How to use magento 1 customer password in magento 2

/0 Comments/in /by

 Magento 1 use MD5 hash to encrypt the password and Magento 2 use SHA-256.

In Magento 1, they use Mage_Core_Model_Encryption class with following functions.

1
2
3
4
5
6
7
8
public function getHash($password, $salt = false)
{
    if (is_integer($salt)) {
        $salt = $this>_helper>getRandomString($salt);
    }
    return $salt === false ? $this>hash($password) : $this>hash($salt . $password) . ‘:’ . $salt;
}
 

1
2
3
4
5
public function hash($data)
{
    return md5($data);
}
 

Magento 1 generate hash by md5(salt + password) and save in database with 1 colon like $password-hash : $salt.

Magento 2 has changed logic and written in vendor/magento/framework/Encryption/Encryptor.php

Magento 2 generate hash like hash(‘sha256’, $salt . $password); and save with 2 colons in database like

$password-hash : $salt: $version

You have to override Encryptor class via di.xml with some private functions in your module.

/**

 * Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data

 */

class Encryptor extends MagentoFrameworkEncryptionEncryptor

{

/**

* @var array map of hash versions

*/

private $hashVersionMap = [

self::HASH_VERSION_MD5 => ‘md5’,

self::HASH_VERSION_SHA256 => ‘sha256’

];

/**

* @var array map of password hash

*/

private $passwordHashMap = [

self::PASSWORD_HASH => ”,

self::PASSWORD_SALT => ”,

self::PASSWORD_VERSION => self::HASH_VERSION_LATEST

];

/**

* @param string $hash

* @return array

*/

private function explodePasswordHash($hash)

{

$explodedPassword = explode(self::DELIMITER, $hash, 3);

foreach ($this->passwordHashMap as $key => $defaultValue) {

$this->passwordHashMap[$key] = (isset($explodedPassword[$key])) ? $explodedPassword[$key] : $defaultValue;

}

return $this->passwordHashMap;

}

/**

* @return string

*/

private function getPasswordHash()

{

return (string)$this->passwordHashMap[self::PASSWORD_HASH];

}

/**

* @return string

*/

private function getPasswordSalt()

{

return (string)$this->passwordHashMap[self::PASSWORD_SALT];

}

/**

* @return array

*/

private function getPasswordVersion()

{

return array_map(‘intval’, explode(self::DELIMITER, $this->passwordHashMap[self::PASSWORD_VERSION]));

}

    /**

     * @inheritdoc

     */

    public function isValidHash($password, $hash)

    {

        $this->explodePasswordHash($hash);

        

        $hashs = explode(“:”, $hash);

        if(count($hashs) == 2){

        $password = md5($this->getPasswordSalt() . $password);

        }

        else{

        foreach ($this->getPasswordVersion() as $hashVersion) {

        $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);

        }

        }

        

        //print $password . ” “. $this->getPasswordHash(); die;


        return Security::compareStrings(

            $password,

            $this->getPasswordHash()

        );

    }

}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/**
* Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data
*/
class Encryptor extends MagentoFrameworkEncryptionEncryptor
{
/**
* @var array map of hash versions
*/
private $hashVersionMap = [
self::HASH_VERSION_MD5 => ‘md5’,
self::HASH_VERSION_SHA256 => ‘sha256’
];
/**
* @var array map of password hash
*/
private $passwordHashMap = [
self::PASSWORD_HASH => ,
self::PASSWORD_SALT => ,
self::PASSWORD_VERSION => self::HASH_VERSION_LATEST
];
/**
* @param string $hash
* @return array
*/
private function explodePasswordHash($hash)
{
$explodedPassword = explode(self::DELIMITER, $hash, 3);
foreach ($this>passwordHashMap as $key => $defaultValue) {
$this>passwordHashMap[$key] = (isset($explodedPassword[$key])) ? $explodedPassword[$key] : $defaultValue;
}
return $this>passwordHashMap;
}
/**
* @return string
*/
private function getPasswordHash()
{
return (string)$this>passwordHashMap[self::PASSWORD_HASH];
}
/**
* @return string
*/
private function getPasswordSalt()
{
return (string)$this>passwordHashMap[self::PASSWORD_SALT];
}
/**
* @return array
*/
private function getPasswordVersion()
{
return array_map(‘intval’, explode(self::DELIMITER, $this>passwordHashMap[self::PASSWORD_VERSION]));
}
    /**
     * @inheritdoc
     */
    public function isValidHash($password, $hash)
    {
        $this>explodePasswordHash($hash);
        
        $hashs = explode(“:”, $hash);
        if(count($hashs) == 2){
         $password = md5($this>getPasswordSalt() . $password);
        }
        else{
         foreach ($this>getPasswordVersion() as $hashVersion) {
         $password = $this>hash($this>getPasswordSalt() . $password, $hashVersion);
         }
        }
        
        //print $password . ” “. $this->getPasswordHash(); die;
 
        return Security::compareStrings(
            $password,
            $this>getPasswordHash()
        );
    }
}
 

 

Now Magento 1 user will able to login their old password. New customers password logic will remain same.

Puneet Kumar Magento Developer
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply