Magento 客户登陆验证 How magento store password and validate password
[toc]
Magento使用MD5和salt algorithems为客户和管理员用户存储密码
magento如何创建加密密码
Magento创建加密密码
Mage::getModel('core/encryption')->decrypt($password);
这是解密($ password)函数的逻辑,
$password = "12345678";
$salt = "at";
$encyPasswod = md5($salt.$pass).":".$salt;
在上面的函数中,$salt是随机生成的两个字母数字字符串。
magento如何验证密码
Bellow functiona将验证用户密码,
Mage::getModel('customer/customer')->authenticate($email, $password);
上述功能背后的逻辑是,
$email = "techbandhus@gmail.com";
$password = "123456";
//Load a customer by email address
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
->loadByEmail($email);
// if loaded! get stored password from database
$hash = $customer->getData("password_hash");
// Get last two digits separate by :";
$hashArr = explode(':', $hash);
public function validateHash($password, $hash)
{
$hashArr = explode(':', $hash);
switch (count($hashArr)) {
case 1:
return $this->hash($password) === $hash;
case 2:
return $this->hash($hashArr[1] . $password) === $hashArr[0];
}
Mage::throwException('Invalid hash.');
}
因此,它只是意味着即使您没有添加salt密钥并且只有MD5文本作为密码,登录也会起作用。
(https://techbandhu.wordpress.com/2013/08/29/how-magento-store-password-and-validate-password-magento/)
实例
1.客户端让客户通过身份验证
// Or whatever the path to your app/Mage.php happens to be ...
require_once( dirname(__FILE__).'/app/Mage.php' );
// Initialize Magento ...
Mage::app("default");
// Set the variables that we care about.
$id = 1; // The Store ID. Since Magento can handle multiples, this may change.
$username = 'their.email@their.domain.com'; // Their email address / username (the same thing)
$password = 'theirpassword'; // Their password.
try{
$blah = Mage::getModel('customer/customer')->setWebsiteId($id)->authenticate($username, $password);
}catch( Exception $e ){
$blah = false;
}
2.后台获得Customersadmins
// Or whatever the path to your app/Mage.php happens to be ...
require_once( dirname(__FILE__).'/app/Mage.php' );
// Initialize Magento ...
Mage::app("default");
// Set the variables that we care about.
$username = 'admin'; // Or whatever username we're going with.
$password = 'password'; // Obviously, replace this with whatever the actual password you're looking to validate is.
$blah = Mage::getModel('admin/user')->authenticate($username, $password);
在这些代码块中的任何一个之后,根据您是否验证管理员或客户,$blah将包含TRUE它是否有效,或者FALSE它是否无效!
或者我个人写的一个函数:
function customer_exists($email, $password, $data = array())
{
$website = Mage::app()->getStore()->getWebsiteId();
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return 'invalid email';
else
{
$customer = Mage::getModel('customer/customer');
$customer->setWebsiteId($website);
$customer->loadByEmail($email);
if ($customer->getId())
{
if(strlen($password)*1 >= 6)
{
try{ $blah = $customer->setWebsiteId($website)->authenticate($email, $password); }
catch( Exception $e ){ $blah = 0; }
}
else $blah = 'invalid password';
}
else
{
if(strlen($password)*1 < 6) return 'invalid password';
else
{
$current_date = date('Y-m-d H:i:s',time());
$customer->setEmail($email);
$customer->setFirstname($data['first_name']);
$customer->setLastname($data['last_name']);
$customer->setWebsiteId($website);
$customer->setPassword($password);
$customer->setCreatedAt($current_date);
$customer->setUpdatedAt($current_date);
$customer->setIsActive('1');
$customer->save();
$customer->setConfirmation(null);
$customer->save();
$blah = $customer->getId();
}
}
return $blah;
}
}
发表评论
沙发空缺中,还不快抢~