Prestashop 1.7客户密码加密? [英] Prestashop 1.7 Customer Password Encryption?

问题描述

我为Prestashop 1.6创建了一些基于php的第三方系统.它可以直接连接Prestashop数据库.并且知道Im将我的Presta升级到1.7.5.1并开始工作了.只有它不再登录客户，因为如我所见，密码加密已更改.我在1.6上使用了md5(COOKIE_KEY.'password')，但在1.7上看到的密码与md5完全不同.你能告诉我加密是怎么回事. (如果您用php代码告诉我，它将变得更好)

I made some third party system based with php for Prestashop 1.6. It works with connecting directly the Prestashop Database. And know Im upgraded my Presta to 1.7.5.1 and IT WORKS. Only It dont log in customers anymore because as I can see Password encryption is changed. I was using md5(COOKIE_KEY.'password') for 1.6, but I see the passwords on 1.7 nothing like md5. Could you tell me how encryption is. (it become much better if you tell me with php code)

Prestashop 1.7.5.1

Prestashop 1.7.5.1

$ 2y $ 10 $ 6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym

$2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym

代表123456

推荐答案

PrestaShop 1.7.x现在使用 bcrypt 作为首选的哈希方法(尽管仍支持md5).

PrestaShop 1.7.x now uses bcrypt as the preferred hash method (md5 is still supported though).

为了更好地了解PrestaShop v1.6.x与1.7.x之间用于检查密码的行为，让我们看一下Customer类中的getByEmail()方法:

To better understand the behavior between PrestaShop v1.6.x vs 1.7.x for checking passwords, let's have a look at the getByEmail() method in the Customer class:

/**
  * Return customer instance from its e-mail (optionally check password).
  *
  * @param string $email e-mail
  * @param string $plaintextPassword Password is also checked if specified
  * @param bool $ignoreGuest
  *
  * @return bool|Customer|CustomerCore Customer instance
 */
 public function getByEmail($email, $plaintextPassword = null, $ignoreGuest = true)

如果提供了$plaintextPassword，则使用以下方式检索密码的加密版本:

If $plaintextPassword is provided the encrypted version of the password is retrieved with:

$this->passwd = $crypto->hash($plaintextPassword);

可以通过以下操作实例化Hashing类:

The Hashing class can be instancied by doing:

$crypto = ServiceLocator::get('\\PrestaShop\\PrestaShop\\Core\\Crypto\\Hashing');

使用PrestaShop 1.7类/方法的示例解决方案:

<?php

namespace PrestaShop\PrestaShop\Core\Crypto;
include('config/config.inc.php');

$plaintextPassword = '123456';
$crypto = new Hashing;
$encryptedPassword = $crypto->hash($plaintextPassword, _COOKIE_KEY_);

echo 'Clear: '.$plaintextPassword.'<br />Encrypted: '.$encryptedPassword;

/* Result (example)
Clear: 123456
Encrypted: $2y$10$6b460aRLklgWblz75NAMteYXLJwjfV6a/uN8GJKgJgPDBuNhHs.ym */

替代解决方案，无需包含任何PrestaShop文件/方法:

<?php

$plaintextPassword = '123456';
$encryptedPassword = password_hash($plaintextPassword, PASSWORD_BCRYPT);
echo var_dump(password_verify($plaintextPassword, $encryptedPassword)); // True if encryption is matching

我希望这会有所帮助.

这篇关于Prestashop 1.7客户密码加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！