Upgrade to opencart V3 and user passwords

Hi everyone,

I still use opencart 1.5 and i'm starting to really be stuck with it because most extensions are not compatible with it anymore.
So i guess i will have to go through the painful update and plan to go with the latest V3.0.3.9
I have found most of what i need, equivalent extensions, and database upgrade extensions that should do the trick, plus i can redesign the site.

The only thing i haven't found is how to be able to keep the user passwords after the upgrade, it looks like the password system has been changed somewhere in opencart V2.
I'm guessing i could "simply" use the password validation code from v1.5 and use it in the v3, at least for users that have an ID lower than a certain number, but i'm not sure exactly where that is and how to make 100% sure it's bullet proof.

Does anyone have experience with this? Or maybe seen an extension that does it? (i've searched for one and on google and could not find anything).

Guess it will be much more simplier (and cheaper) to inform the users that you have a new system.
And they should use the "Fogotten Password" to generate a new password.
This way you can eleminate old customers which have either no interest or do not exist anymore ..

Why 3.0.3.9? The latest version in the OpenCart series is 3.0.4.0.
Also, the customer logins should still work in 3.0.4.0, the database still uses the same 'password' and 'salt' fields in the 'oc_customer', and OC 3.0.4.0. still support the same password encryption method for these old customer records.

V3.0.3.9 because i was advised to do so by a dev, but 3.0.4.0 is fine too V4 would work for me too, but i've been advised not to use it because of still existing bugs.

It's another dev that told me that just importing the passwords would not work, so i took his word for it, and even got a quote for custom development.
I just searched the code in both 1.5 and 3.0.3.9 (because that's the one i installed ) and it seems to me that it is in fact compatible...
V1.5 retrieves the login info with this:

$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(strtolower($email)) . "' AND password = '" . $this->db->escape(md5($password)) . "' AND status = '1' AND approved = '1'");

And V3 does both tests (md5 + SHA1):
$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'");

So unless i'm missing something, i guess i was lied to and it's all compatible...

OSWorX wrote: ↑

Sat Mar 22, 2025 11:58 am

Guess it will be much more simplier (and cheaper) to inform the users that you have a new system.
And they should use the "Fogotten Password" to generate a new password.
This way you can eleminate old customers which have either no interest or do not exist anymore ..

I honestly prefer to avoid that... If i can't, then i will, but i'd like to find an elegant solution first, and it seems to be supported already anyways...

You could use the Export/Import tool to port your customer records over to your new OpenCart server, see also our FAQ on how to do it.

Yes, thank you, i have seen your tool, but i will need to also export all of the other tables, especially orders and even many non default tables that i created.
But i found an extension that does that and that is reasonably priced.