我是magento的新手,但是我的任务是使用管理员身份验证来制作自定义api。我完成了api,但坚持管理身份验证。我面临的主要问题是:magento中的密码是md5加密的,我不知道该怎么办。这方面的帮助将受到关注。我的身份验证代码如下:
public function indexAction() {
require_once 'app/Mage.php';
umask(0);
$app = Mage::app('default');
$array = $_GET;
$username = $_GET['username'];
$password = $_GET['password'];
Mage::getSingleton('core/session', array('name' => 'adminhtml'));
$user = Mage::getModel('admin/user')->loadByUsername($username); // user your admin username
$user_id = $user->getId();
// echo $user_id;
if(($user->getId())>=1)
{
echo "User Name: True";
echo "<br>";
$dbpassword = $user->getData('password');
// echo $dbpassword." ---- ";
// echo md5($username.$pass).":".$username;
// echo "<pre>";
// $a = Mage::helper('core')->validateHash($password, $dbpassword);
// print_r($a);
if($password == $dbpassword)
{
echo "<hr>";
echo "Password: True";echo "<br>";
echo "Authenticated :) Here we go!!";
}
else
{
echo "Password: False";
}
}
else
{
echo "User Name: False";
}
}
答案 0 :(得分:1)
使用此功能根据magento散列密码验证密码
ex: 10235
base 10 --> 10235 = f(10) = 1x10^5 + 0x10^4 + 2x10^3 + 3x10^2 + 3x10 + 5
base 16 --> 0x37FB = g(16) = 2x16^3 + 7x16^2 + 15x16^1 + 11
要检查密码是否有效,请执行以下操作
public function validateHash($password, $hash){
$hashArr = explode(':', $hash);
switch (count($hashArr)) {
case 1:
return md5($password) === $hash;
case 2:
return md5($hashArr[1] . $password) === $hashArr[0];
}
}