Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Importing customers into database - login does not work


icx

Recommended Posts

I have about 600 customer records sitting in a .tab text file. I have gone to the effort to make sure that all the data is accurate and complete. I can import the data directly into MySQL using the mysqlimport function, and have done so successfully - customers, addresses the whole deal 100% perfectly imported. BUT, I CANNOT LOGIN WITH ANY OF THEIR PASSWORDS!

 

The passwords that I imported into MySQL from the .tab text file are in plain text and I think that this is the porblem. Two questions (3 i guess):

 

1. How are those passwords being encrypted (what algorithim)

2. Is there any way to encrypt them properly while importing from .tab text file

3. Is this even the problem?????

Link to comment
Share on other sites

Yes, the passwords in OSCommerce are encrypted. You should be able to correct this with the following query on your database (backup beforehand though).

 

update customers set customers_password=md5(customers_password);

 

The algorithm used is actually a Hashing algorithm instead of an encryption algorithm. Once this is done, you won't be able to retrieve the original password. Oscommerce handles this by assigning a new temporary password if a customer loses theirs.

 

I hope this helps.

Link to comment
Share on other sites

First off thanks - I appreciate your reply. When I look at working passwords though the format is slightly different.

 

working password --> fd6fa87f997e06125ac56d611b8f8919:ff

new password created with update customers set customers_password=md5(customers_password) --> 626682c5b20a0a24201a4735770f33ee

 

notice there is no colon? I am not sure what this means, but I know that I still cannot log in with any of the customer's passwords.

 

Any more suggestions?

Link to comment
Share on other sites

inside /catalog/includes/function there is a password_funcs.php page....

 

////

// This function makes a new password from a plaintext password.

function tep_encrypt_password($plain) {

$password = '';

 

for ($i=0; $i<10; $i++) {

$password .= tep_rand();

}

 

$salt = substr(md5($password), 0, 2);

 

$password = md5($salt . $plain) . ':' . $salt;

 

return $password;

}

?>

 

Unfortunately I do not understand this - $Salt?????

Link to comment
Share on other sites

Okay... they salt the passwords before storing them. I should have looked first.

 

In MySQL terms this would be similar to:

 

update customers set customers_password = concat_ws(":", md5(concat('ip', customers_password)), 'ip');

 

Not as good as a random salt but it will work for your needs. I have also tested this on a dummy database with plaintext passwords and was able to login through the catalog. For added security, you can change the ip in the above query to any 2 character string.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...