Post by mighty9403 » Tue Dec 13, 2016 1:19 am

I'm trying to import users from another e-commerce system

The problem I have is that I have discovered that there is a salt column in the oc_users table and Im not sure what to do about this do I create a new user and give all the users the same password and salt and then make them change is or it there a better way of going about this. Any hep would be much appreciated.


Posts

Joined
Tue Aug 28, 2012 4:28 pm


Post by angela » Tue Dec 13, 2016 1:49 am

Most ecom stores send a newsletter update informing customers they've migrated to a new platform and thus have to reset their passwords. Not a big deal, I've gotten quite a few of those myself.

User avatar

Posts

Joined
Fri Dec 02, 2016 2:14 am


Post by thekrotek » Tue Dec 13, 2016 1:59 am

Salt is some kind of "key" in password checks. Passwords are saved in database in encrypted format and there's no way to decrypt it. When user enters password it's encrypted the same way using salt. For example, you can encrypt plain text password + salt using md5 function and save it this way in database. On login the same encryption is made and checked with database value.

Since every framework has its own encryption algorithm, you can't do it an easy way. Like Angela said above, the best way is to create random password/salt for every user and send notification about it. Plain and simple.

Image


User avatar

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by mighty9403 » Sun Dec 18, 2016 5:53 am

Ah OK that seems like 2 different ways.

One seems easier.

So contact all users and let them know that they need to change their passwords that way they do the work and not me.

Or individually put new passwords and salt into the database.

I have about 300 users so ideally don't want to do them individually.

If I add all the users into the database without the salt will they be able to change their password? and will that then create the salt and a new password?

I guess I could give it a try.


Posts

Joined
Tue Aug 28, 2012 4:28 pm


Post by mighty9403 » Sun Dec 18, 2016 6:18 am

Cheers guys for the help it was actually the customers I needed to change and I created a new user and checked the account logged in OK. I then deleted the salt record for that user and they couldn't login. I then requested to change the password and a new password was sent to me and that worked fine.

So I will import all the users into the database and then get them to change their passwords.

Many thanks for your help. ;D


Posts

Joined
Tue Aug 28, 2012 4:28 pm


Post by thekrotek » Sun Dec 18, 2016 6:18 am

You can simply make your migration script a bit more complex. The algorithm will look the following way:

1. Take user from old database.
2. Copy all his data to new database.
3. Generate random password in plain text.
4. Generate salt, encrypt password, save both to database.
5. Send notification with new password in plain text to the user.

Image


User avatar

Posts

Joined
Sun Jul 03, 2016 12:24 am

Who is online

Users browsing this forum: No registered users and 3 guests