Magento 客户登陆验证 How magento store password and validate password

Magento 客户登陆验证 How magento store password and validate password

[toc]
Magento使用MD5和salt algorithems为客户和管理员用户存储密码

magento如何创建加密密码

Magento创建加密密码

Mage::getModel('core/encryption')->decrypt($password);

这是解密($ password)函数的逻辑,

$password = "12345678";
$salt = "at";
$encyPasswod = md5($salt.$pass).":".$salt;

在上面的函数中,$salt是随机生成的两个字母数字字符串。

magento如何验证密码

Bellow functiona将验证用户密码,

Mage::getModel('customer/customer')->authenticate($email, $password);

上述功能背后的逻辑是,

$email = "techbandhus@gmail.com";
$password = "123456";

//Load a customer by email address
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
->loadByEmail($email);

// if loaded! get stored password from database
$hash = $customer->getData("password_hash");

// Get last two digits separate by :";
$hashArr = explode(':', $hash);

public function validateHash($password, $hash)
{
     $hashArr = explode(':', $hash);
     switch (count($hashArr)) {
         case 1:
             return $this->hash($password) === $hash;
         case 2:
             return $this->hash($hashArr[1] . $password) === $hashArr[0];
     }
     Mage::throwException('Invalid hash.');
 }

因此,它只是意味着即使您没有添加salt密钥并且只有MD5文本作为密码,登录也会起作用。
https://techbandhu.wordpress.com/2013/08/29/how-magento-store-password-and-validate-password-magento/

实例

1.客户端让客户通过身份验证

// Or whatever the path to your app/Mage.php happens to be ...
require_once( dirname(__FILE__).'/app/Mage.php' );

// Initialize Magento ...
Mage::app("default");

// Set the variables that we care about.
$id = 1;  // The Store ID.  Since Magento can handle multiples, this may change.
$username = 'their.email@their.domain.com';  // Their email address / username (the same thing)
$password = 'theirpassword';  // Their password.

try{
    $blah = Mage::getModel('customer/customer')->setWebsiteId($id)->authenticate($username, $password);
}catch( Exception $e ){
    $blah = false;
}

2.后台获得Customersadmins

// Or whatever the path to your app/Mage.php happens to be ...
require_once( dirname(__FILE__).'/app/Mage.php' );

// Initialize Magento ...
Mage::app("default");

// Set the variables that we care about.
$username = 'admin';  // Or whatever username we're going with.
$password = 'password'; // Obviously, replace this with whatever the actual password you're looking to validate is.

$blah = Mage::getModel('admin/user')->authenticate($username, $password);

在这些代码块中的任何一个之后,根据您是否验证管理员或客户,$blah将包含TRUE它是否有效,或者FALSE它是否无效!

或者我个人写的一个函数:

function customer_exists($email, $password, $data = array())
{
    $website = Mage::app()->getStore()->getWebsiteId();

    if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return 'invalid email';
    else
    {
        $customer  = Mage::getModel('customer/customer');
        $customer->setWebsiteId($website);
        $customer->loadByEmail($email);

        if ($customer->getId())
        {
            if(strlen($password)*1 >= 6)
            {
                try{ $blah = $customer->setWebsiteId($website)->authenticate($email, $password); }
                catch( Exception $e ){ $blah = 0; }
            }
            else $blah = 'invalid password';
        }
        else
        {
            if(strlen($password)*1 < 6) return 'invalid password';
            else
            {
                $current_date = date('Y-m-d H:i:s',time());

                $customer->setEmail($email);
                $customer->setFirstname($data['first_name']);
                $customer->setLastname($data['last_name']);
                $customer->setWebsiteId($website);
                $customer->setPassword($password);
                $customer->setCreatedAt($current_date);
                $customer->setUpdatedAt($current_date);
                $customer->setIsActive('1');
                $customer->save();
                $customer->setConfirmation(null);
                $customer->save();

                $blah = $customer->getId();
            }
        }

        return $blah;
    }
}

发表评论

发表评论

*

沙发空缺中,还不快抢~