[webservice] login via a webservice

[Makio64]

Hello,

 

Im looking to a way to log a user via webservice with his email/password

 

something like : 

 

$opt = array(
     'resource'          =>'customers',
     'filter[email]'  =>'['+$_POST['email']+']',
     'filter[password]'  =>'['+$_POST['password']+']',
     'display' =>'[email,lastname,firstname,credit,adress]'
);

$xml = $webService->get( $opt );

Any idea about the password encryption ?

 

Thanks

 

 

[math_php]

Hi,

 

Create keys in back office for webservice access and then give them to the users.

 

If you want to automate the process you could make a 'cron' like file that would deal with authentification and return key to then access webservice.

 

Regards

[Makio64]

Actually connect to the webservice works, the problem is the filter password.

 

It's encoded in the BDD and I should send the same encoding in the filter, but I have no idea witch hash is use, I was thinking md5 but no.

 

Thanks for helping me

Edited March 11, 2014 by Makio64 (see edit history)

[math_php]

For me there is no password for webservice only a key stored without encoding in ps_account_webservice.

 

You can generate a key in bo wich will provide something like OXFQDX3YYM8MJH1RYGAQHH2LX79ZNRX

but you can also put the key you want like : THISISMYKEYFORPRESTASHOPWEBSERVICE

 

I might be wrong but perhaps you mix with cookies wich are strongly crypted.

[Makio64]

I think there is a misunderstanding.

 

Actually I can get the customer I want and all is informations ( credit / birthday / etc .. ) wihout password as you say but with the key when I initialize my webservice.

 

But I need to create a login system, where the user push the login/password. Then my plan was to use them as filter, compare to the bdd and if the couple login/password exist and return the customer corresponding or an error message if there is not customer with this combinaison.

 

The only problem, I dont know whitch algorythm prestashop use to encrypt the customer password and then i can't send the good password for the combinaison.

 

So the real question is : witch algorythm prestashop use to encrypt customer password.

 

Thanks !

[Makio64]

In config/settings.inc.php :

define('_COOKIE_KEY_', 'OXFQDX3YYM8MJH1RYGAQHH2LX79ZNRX');

 

The customer password encryption is :

md5(_COOKIE_KEY_+password)

 

The request in my first post did the job with this

 

I hope it help someone else !

[math_php]

Hi Makio64,

 

Ok and you can use Tools::encrypt($passwd) to get the hash

[antoniolite]

Hello,

 

i run this webservice (to login via the webservice), with email and passwd in $opt, but the user is no logged in the Prestashop.

 

Do i need something else to get to user logged in?

 

I tried several ways, but nothing worked :\

[xabikip]

hello,

 

I use like this:

$password = md5('5BeHRGBt7r012341t1t1LXDDo1234yON1r67JyM4321VHDgnq4321CmS' + 'rl61122');

$opt = array(
         'resource'       => 'customers',
         'filter[email]'  => '[[email protected]]',
         'filter[password]'  => '['.$password.']',
         'display' => '[email,lastname,firstname,credit,adress]'
      );

And I have 400 bad request.

 

Error : This call to PrestaShop Web Services failed and returned an HTTP status of 400. That means: Bad Request

 

You can help me? what I have bad in my syntax?

 

Thanks,

[Nikhil.nj]

Hello I'm not sure but I think in Prestashop it used sha1 for encode the password if you want to try then just taste it and let me know whatever you get...

 

 

Please don't say thank you...

 

Nick ['}

Edited March 30, 2015 by Nikhil.nj (see edit history)

[xabikip]

This class help me to login. You can see there: 

https://github.com/hparfr/prestashopBridge

[Nikhil.nj]

Thank you  xabikip

 

Xabikip can  I know about your web services so it can be help me for my confusion, Can you use th elibrary of the Prestashop Web services Library referenced in documentation???

 

Or you create custom web services for your own way?

 

Please reply me as possible..

 

 

For reply

 

Nikhil ['}

Edited March 30, 2015 by Nikhil.nj (see edit history)

[samsamail]

Hi Nikhil,

 

I'm running into the same problem as Xabikip. Indeed, i'm trying to login via webservice using email + MD5 hash as described in your post but i always get the same error => 'This call to PrestaShop Web Services failed and returned an HTTP status of 400. That means: Bad Request.'

 

Any idea what could cause this issue ?

 

Also does this method work with employee endpoint ?

 

Waiting for your reply

Thanks a lot

Best

Samy

[jonaul]

Hi,

The only difference I found with my code, is that I call the webservice this way:

"customers/?filter=" + email + "&filter[passwd]=" + hmacMD5".

So maybe you have to change

$opt = array(
         'resource'       => 'customers',
         'filter[email]'  => '[[email protected]]',
         'filter[password]'  => '['.$password.']',
         'display' => '[email,lastname,firstname,credit,adress]'
      );

 to

$opt = array(
         'resource'       => 'customers',
         'filter[email]'  => '[[email protected]]',
         'filter[passwd]'  => '['.$password.']',
         'display' => '[email,lastname,firstname,credit,adress]'
      );

Hope it helps!

[vikram2]

On 3/2/2015 at 4:32 PM, xabikip said:

lastname

 

[abouzouzou]

hello, 

 

any news ? 

i am trying to retrieve customers (users based on login password), i saw in 1.7 this is the way to encode password :

$password = md5('5BeHRGBt7r012341t1t1LXDDo1234yON1r67JyM4321VHDgnq4321CmS' + 'rl61122');

but i can't manage to retrieve it

[mastlucas]

Hello!
I need to get a user of my website to login to the prestashop ecommerce. With the APi I managed to validate the email and password, now I only need that when I refresh the ecomerce, I appear logged in. Any suggestion?
My code is the following

//--------------Login
// get information from PrestaShop
$ webService = new PrestaShopWebservice ('https://www.xxxxx.com/', 'XXXXXXXXXXXXXXXXXXXX', false);

$ email = '[email protected]'; // $ _REQUEST ['email'];
$ password = 'XXXXX';
// $ password = $ _REQUEST ['password'];

$ optUser = array (
'resource' => 'customers',
'filter [email]' => '['. $ email. ']',
'display' => '[id, email, lastname, firstname, passwd]'
);

$ resultUser = ($ webService-> get ($ optUser));

foreach ($ resultUser-> customers-> customer as $ info) {

if (password_verify ($ password, $ info-> passwd) == true) {
$ response = array ();
$ response ['status'] = 'succes';
$ response ['message'] = "You did it!";
setcookie ("userId", $ info-> id);

$ _SESSION ['user'] = $ email;
header ('Content-type: application / json');

echo json_encode ($ response);

echo '<br>'. $ info-> passwd;
echo '<br>'. $ cook;
} else {
$ response = array ();
$ response ['status'] = 'error';
$ response ['message'] = 'Wrong password';
header ('Content-type: application / json');
echo json_encode ($ response);
}
}