Home/How to use magento 1 customer password in magento 2

How to use magento 1 customer password in magento 2

Published On: 22 August 2018.By .
  • Ecommerce
  • General
  • Product & platform Engineering

Magento 1 use MD5 hash to encrypt the password and Magento 2 use SHA-256.

In Magento 1, they use Mage_Core_Model_Encryption class with following functions.

public function getHash($password, $salt = false)
{
    if (is_integer($salt)) {
        $salt = $this->_helper->getRandomString($salt);
    }
    return $salt === false ? $this->hash($password) : $this->hash($salt . $password) . ':' . $salt;
}
public function hash($data)
{
    return md5($data);
}

Magento 1 generate hash by md5(salt + password) and save in database with 1 colon like $password-hash : $salt.

Magento 2 has changed logic and written in vendor/magento/framework/Encryption/Encryptor.php

Magento 2 generate hash like hash(‘sha256’, $salt . $password); and save with 2 colons in database like

$password-hash : $salt: $version

You have to override Encryptor class via di.xml with some private functions in your module.

/**
 * Class Encryptor provides basic logic for hashing strings and encrypting/decrypting misc data
 */
class Encryptor extends \Magento\Framework\Encryption\Encryptor
{
	/**
	 * @var array map of hash versions
	 */
	private $hashVersionMap = [
		self::HASH_VERSION_MD5 => 'md5',
		self::HASH_VERSION_SHA256 => 'sha256'
	];
	
	/**
	 * @var array map of password hash
	 */
	private $passwordHashMap = [
		self::PASSWORD_HASH => '',
		self::PASSWORD_SALT => '',
		self::PASSWORD_VERSION => self::HASH_VERSION_LATEST
	];
	
	/**
	 * @param string $hash
	 * @return array
	 */
	private function explodePasswordHash($hash)
	{
		$explodedPassword = explode(self::DELIMITER, $hash, 3);
	
		foreach ($this->passwordHashMap as $key => $defaultValue) {
			$this->passwordHashMap[$key] = (isset($explodedPassword[$key])) ? $explodedPassword[$key] : $defaultValue;
		}
	
		return $this->passwordHashMap;
	}
	
	/**
	 * @return string
	 */
	private function getPasswordHash()
	{
		return (string)$this->passwordHashMap[self::PASSWORD_HASH];
	}
	
	/**
	 * @return string
	 */
	private function getPasswordSalt()
	{
		return (string)$this->passwordHashMap[self::PASSWORD_SALT];
	}
	
	/**
	 * @return array
	 */
	private function getPasswordVersion()
	{
		return array_map('intval', explode(self::DELIMITER, $this->passwordHashMap[self::PASSWORD_VERSION]));
	}
	
    /**
     * @inheritdoc
     */
    public function isValidHash($password, $hash)
    {
        $this->explodePasswordHash($hash);
        
        $hashs = explode(":", $hash);
        if(count($hashs) == 2){
        	$password = md5($this->getPasswordSalt() . $password);
        }
        else{
        	foreach ($this->getPasswordVersion() as $hashVersion) {
        		$password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);
        	}
        }
        
        //print $password . " ". $this->getPasswordHash(); die;

        return Security::compareStrings(
            $password,
            $this->getPasswordHash()
        );
    }
}

 

Now Magento 1 user will able to login their old password. New customers password logic will remain same.

 

Related content

We Love Conversations

Say Hello
Go to Top