osCommerce France : Accueil Forum Portail osCommerce France Réponses aux questions Foire aux contributions

Bienvenue invité ( Connexion | Inscription )

 
Reply to this topicStart new topic
> migration osc vers prestashop, surcouche de la classe customer.php
niko_232
posté 7 Mar 2019, 16:35
Message #1


Ceinture verte OSC
Icône de groupe

Groupe : Membres
Messages : 690
Inscrit : 31-May 05
Lieu : in the land of hicks
Membre no 6041



bonjour à tous,

j'ai migré une de mes osc sous Prestashop.
j'ai eu des soucis avec l'encodage des mot de passe, donc je vous poste mon fichier qui fonctionne apres quelques adaptations d'un code trouvé sur la toile.

je le partage car j'ai galéré à le trouver et je pense que ca pourras etre utile.

Code
<?php

class Customer extends CustomerCore {

    public function getByEmail($email, $passwd = null, $ignore_guest = true) {
        
        if(!Validate::isEmail($email) || ($passwd && !Validate::isPasswd($passwd)))
            die(Tools::displayError());
        
        $db = Db::getInstance();
        
        $sql = 'SELECT *
                FROM `' . _DB_PREFIX_ . 'customer`
                WHERE `email` = \'' . pSQL($email) . '\'
                ' . Shop::addSqlRestriction(Shop::SHARE_CUSTOMER) . '
                ' . (isset($passwd) ? 'AND `passwd` = \'' . Tools::encrypt($passwd) . '\'' : '') . '
                AND `deleted` = 0
                '.($ignore_guest ? ' AND `is_guest` = 0' : '');
        $result = $db->getRow($sql);
        
        // == BEGIN OSCOMMERCE TO PRESTASHOP PASSWORD INTEGRATION ==
        // == BY Martin Edlman - martin.edlman@gmail.com
        // == @ 27/2/2014
        // == USE AND MODIFY AT WILL
        // == TESTED ON PRESTASHOP V1.6.X
        if(! $result) { // <- INVALID PRESTASHOP LOGIN, IT MAY BE AN OSCOMMERCE PASSWORD
            // $resultOSC = $db->getRow('
                // SELECT `passwd`
                // FROM `' . _DB_PREFIX_ . 'customer`
                // WHERE `email` = \'' . pSQL($email) . '\'
                // ' . Shop::addSqlRestriction(Shop::SHARE_CUSTOMER) . '
                // AND `deleted` = 0
                // '.($ignore_guest ? ' AND `is_guest` = 0' : ''));
                
            $resultOSC = Db::getInstance()->getRow('
            SELECT `password`
            FROM `osc_legacy_passwords`
            WHERE `email` = \''.pSQL($email).'\'
            AND `updated` = 0');
            
            if(! $resultOSC)
                return false; // <- EMAIL NOT FOUND, SO IT IS AN INVALID LOGIN

            
            
if(! OSCPassword::tep_validate_password($passwd, $resultOSC['password']))
    return false;
            
            //if(! OSCPassword::check($passwd, $resultOSC['password']))
                //return false; // <- WRONG OSCOMMERCE PASSWORD GIVEN
            
            // WE'LL UPDATE THE CUSTOMER TABLE WITH ITS PRESTASHOP ENCRYPTED PASSWORD...
            $db->Execute('
             UPDATE `' . _DB_PREFIX_ . 'customer`
                SET `passwd` = \'' . md5(pSQL(_COOKIE_KEY_ . $passwd)) . '\'
                WHERE `email` = \'' . pSQL($email) . '\'');
            
            // REUSE ORIGINAL SQL TO AUTHENTICATE WITH UPDATED PRESTASHOP PASSWORD
            $result = $db->getRow($sql);
        }
        // == END OSCOMMERCE TO PRESTASHOP PASSWORD INTEGRATION
        
        $this->id = $result['id_customer'];
        foreach($result as $key => $value)
            if(key_exists($key, $this))
                $this->{$key} = $value;
        
        return $this;
    }
    
}


class OSCPassword {

    private static $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

    private static function encode64($input, $count) {
        $output = '';
        $i = 0;
        do {
            $value = ord($input[$i++]);
            $output .= self::$itoa64[$value & 0x3f];
            if($i < $count)
                $value |= ord($input[$i]) << 8;
            $output .= self::$itoa64[($value >> 6) & 0x3f];
            if($i++ >= $count)
                break;
            if($i < $count)
                $value |= ord($input[$i]) << 16;
            $output .= self::$itoa64[($value >> 12) & 0x3f];
            if($i++ >= $count)
                break;
            $output .= self::$itoa64[($value >> 18) & 0x3f];
        } while($i < $count);
        
        return $output;
    }

    private static function crypt($password, $setting) {
        $output = '*0';
        if(substr($setting, 0, 2) == $output)
            $output = '*1';
        
        $id = substr($setting, 0, 3);
        // We use "$P$", phpBB3 uses "$H$" for the same thing
        if($id != '$P$' && $id != '$H$')
            return $output;
        
        $count_log2 = strpos(self::$itoa64, $setting[3]);
        if($count_log2 < 7 || $count_log2 > 30)
            return $output;
        
        $count = 1 << $count_log2;
        
        $salt = substr($setting, 4, 8);
        if(strlen($salt) != 8)
            return $output;
            
            // We're kind of forced to use MD5 here since it's the only
            // cryptographic primitive available in all versions of PHP
            // currently in use. To implement our own low-level crypto
            // in PHP would result in much worse performance and
            // consequently in lower iteration counts and hashes that are
            // quicker to crack (by non-PHP code).
        if(PHP_VERSION >= '5') {
            $hash = md5($salt . $password, TRUE);
            do {
                $hash = md5($hash . $password, TRUE);
            } while(--$count);
        } else {
            $hash = pack('H*', md5($salt . $password));
            do {
                $hash = pack('H*', md5($hash . $password));
            } while(--$count);
        }
        
        $output = substr($setting, 0, 12);
        $output .= self::encode64($hash, 16);
        
        return $output;
    }

    public static function check($password, $stored_hash) {
        $hash = self::crypt($password, $stored_hash);
        if($hash[0] == '*')
            $hash = crypt($password, $stored_hash);
        
        
        
        
        
            //var_dump(OSCPassword::check($passwd, $resultOSC['password']) );
            echo '<br>';
            //echo $password;
            echo '<br>';
            echo $stored_hash;            
            echo '<br>';
            echo $hash;
            exit;

        // PrestaShop has varchar(32) for password
        //return substr($hash, 0, 32) == $stored_hash;
        
        if($hash == $stored_hash) return true;
    }
    
    public static function tep_validate_password2($plain, $encrypted) {
    if ($plain!='' && $encrypted!='') {
// split apart the hash / salt
      $stack = explode(':', $encrypted);

      if (sizeof($stack) != 2) return false;
        
    echo     md5($stack[1] . $plain).'<br>';
    echo     pack('H*', md5($stack[1] . $plain)).'<br>';
    echo     $stack[0].'<br>';exit;
    
      if (md5($stack[1] . $plain) == $stack[0]) {
        return true;
      }
    }

    return false;
  }
  
   public static function tep_validate_password($plain, $encrypted) {
  if ($plain!='' && $encrypted!='') {
// split apart the hash / salt
  $stack = explode(':', $encrypted);


    
    // echo     ' 1 ' .  $plain.'<br>';

    // echo     ' 4 ' . $encrypted.'<br>';
    // echo     ' ---------------<br>';
    
    // echo     ' 5 ' . md5($stack[1] . $plain) .'<br>';
    // echo     ' 5 ' . md5($stack[1] . $plain) .'<br>';
    // echo     ' 6 ' . $stack[0]   .'<br>';

// exit;
  

  

  


      if (sizeof($stack) != 2) return false;

      if (md5($stack[1] . $plain) == $stack[0]) {
        return true;
      }
    }

    return false;
}



   public static function tep_encrypt_old_password($plain) {
    $password = '';

    for ($i=0; $i<10; $i++) {
      $password .= OSCPassword::tep_rand();
    }

    $salt = substr(md5($password), 0, 2);

    $password = md5($salt . $plain) . ':' . $salt;

    return $password;
  }
  
  
    public static function tep_rand($min = null, $max = null) {
    static $seeded;

    if (!isset($seeded)) {
      mt_srand((double)microtime()*1000000);
      $seeded = true;
    }

    if (isset($min) && isset($max)) {
      if ($min >= $max) {
        return $min;
      } else {
        return mt_rand($min, $max);
      }
    } else {
      return mt_rand();
    }
  }


}

?>




--------------------
Go to the top of the page
 
Havock
posté 12 Mar 2019, 09:32
Message #2


Ceinture bleue OSC
Icône de groupe

Groupe : Membres
Messages : 911
Inscrit : 4-February 04
Membre no 1926



C'est sympa de partager ça smile.gif


--------------------
L'indispensable est en cours de traitement,
L'urgent sera traité demain,
Le normal sera traité plus tard,
Le reste on vera ...
En conclusion : les journées sont trop courtes.
Utilisateur de MS2.2 Max 1.5 - OSC-Affiliate 1.09 - Admin With Access Levels 2.1 - Meta Tag Controller/ Generator - Credit/Gift Voucher/Coupons 5.05 - Download Controller v5.3 - X-Sell MS2 - WYSIWYG HTML Editor for Admin 1.7 - Dynamic Mo Pics - Loginbox Best - Order logging before payment processing - User Tracking - Faster Page Loads, Less DB queries - Plus plein de modifs perso :-)
Go to the top of the page
 

Reply to this topicStart new topic
1 utilisateur(s) sur ce sujet (1 invité(s) et 0 utilisateur(s) anonyme(s))
0 membre(s) :

 



RSS Version bas débit Nous sommes le : 23rd May 2019 - 17:08
Ce site est déclaré auprès de la commision Nationale
de l'Informatique et des Libertés (déclaration n°: 1043896)