问题
I made some third party system based with php for Prestashop 1.6. It works with connecting directly the Prestashop Database. And know Im upgraded my Presta to 1.7.5.1 and IT WORKS. Only It dont log in customers anymore because as I can see Password encryption is changed. I was using md5(COOKIE_KEY.'password') for 1.6, but I see the passwords on 1.7 nothing like md5. Could you tell me how encryption is. (it become much better if you tell me with php code)
Prestashop 1.7.5.1
$2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym
for 123456
回答1:
PrestaShop 1.7.x now uses bcrypt as the preferred hash method (md5 is still supported though).
To better understand the behavior between PrestaShop v1.6.x vs 1.7.x for checking passwords, let's have a look at the getByEmail() method in the Customer class:
/**
* Return customer instance from its e-mail (optionally check password).
*
* @param string $email e-mail
* @param string $plaintextPassword Password is also checked if specified
* @param bool $ignoreGuest
*
* @return bool|Customer|CustomerCore Customer instance
*/
public function getByEmail($email, $plaintextPassword = null, $ignoreGuest = true)
If $plaintextPassword is provided the encrypted version of the password is retrieved with:
$this->passwd = $crypto->hash($plaintextPassword);
The Hashing class can be instancied by doing:
$crypto = ServiceLocator::get('\\PrestaShop\\PrestaShop\\Core\\Crypto\\Hashing');
Solution for your example using PrestaShop 1.7 classes/methods:
<?php
namespace PrestaShop\PrestaShop\Core\Crypto;
include('config/config.inc.php');
$plaintextPassword = '123456';
$crypto = new Hashing;
$encryptedPassword = $crypto->hash($plaintextPassword, _COOKIE_KEY_);
echo 'Clear: '.$plaintextPassword.'<br />Encrypted: '.$encryptedPassword;
/* Result (example)
Clear: 123456
Encrypted: $2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym */
Alternate solution, without the need to include any PrestaShop files/methods:
<?php
$plaintextPassword = '123456';
$encryptedPassword = password_hash($plaintextPassword, PASSWORD_BCRYPT);
echo var_dump(password_verify($plaintextPassword, $encryptedPassword)); // True if encryption is matching
I hope this helps.
来源:https://stackoverflow.com/questions/55895336/prestashop-1-7-customer-password-encryption