magento password handler - support non-salted passwords as well

2025-08-04 05:37:32 +02:00 · 2011-09-15 12:59:26 +00:00
parent 88651c747b
commit d5dda7fd50
1 changed files with 10 additions and 6 deletions
--- a/e107_plugins/alt_auth/extended_password_handler.php
+++ b/e107_plugins/alt_auth/extended_password_handler.php
@@ -251,18 +251,22 @@ class ExtendedPasswordHandler extends UserHandler
 			case PASSWORD_MAGENTO_SALT :
-				if ((strpos($stored_hash, ':') === false))
+				$hash = $salt = '';
 				if ((strpos($stored_hash, ':') !== false))
 				{
-					return PASSWORD_INVALID;
+					list($hash, $salt) = explode(':', $stored_hash); 
 				}
-				// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt
+				// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash
-				list($hash, $salt) = explode(':', $stored_hash); 
+				else 
 				{
 					$hash = $stored_hash;
 				} 
 				if(strlen($hash) !== 32) 
 				{
-					return PASSWORD_INVALID;
+					//return PASSWORD_INVALID;
 				}
-				$pwHash = md5($salt.$pword);
+				$pwHash = $salt ? md5($salt.$pword) : md5($pword);
 				$stored_hash = $hash;
 				break;