Magento load customer data not working
https://stackoverflow.com/questions/12923641
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I have an issue in one of my observer's functions. For some reason I can't load the customer information for further manipulation
$user = $observer->getEvent()->getCustomer();
$usertemp = Mage::getModel('customer/customer')->load($user->getId());
I checked and $user->getId() actually carries the id; however when I try, for example:
$password = $usertemp->getPassword();
a null value is set instead of the user's password.
المحلول
First of all - why do you load customer object, if you already have one from $observer->getEvent()->getCustomer()? This operation is of excess here and will just increase resource and time consuming.
Second - for security measure Magento does not store user password in decrypted form. If you want to get user password, try next code:
$passwHash = $customer->getPasswordHash();
$password = Mage::helper('core')->decrypt($passwHash); // this will not work
Update: Mage::helper('core')->decrypt will not decrypt password hash, since it was hashed with md5 hash function, so there is a way to check if passwords are identical (Mage::helper('core')->validateHash), but you can't retrieve the original password.
Update 2: So question asker has some few interesting questions, which he provided in the comments, I will address those here:
Why hash for 123456 is
0f474c41fd20617eb8f1a0cb9b08f3aa:Uhwhile it should have beene10adc3949ba59abbe56e057f20f883ein md5. The answer is - becausehashmethod not only hashes incoming password, but also a randomly generated salt. Take a look at this method:public function getHash($password, $salt = false) { if (is_integer($salt)) { $salt = $this->_helper->getRandomString($salt); } return $salt === false ? $this->hash($password) : $this->hash($salt . $password) . ':' . $salt; }And these two methods in
Customermodel:public function setPassword($password) { $this->setData('password', $password); $this->setPasswordHash($this->hashPassword($password)); return $this; } public function hashPassword($password, $salt = null) { return Mage::helper('core')->getHash($password, !is_null($salt) ? $salt : 2); }So since the
$saltargument is integer (2), the actual salt is randomly generated string. That's why you have different output hash, than you would have if you simplemd5($passw).Also I was working directly with the getPassword() because it was working on user register
That's a bit easier. During the
registeringprocess you have a$_POSTdata with raw password. With the help of$customer->setPassword($passw)you set it to$customermodel. If you look at this function above, you'll see that bothpasswordandpasswordhash attributes are set during this action. The only difference it:passwordisn't really an existing attribute, which means that it will not be stored at the DB, or anywhere else, and it will get lost as soon as$customerobject is cleared from the memory.
There is no way to get user password in Magento. The only thing you can do, is compare given password with existing password_hash (as I mentioned before): Mage_Core_Helper_Data::validateHash
public function validateHash($password, $hash)
{
$hashArr = explode(':', $hash);
switch (count($hashArr)) {
case 1:
return $this->hash($password) === $hash;
case 2:
return $this->hash($hashArr[1] . $password) === $hashArr[0];
}
Mage::throwException('Invalid hash.');
}
