a mail with a link to reset their password. What would be the best approach for this method?
I think something like to pre-dispatch the login event and to check if this customer is one of the imported and has not reset his password.
Best Answer
If you tell us how OXID is hashing the passwords, we might help you.
Magentos passwords look like this:
An example:
027dfe2d795846ea0687514b0338d464:zj
in newer Versions, the hash is longer. It is important to see, that there is no seperator between salt and password and salt comes first.In CE
$this->hash()
ismd5()
in EE it is some sha function.Long story short: If OXID is hashing the same way you can just import the passwords, if it doesn't have a look into https://github.com/ikonoshirt/pbkdf2. I implemented an more secure way for password storing with PBKDF2 and for this I implemented a migration path to check wether the password is stored the new or the old way, you can use the same technique.