Results 1 to 9 of 9
  1. #1
    Join Date
    Mar 2007
    Posts
    4
    Plugin Contributions
    0

    Default Password MD5 HASH in DB.

    Hello All,

    I have a whole bunch of users that I want to import into the ZCart Database and I was wondering if anyone can help me out!

    The problem I am having is that my other database stores the users passwords in plain text and Zcart stores the password in some sort of md5 hash...

    I have tried every method I could find in google and anything I could use from the Zcart user setup php files and simply cannot work out how the passwords are being hashed.

    Here is what I have so far (which is what I have taken from the user setup pages in osc:

    <?php

    function zen_rand($min = null, $max = null) {
    static $seeded;

    if (!isset($seeded)) {
    mt_srand((double)microtime()*1000000);*
    $seeded = true;
    }

    if (isset($min) && isset($max)) {
    if ($min >= $max) {
    return $min;
    } else {
    return mt_rand($min, $max);
    }
    } else {
    return mt_rand();
    }
    }

    $password = 'test1';

    for ($i=0; $i<10; $i++) {
    $password .= zen_rand();
    }

    $salt = substr(md5($password), 0, 2);

    $password = md5($salt . $plain) . ':' . $salt;

    echo $password;

    ?>

    Now that generates the following password hash for the password test1: 6c8349cc7260ae62e3b1396831a8398f:4* 5 and I place that into the database in the same place as the user that I created using the Zcart signup page and it just wont let me login...

    This is what the test1 password looks like for a user that I created using the standard method (the signup page): 0825f77f257b34bf43cfdcbccaa4622d:a* b

    Thanks.

    Rabbie.

  2. #2
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Password MD5 HASH in DB.

    you can either setup ALL with a default password and manually change them by login in as customer,

    OR you can set them up as a default then send a mass email out and request that the user resets their password
    Zen cart PCI compliant Hosting

  3. #3
    Join Date
    Mar 2007
    Posts
    4
    Plugin Contributions
    0

    Default Re: Password MD5 HASH in DB.

    But why? Why is it sooooo hard to just come up with the right algorithm to reproduce the hash in the same way the cart does? Thats the way I want to do it !

  4. #4
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Password MD5 HASH in DB.

    then have a blast

    I offered you a solution,
    sorry if it was to simple
    Zen cart PCI compliant Hosting

  5. #5
    Join Date
    Mar 2007
    Posts
    4
    Plugin Contributions
    0

    Default Re: Password MD5 HASH in DB.

    Thanks Merlin! but whilst your solution is simple, the problem is that my customer requires that the password be the same as the current website!!!

    I have finally found the solution thanks to another forum!!!

    $password = 'test1';

    $salt = substr(md5($password), 0, 2);

    $password = md5($salt . $password) . ':' . $salt;

    echo $password;


    Now thats what I call simple!! I dont know why the bloody hell the random number generation crap is thrown into the mix! Probably to just confuse!

  6. #6
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Password MD5 HASH in DB.

    random generation crap,

    its called Security
    Zen cart PCI compliant Hosting

  7. #7
    Join Date
    Mar 2007
    Posts
    4
    Plugin Contributions
    0

    Default Re: Password MD5 HASH in DB.

    Quote Originally Posted by Merlinpa1969 View Post
    its called Security
    If I can generate a password without it, its called useless.

  8. #8
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    69,402
    Plugin Contributions
    6

    Default Re: Password MD5 HASH in DB.

    And you could not write a simple file to utilize the existing password function to take the unencrypted password and just update the database?

    zen_encrypt_password

    Select all customers_id and passwords
    loop through the list
    take old unencrypted password and encrypt with zen_encrypt_password
    update password with new password for customers_id
    skip to next customer

    I am not sure why this would not work for you to use the built in Zen Cart function on this ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.5]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...
    Signup for our Announcements Forums to stay up to date on important changes and updates!

  9. #9
    Join Date
    Mar 2006
    Location
    St. Louis area
    Posts
    208
    Plugin Contributions
    0

    Default Re: Password MD5 HASH in DB.

    I took a different approach.

    I disabled the salt function and use plain MD5

    Code:
    //receive
    $infoarray[9] = $_POST['customers_password'];     
    
    //put
    $password = md5($infoarray[9]);
    I use a loop. The last list I imported was 1,281 users
    Last edited by scottb; 15 Mar 2007 at 12:14 PM.

 

 

Similar Threads

  1. v139h MD5 hash key too long - but no hash
    By shqipo in forum Built-in Shipping and Payment Modules
    Replies: 3
    Last Post: 9 Mar 2013, 05:13 AM
  2. MD5-Hash and v1.37.1
    By twistmachine in forum Built-in Shipping and Payment Modules
    Replies: 2
    Last Post: 18 Mar 2009, 05:36 PM
  3. MD5 Hash Problem.
    By valerie in forum Addon Payment Modules
    Replies: 1
    Last Post: 6 Jan 2009, 07:25 AM
  4. MD5 Hash Problems
    By bigk in forum Built-in Shipping and Payment Modules
    Replies: 12
    Last Post: 17 Feb 2008, 06:43 AM
  5. MD5 Hash
    By hughesenergy in forum General Questions
    Replies: 2
    Last Post: 12 Feb 2008, 01:24 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR