Jump to content

Edit History

KickMe

KickMe

Holà UniArt, and thanks for your contribution on this subject.

I'm migrating an old userbase from 1.3.1.1 to the latest 1.7.6.4 . Rather than upgrading, I installed the 1.7 from scratch, then I imported the customers using CSV export from this query : 

SELECT 
  id_customer, 
  active, 
  case id_gender when 9 then 0 else id_gender end as gender, 
  email,
  passwd,
  birthday,
  lastname,
  firstname,
  newsletter,
  optin,
  date_add,
  '' as groups, /* I don't use groups, adapt this if you need to */
  id_default_group
FROM `ps_customer`

 

In 1.3 the ps_customer.passwd field is a simple unsalted MD5 hash of the user-given password, with no use of the COOKIE_KEY value. I've tested it against my own password. 

When importing, Prestashop assumes the password in the CSV is plain-text and hashes it with the new cryptographic function. Therefore when trying to login, we must check the given password for new users, and if it fails try with an added md5. We do this in classes/form/CustomerLoginForm.php , replacing the sumbit() function with :

  

    public function submit()
    {
        if ($this->validate()) {
            Hook::exec('actionAuthenticationBefore');

            $customer = new Customer();
            $authentication = $customer->getByEmail(
                $this->getValue('email'),
                $this->getValue('password')
            );

            // legacy method : use the md5'd password 
            if (!$authentication || !$customer->id) {
            	$authentication = $customer->getByEmail(
            		$this->getValue('email'),
            		md5($this->getValue('password'))
            	);
            }

            if (isset($authentication->active) && !$authentication->active) {
                $this->errors[''][] = $this->translator->trans('Your account isn\'t available at this time, please contact us', [], 'Shop.Notifications.Error');
            } elseif (!$authentication || !$customer->id || $customer->is_guest) {
                $this->errors[''][] = $this->translator->trans('Authentication failed.', [], 'Shop.Notifications.Error');
            } else {
                $this->context->updateCustomer($customer);

                Hook::exec('actionAuthentication', ['customer' => $this->context->customer]);

                // Login information have changed, so we check if the cart rules still apply
                CartRule::autoRemoveFromCart($this->context);
                CartRule::autoAddToCart($this->context);
            }
        }

        return !$this->hasErrors();
    }

 

 

KickMe

KickMe

Holà UniArt, and thanks for your contribution on this subject.

I'm migrating an old userbase from 1.3.1.1 to the latest 1.7.6.4 . Rather than upgrading, I installed the 1.7 from scratch, then I imported the customers using CSV export from this query : 

SELECT 
  id_customer, 
  active, 
  case id_gender when 9 then 0 else id_gender end as gender, 
  email,
  passwd,
  birthday,
  lastname,
  firstname,
  newsletter,
  optin,
  date_add,
  '' as groups, /* I don't use groups, adapt this if you need to */
  id_default_group
FROM `ps_customer`

 

In 1.3 the ps_customer.passwd field is a simple unsalted MD5 hash of the user-given password, with no use of the COOKIE_KEY value. I've tested it against my own password. 

When importing, Prestashop assumes the password in the CSV is plain-text and hashes it with the new cryptographic function. Therefore when trying to login, we must check the given password for new users, and if it fails try with an added md5. We do this in classes/form/CustomerLoginForm.php , replacing the sumbit() function with :

  

    public function submit()
    {
        if ($this->validate()) {
            Hook::exec('actionAuthenticationBefore');

            $customer = new Customer();
            $authentication = $customer->getByEmail(
                $this->getValue('email'),
                $this->getValue('password')
            );

			// legacy method : use the md5'd password 
			if (!$authentication || !$customer->id) {
				$authentication = $customer->getByEmail(
					$this->getValue('email'),
					md5($this->getValue('password'))
				);
			}

            if (isset($authentication->active) && !$authentication->active) {
                $this->errors[''][] = $this->translator->trans('Your account isn\'t available at this time, please contact us', [], 'Shop.Notifications.Error');
            } elseif (!$authentication || !$customer->id || $customer->is_guest) {
                $this->errors[''][] = $this->translator->trans('Authentication failed.', [], 'Shop.Notifications.Error');
            } else {
                $this->context->updateCustomer($customer);

                Hook::exec('actionAuthentication', ['customer' => $this->context->customer]);

                // Login information have changed, so we check if the cart rules still apply
                CartRule::autoRemoveFromCart($this->context);
                CartRule::autoAddToCart($this->context);
            }
        }

        return !$this->hasErrors();
    }

 

 

×
×
  • Create New...