Magento

I am migrating my users on joomla running virtuemart to magento but want to keep our existing passwords which are already salted.

I can import the users into magento but the passwords dont work as they are hashed differently.

Joomla / Virtuemart HASH = md5($password.$salt);

Magento HASH = md5($salt.$password);

An example password looks like:

c957d358c8a79e66af10086b53b5a069:AuHg2mCXUhViqKYCLtFco22rmUCDwIFI

So it seems both joomla and magento use the same password format as in HASH:SALT only the hash is generated differently.

Magento prepends the hash to the start of the password where joomla appends it to the end. Otherwise they are practically the same.

Now i understand that the hash is irreversible once created so i’m not looking to reverse it or anything. My goal is more a less to modify magento so that it can understand the joomla passwords but at the same time i want to keep the default magento method active so that new registrants use magento’s default password format.

I’ve already partially solved my problem by modifying Mage_Core_Model_Encryption::validateHash

Using this i can import my user passwords directly and login to them without problems. The only downside to this is that the admin password stops to work and i can no longer access the backend. I figured it was because the admin user was created with the default magento password hash but after changing the password it still doesnt want to work.

If i can get the admin to work with the above this is an option for me, one which id be happy to use but i think for this to work safely and to prevent any issues with updates, etc it needs a little more modifying.

Preferably it should first verify against magento’s password hash, if that fails it would go on to verifying against the joomla password hash, and finally if neither verified it would return the error. Theres also the possibility of updating the password to the default magento hash at login as magento has the customers password.

So thats basically what i’m hoping to do here. I’m sure it sounds more complicated than it is :D.

Would anyone know how to do something like this that would care to help.

Thanks

Well, you know it is almost unreal task. Once you had imported customer accounts from old platform to Magento, your clients should better use password recovery tool to access their accounts. Passwords do not migrate, because they are encrypted specifically by the platform. However, order history will be available for them after the migration. It worked for me while I had migrated my data to Magento using this service, but I think it will work for you as well.

SteveRich - 11 January 2013 01:22 AM

Well, you know it is almost unreal task. Once you had imported customer accounts from old platform to Magento, your clients should better use password recovery tool to access their accounts. Passwords do not migrate, because they are encrypted specifically by the platform. However, order history will be available for them after the migration. It worked for me while I had migrated my data to Magento using this service, but I think it will work for you as well.

Thanks for the reply Steve,

What im trying to achieve isnt going to be easy but should be doable provided someone with the right know how comes along. I already have my user info stored in a csv file, i exported it directly from the database and this converts to magento without any problems so its really just the passwords. Resetting isnt an option realisticly as your just going to lose customers going down that root.

Also, i’ve updated my original post with my latest findings if anyone wants to take another look. It should be much more clearer on what im trying to achieve now.