How to use magento 1 customer password in magento 2

 Magento 1 use MD5 hash to encrypt the password and Magento 2 use SHA-256.

In Magento 1, they use Mage_Core_Model_Encryption class with following functions.

1 2 3 4 5 6 7 8

public function getHash($password, $salt = false) {     if (is_integer($salt)) {         $salt = $this->_helper->getRandomString($salt);     }     return $salt === false ? $this->hash($password) : $this->hash($salt . $password) . ':' . $salt; }

1 2 3 4 5

public function hash($data) {     return md5($data); }

Magento 1 generate hash by md5(salt + password) and save in database with 1 colon like $password-hash : $salt.

Magento 2 has changed logic and written in vendor/magento/framework/Encryption/Encryptor.php

Magento 2 generate hash like hash(‘sha256’, $salt . $password); and save with 2 colons in database like

$password-hash : $salt: $version

You have to override Encryptor class via di.xml with some private functions in your module.

/**

 * Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data

 */

class Encryptor extends \Magento\Framework\Encryption\Encryptor

{

/**

* @var array map of hash versions

*/

private $hashVersionMap = [

self::HASH_VERSION_MD5 => 'md5',

self::HASH_VERSION_SHA256 => 'sha256'

];

/**

* @var array map of password hash

*/

private $passwordHashMap = [

self::PASSWORD_HASH => '',

self::PASSWORD_SALT => '',

self::PASSWORD_VERSION => self::HASH_VERSION_LATEST

];

/**

* @param string $hash

* @return array

*/

private function explodePasswordHash($hash)

{

$explodedPassword = explode(self::DELIMITER, $hash, 3);

foreach ($this->passwordHashMap as $key => $defaultValue) {

$this->passwordHashMap[$key] = (isset($explodedPassword[$key])) ? $explodedPassword[$key] : $defaultValue;

}

return $this->passwordHashMap;

}

/**

* @return string

*/

private function getPasswordHash()

{

return (string)$this->passwordHashMap[self::PASSWORD_HASH];

}

/**

* @return string

*/

private function getPasswordSalt()

{

return (string)$this->passwordHashMap[self::PASSWORD_SALT];

}

/**

* @return array

*/

private function getPasswordVersion()

{

return array_map('intval', explode(self::DELIMITER, $this->passwordHashMap[self::PASSWORD_VERSION]));

}

    /**

     * @inheritdoc

     */

    public function isValidHash($password, $hash)

    {

        $this->explodePasswordHash($hash);

        

        $hashs = explode(":", $hash);

        if(count($hashs) == 2){

        $password = md5($this->getPasswordSalt() . $password);

        }

        else{

        foreach ($this->getPasswordVersion() as $hashVersion) {

        $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);

        }

        }

        

        //print $password . " ". $this->getPasswordHash(); die;

        return Security::compareStrings(

            $password,

            $this->getPasswordHash()

        );

    }

}

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87

/** * Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data */ class Encryptor extends \Magento\Framework\Encryption\Encryptor { /** * @var array map of hash versions */ private $hashVersionMap = [ self::HASH_VERSION_MD5 => 'md5', self::HASH_VERSION_SHA256 => 'sha256' ]; /** * @var array map of password hash */ private $passwordHashMap = [ self::PASSWORD_HASH => '', self::PASSWORD_SALT => '', self::PASSWORD_VERSION => self::HASH_VERSION_LATEST ]; /** * @param string $hash * @return array */ private function explodePasswordHash($hash) { $explodedPassword = explode(self::DELIMITER, $hash, 3); foreach ($this->passwordHashMap as $key => $defaultValue) { $this->passwordHashMap[$key] = (isset($explodedPassword[$key])) ? $explodedPassword[$key] : $defaultValue; } return $this->passwordHashMap; } /** * @return string */ private function getPasswordHash() { return (string)$this->passwordHashMap[self::PASSWORD_HASH]; } /** * @return string */ private function getPasswordSalt() { return (string)$this->passwordHashMap[self::PASSWORD_SALT]; } /** * @return array */ private function getPasswordVersion() { return array_map('intval', explode(self::DELIMITER, $this->passwordHashMap[self::PASSWORD_VERSION])); }     /**      * @inheritdoc      */     public function isValidHash($password, $hash)     {         $this->explodePasswordHash($hash);                  $hashs = explode(":", $hash);         if(count($hashs) == 2){          $password = md5($this->getPasswordSalt() . $password);         }         else{          foreach ($this->getPasswordVersion() as $hashVersion) {          $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);          }         }                  //print $password . " ". $this->getPasswordHash(); die;           return Security::compareStrings(             $password,             $this->getPasswordHash()         );     } }

 

Now Magento 1 user will able to login their old password. New customers password logic will remain same.