1. 技术文章
  2. Prestashop 1.7 Customer Password Encryption?

Prestashop 1.7 Customer Password Encryption?

旧城冷巷雨未停 提交于 2019-12-08 07:56:03

问题


I made some third party system based with php for Prestashop 1.6. It works with connecting directly the Prestashop Database. And know Im upgraded my Presta to 1.7.5.1 and IT WORKS. Only It dont log in customers anymore because as I can see Password encryption is changed. I was using md5(COOKIE_KEY.'password') for 1.6, but I see the passwords on 1.7 nothing like md5. Could you tell me how encryption is. (it become much better if you tell me with php code)

Prestashop 1.7.5.1

$2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym

for 123456


回答1:


PrestaShop 1.7.x now uses bcrypt as the preferred hash method (md5 is still supported though).

To better understand the behavior between PrestaShop v1.6.x vs 1.7.x for checking passwords, let's have a look at the getByEmail() method in the Customer class:

/**
  * Return customer instance from its e-mail (optionally check password).
  *
  * @param string $email e-mail
  * @param string $plaintextPassword Password is also checked if specified
  * @param bool $ignoreGuest
  *
  * @return bool|Customer|CustomerCore Customer instance
 */
 public function getByEmail($email, $plaintextPassword = null, $ignoreGuest = true)

If $plaintextPassword is provided the encrypted version of the password is retrieved with:

$this->passwd = $crypto->hash($plaintextPassword);

The Hashing class can be instancied by doing:

$crypto = ServiceLocator::get('\\PrestaShop\\PrestaShop\\Core\\Crypto\\Hashing');

Solution for your example using PrestaShop 1.7 classes/methods:

<?php

namespace PrestaShop\PrestaShop\Core\Crypto;
include('config/config.inc.php');

$plaintextPassword = '123456';
$crypto = new Hashing;
$encryptedPassword = $crypto->hash($plaintextPassword, _COOKIE_KEY_);

echo 'Clear: '.$plaintextPassword.'<br />Encrypted: '.$encryptedPassword;

/* Result (example)
Clear: 123456
Encrypted: $2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym */

Alternate solution, without the need to include any PrestaShop files/methods:

<?php

$plaintextPassword = '123456';
$encryptedPassword = password_hash($plaintextPassword, PASSWORD_BCRYPT);
echo var_dump(password_verify($plaintextPassword, $encryptedPassword)); // True if encryption is matching

I hope this helps.



来源:https://stackoverflow.com/questions/55895336/prestashop-1-7-customer-password-encryption

标签
php
prestashop
bcrypt
prestashop-1.7
password-hash
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!