How to use magento 1 customer password in magento 2

 Magento 1 use MD5 hash to encrypt the password and Magento 2 use SHA-256.

In Magento 1, they use Mage_Core_Model_Encryption class with following functions.

Magento 1 generate hash by md5(salt + password) and save in database with 1 colon like $password-hash : $salt.

Magento 2 has changed logic and written in vendor/magento/framework/Encryption/Encryptor.php

Magento 2 generate hash like hash(‘sha256’, $salt . $password); and save with 2 colons in database like

$password-hash : $salt: $version

You have to override Encryptor class via di.xml with some private functions in your module.


/**

 * Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data

 */

class Encryptor extends \Magento\Framework\Encryption\Encryptor

{

/**

* @var array map of hash versions

*/

private $hashVersionMap = [

self::HASH_VERSION_MD5 => 'md5',

self::HASH_VERSION_SHA256 => 'sha256'

];

/**

* @var array map of password hash

*/

private $passwordHashMap = [

self::PASSWORD_HASH => '',

self::PASSWORD_SALT => '',

self::PASSWORD_VERSION => self::HASH_VERSION_LATEST

];

/**

* @param string $hash

* @return array

*/

private function explodePasswordHash($hash)

{

$explodedPassword = explode(self::DELIMITER, $hash, 3);

foreach ($this->passwordHashMap as $key => $defaultValue) {

$this->passwordHashMap[$key] = (isset($explodedPassword[$key])) ? $explodedPassword[$key] : $defaultValue;

}

return $this->passwordHashMap;

}

/**

* @return string

*/

private function getPasswordHash()

{

return (string)$this->passwordHashMap[self::PASSWORD_HASH];

}

/**

* @return string

*/

private function getPasswordSalt()

{

return (string)$this->passwordHashMap[self::PASSWORD_SALT];

}

/**

* @return array

*/

private function getPasswordVersion()

{

return array_map('intval', explode(self::DELIMITER, $this->passwordHashMap[self::PASSWORD_VERSION]));

}

    /**

     * @inheritdoc

     */

    public function isValidHash($password, $hash)

    {

        $this->explodePasswordHash($hash);

        

        $hashs = explode(":", $hash);

        if(count($hashs) == 2){

        $password = md5($this->getPasswordSalt() . $password);

        }

        else{

        foreach ($this->getPasswordVersion() as $hashVersion) {

        $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);

        }

        }

        

        //print $password . " ". $this->getPasswordHash(); die;


        return Security::compareStrings(

            $password,

            $this->getPasswordHash()

        );

    }

}

 

Now Magento 1 user will able to login their old password. New customers password logic will remain same.

Magento 2 Singleton Design Pattern

  Magento 2 Singleton Design Pattern In the realm of Magento 2 development, mastering design patterns is paramount, and one of the cornersto...

Popular Posts

Posts