I have a website that i want users to be able to login to their account and we check against cscart_users database table to ensure there email / password is correct. I am using cscart 4.x but i can't seem to get it to work. WHen i look in fn.users.php within cscart to see how the passwords are created It seems cscart doesn't something else to the passwords.
$hash = $user->password;
$salt = $user->salt;
if( $salt ) {
$compare_hash = md5(md5($password).md5($salt));
}
else {
$compare_hash = md5($password);
}
if( $hash == $compare_hash) {
$all_is_well = true;
}
else {
$all_is_well = false;
}
Any Help? I'm using laravel for my other website on the same server as cscart so i have access directly to the database scheme.
Hello,
It's difficult to judge what you may be doing wrong, without a full procedure you're using to log user in.
The code responsible for user login is in controller app/controllers/common/auth.php - you may want to take a look here and compare your procedure with the one built into CS-Cart.
Best regards,
Robert
Hello,
It's difficult to judge what you may be doing wrong, without a full procedure you're using to log user in.
The code responsible for user login is in controller app/controllers/common/auth.php - you may want to take a look here and compare your procedure with the one built into CS-Cart.
Best regards,
Robert
I was able to get it working, I copied down the functions cscart did and put them in my classes to get it working.
Seems the code i found was from an old 3.X version which is how they did it then.
public function login(Request $r) {
$email = $r->input('email');
$password = $r->input('password');
$user = User::where('email', $email)->where('status', 'A')->first();
if($user)
{
if($this->fn_verify_password($password, $user->salt, $user->password))
{
Auth::login($user);
return redirect()->route('home')->withSuccess('Thanks for logging in');
}
}
return redirect()->route('login')->withError('We can not find that account.');
}
Hello
We used to do such logging in such a way that the client logs in to an external website. A cookie with a key is placed.
Then, when logging in to cs-cart, the cookie is checked and a REST API query is made to an external service (where the client logged in). If the content of the cookie is equal to the value returned by the REST API, it means that the client can enter without logging into the CS-Cart (frontend or backend). We have an addon ready for this.
Best regards
Robert