问题
Hi every body i try to check passwords of users of magento store , i get password from user and magento and try to compare them , one of them is hash code and other is normal string , i want to generate hash of normal one and compare them but problem is magento hashed password is different ! this is password : 123456 and this is hash that i get from magento : 2364b70e91268d8ecf59fffd47db692b:LSC2VzugdDdUbghTHoTouZeMLxk14OPT and this is md5 hash i generate for 123456 : e10adc3949ba59abbe56e057f20f883e
what is the magento password hashing format ? can any body help me ? thanks
回答1:
This is called a salted password hash.
Split the value you have in your db at :. The first part is the salted hash, the second part is the "salt".
In Magento it works like this:
$saltedHash = md5($salt.$password);
In your case the salt is LSC2VzugdDdUbghTHoTouZeMLxk14OPT.
If you try md5('LSC2VzugdDdUbghTHoTouZeMLxk14OPT123456') you get 2364b70e91268d8ecf59fffd47db692b.
Exactly what you need.
回答2:
I tried as below , solution is similar but shown in detail here
$inDatabase = 2364b70e91268d8ecf59fffd47db692b:LSC2VzugdDdUbghTHoTouZeMLxk14OPT
$passwordEntered = 123456
$hashPassword = explode(':', $inDatabase);
$firstPart = $hashPassword[0];
$salt = $hashPassword[1];
Then,
md5($salt.$passwordEntered) is equal to $firstPart
来源:https://stackoverflow.com/questions/20772665/magento-password-hash-in-customer-info