Where and how are passwords stored in Magento?
It would be a tremendous user experience bless to have a universal login across various apps of my website. For now, I have a storefront of Magento and a community of IPS board. And I'm trying to integrate them into one universal login for my users.
IPS board offers a variety of login methods and one of them is External Database that enables me to integrate it with an external database for user details.
Fantastic! So I can link IPS with Magento's database for unified user credentials.
However, thus far I can only find the email field that is customer_entity.email.
My questions are:
- What is the password hash field (table.field) in Magento?
- How does Magento generate password hash? MD5? SHA1? What is the salt (I guess it's different by installation but where can I find it)?
As you can see from the attached images, I need the details of where and how Magento stores password to enable IPS to use Magento's database as external database for user login details.
Attached:
Any idea or suggestion on how to get this done would be greatly appreciated!
Answer
Customer's password is stored in customer_entity_varchar, it is an eav attribute. You can't use IPB external database functionality. You should use Mage::getModel('customer/customer')->authenticate($logi, $password); to authenticate customers in your code.