I have faced this issue 2wice now and i though it might be better if i make a post about it, the first time i experience this issue i notice that you can login with any password for any customer, so i opened a issue @ magento GitHub page 23296 and after debugging locally i found the problem and fix it and it was related to hash compare coding, after some months i had to do an update and again it returned but this time the opposite customers cant login even if they have a correct password, and below is the solution for booth:
1- open this file: vendor/magento/framework/Encryption/Encryptor.php
2- @ function isValidHas, replace the hash comparison code as follow:
Original Code:
public function isValidHash($password, $hash)
{
$this->explodePasswordHash($hash);
foreach ($this->getPasswordVersion() as $hashVersion) {
$password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);
}
$hash = $this->getPasswordHash();
return Security::compareStrings(
$password,
$hash
);
}
Modified Code:
public function isValidHash($password, $hash)
{
$this->explodePasswordHash($hash);
foreach ($this->getPasswordVersion() as $hashVersion) {
$password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);
}
/*$hash = $this->getPasswordHash();
return Security::compareStrings(
$password,
$hash
);*/
$hash = $this->getPasswordHash();
return Security::compareStrings($password, $hash);
}
Comments
Post a Comment