Page 1 of 1
osCommerce password
Posted: Thu Oct 15, 2009 10:21 pm
by Franz-Peter
Did install Alex Wright's password contribution to import customers from oscommerce to opencart. I was able to transfer all my customers with the oscommerce password. Before to make a test of the password functionality did create myself as new customer with password in oscommerce to control the password functionality after transfer to opencart.
I had no effort. Did try to login into opencart with my oscommerce password and received an error message.
Is there someone who did install that contribution too who was able to login with the old oscommerce customer password?
Re: oscommerce password
Posted: Thu Oct 15, 2009 10:26 pm
by Qphoria
is the password using the same md5 hash method in oscommerce?
Re: oscommerce password
Posted: Thu Oct 15, 2009 10:59 pm
by Franz-Peter
I don't think so. But the contribution should should care about it. As far as I can see the contribution changes the password function in the system folder and in some catalog folders to accept oscommerce passwords when a customer does a login. As soon as the customer enters the oscommerce password the function verifies the password and overwrites the password in the database to have an opencart style password.
The original oscommerce method is to add a two digit salt like in the following hash:
1d6d07a9b24a7019d3ff76cc17dd42a0:89
That is what the function in the contribution should accept for validation and after that the rewrite into the database should create a password in the opencart style.
The data conversion from oscommerce to opencart (customers) was pretty easy. Did take a Zencart Script for converting oscommerce to zencart. There are just a few modifications to match the table names of opencart.
Re: oscommerce password
Posted: Sat Oct 17, 2009 9:13 pm
by Franz-Peter
Hi Qphoria,
are there different md5 methods and which method does OpenCart use?
Re: oscommerce password
Posted: Sat Dec 19, 2009 5:01 pm
by KCMone
Hi, tried to download the Oscommerce import Tool, but it had an unknown file type in the download. Shouldn't this be a ZIP file?
Kind regards
Kenneth
Re: oscommerce password
Posted: Mon Sep 13, 2010 3:04 am
by IBBoard
Sorry for posting to an old topic, but I've got an answer and I hate it when I find a question with no solution.
ZenCart (and so presumably osCommerce, since it seems to have forked from it at some point) uses salted MD5 passwords, where each account has its own salt. There's no way to reverse engineer them to migrate them other than brute forcing and rainbow tables, neither of which is quick. Instead, I made a
Password patch. It makes OpenCart use the Zen Cart password format, if the user's password is stored in that format. Since it is impossible to convert the passwords from Zen Cart to OpenCart because Zen Cart salts its passwords then this password does the salting and checks against the Zen Cart format value.
Hopefully that helps someone else

Re: osCommerce password
Posted: Tue Apr 05, 2011 2:13 am
by Studio-Owens
My solution was similar to IBBoard, but I used vQmod (
http://forum.opencart.com/viewtopic.php?f=23&t=24529).
I take the email address and pull the encrypted password from the DB. If the encrypted password has an osC salt at the end (e.g. :##) then I do a quick check by taking the md5 of the salt plus the plain text password and comparing it to the encrypted password from the database. If it matches I pass it back as the md5 password. Otherwise I pass back the md5 of the plain text password.
vQmod file attached.
Re: osCommerce password
Posted: Thu Aug 18, 2011 2:32 pm
by onlinephilately
Just tested the xml file on 1.5.1 and it seems to work perfect!
Thank you for posting.
Password Help
Posted: Fri Nov 18, 2011 2:49 am
by Cyberwoolf
Hey guys,
I just imported all my data (except attributes) from a zen cart site to the latest version of OC. My problem now is that Zen uses MD5+Salt to encrypt the passwords.
I found a thread:
http://forum.opencart.com/viewtopic.php?t=7092 that had a vqmod file that solved this issue, but it doesn't appear to work anymore. I get: Notice: Undefined variable: owens_password.
Does anyone have another workaround or possibly fix this vqmod file?
Thank you!
Re: Password Help
Posted: Fri Nov 18, 2011 3:57 am
by mberlant
It would have been much better if you had asked your question in the thread you quoted, where cognizant people are already watching, than to start a whole new thread on the same topic. Why not contribute your observations there, where there is already a group familiar with your problem?
Re: Password Help
Posted: Fri Nov 18, 2011 5:05 am
by i2Paq
mberlant wrote:It would have been much better if you had asked your question in the thread you quoted, where cognizant people are already watching, than to start a whole new thread on the same topic. Why not contribute your observations there, where there is already a group familiar with your problem?
Good call!
Topics merged.
Re: osCommerce password
Posted: Fri Nov 18, 2011 5:19 am
by Cyberwoolf
Usually in forums, it is frowned upon to comment in a thread where the last comment is over 3 months old, that's why I added a new post, sorry. Just can't seem to keep the forum rules right.
** Update **
Figured out the solution. The function was different in the customers.php, so I edited that and now it works (1.5.1.3)
Re: osCommerce password
Posted: Thu Nov 24, 2011 4:03 am
by horgh
It doesn't work for me. Just complains about invalid email address or password. I copied passwords directly from OsCommerce database. I noticed that they all had prefix $P$D, I tried with it and without it, no success. I really need a way to import passwords from OsCommerce.
Re: osCommerce password
Posted: Sun Nov 27, 2011 1:00 am
by Cyberwoolf
What version of OC are you using? And do you see any errors in your vQmod manager?
Re: osCommerce password
Posted: Tue Jan 31, 2012 7:23 am
by polo555
Cyberwoolf wrote:
** Update **
Figured out the solution. The function was different in the customers.php, so I edited that and now it works (1.5.1.3)
it works fine for me, thanks (OC 1.5.1.3)
Edit: works also with OC 1.5.2 beta revision 827.
Re: osCommerce password
Posted: Tue Jan 31, 2012 8:13 am
by straightlight
Take note that this solution does not require password resetting every 90 days as it also uses a salted hash password methodology:
http://www.opencart.com/index.php?route ... order=DESC