Migrate Customer Credentials

[dvankuren]

Hello All,

 

We have decided to migrate our OSC installation to something more applicable to our business model. I am in the process of coming up with a way to move all of the customer data from the OSC MySQL DB to the new package's Microsoft SQL DB.

 

Where I run up against a wall is with customer passwords. It is my understanding that the passwords in customers.customers_password is stored using irreversible encryption, in which case my only choice is to populate the MS SQL DB with some arbitrary password of my choosing and then force the user to generate a new password using the provided tools. Am I correct in my thinking?

 

I would love to do this with as little impact on the customer as possible so if there is any way to move the passwords I would love to know about it.

[MoisesZaragoza]

I was able to log in to the DB itself and i dont see the encriprion i do see it when i try to echo its value

[MoisesZaragoza]

you probably want to change the password setting to ve a varchar insted of password when you are exporting

[dvankuren]

you probably want to change the password setting to ve a varchar insted of password when you are exporting

 

I will give that a try. Thanks.

[MoisesZaragoza]

let me know if it works

 

but you are able to see the original password on the DB?

[aguzman]

Dan Van Kuren, I'm looking to do something very similar. I want to take a member database in Microsoft Access and upload it to the customers table in osCommerce sql database, but run into the same problem with passwords.

 

I want to prepopulate the osCommerce store with our membership, thus cutting down the steps they have to do to enter the store as a member, all they have to do is enter their email and password.

 

What is your outcome and can you share with me?

[dvankuren]

Dan Van Kuren, I'm looking to do something very similar. I want to take a member database in Microsoft Access and upload it to the customers table in osCommerce sql database, but run into the same problem with passwords.

 

I want to prepopulate the osCommerce store with our membership, thus cutting down the steps they have to do to enter the store as a member, all they have to do is enter their email and password.

 

What is your outcome and can you share with me?

 

Well, to be the bearer of bad news, I cannot see the customer passwords in the database and the field type is set to varchar so there has to be some encryption method that is taking place. That in itself is not a stopping point... Here is a way you might work around it:

 

Go into your OSC webstore and create a new account with a generic but secure password.

 

Go into PHPMyAdmin or something similar and view the raw contents of the customers_password field for this user you just created. This will be the encrypted version of the password you set. You can then copy this value for all users and simply have them request a new password to be emailed to them the first time they use the site. Its not ideal but it probably will work. You never have to give the customer the password you created. It is just there to prevent someone from wandering in and stealing data. Once you get your members imported (sans password of course) you can use something like:

 

UPDATE customers SET customers_password='encrypted password value here' WHERE customers_password=' '

 

to add the dummy password to the customers table.

 

That being said, I think OSC (or PHP) has a built in ENCRYPT method that can be used to encrypt a string value. Maybe someone here who is more experienced than I in the language can instruct you on how to grab the passwords using PHP, encrypt them, and dump them into the DB. Any takers on this one?