Allowing Login to WordPress with SHA1 (salted)

  • Hi everyone,

    I am looking at migrating an ecommerce store from OpenCart to WordPress/WooCommerce. With testing, I’ve been able to see that I can transfer nearly everything across from OpenCart, however, the one issue I am struggling to solve is the existing user’s login – specifically the passwords. I would prefer not to have to reset all the password.

    My approach is preferably to get WordPress to accept OpenCart’s authentication method and then convert the password to a WP password once the user logs in.

    I’ve found a piece of code that seems to do most of this, but doesn’t take into account the fact that the passwords are salted as well. Could someone please assist me with altering this code to allow salted SHA1 passwords or point me in the right direction as I can’t seem to figure it out.

    This is the existing code: https://maxrice.com/allow-wordpress-login-with-sha1-password-hash/ and OpenCart’s password authentication is as follows:

    password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1(‘” . $this->db->escape($password) . “‘)))))

    Your help will be greatly appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Dion

    (@diondesigns)

    There is no way that code can work because you must read the user’s salt from the OpenCart database. I’d suggest adding the OpenCart user table to the WordPress database, and “plugging” the wp_authenticate() function with a combination of the original WP code and the OpenCart authentication code.

    Basically…check WP credentials, and if not valid, check OpenCart credentials. If WP authentication is invalid and OC authentication is valid, then hash the password in WP format and store it in the WP _users table.

    holywar08

    (@holywar08)

    Hi, can u solved problem ?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Allowing Login to WordPress with SHA1 (salted)’ is closed to new replies.