Search code examples
magentoloadobservers

Magento load customer data not working

I have an issue in one of my observer's functions. For some reason I can't load the customer information for further manipulation 

$user = $observer->getEvent()->getCustomer();
$usertemp = Mage::getModel('customer/customer')->load($user->getId());

I checked and $user->getId() actually carries the id; however when I try, for example:

$password = $usertemp->getPassword();

a null value is set instead of the user's password.

Solution

  • First of all - why do you load customer object, if you already have one from $observer->getEvent()->getCustomer()? This operation is of excess here and will just increase resource and time consuming.

    Second - for security measure Magento does not store user password in decrypted form. If you want to get user password, try next code:

    $passwHash = $customer->getPasswordHash();
$password = Mage::helper('core')->decrypt($passwHash); // this will not work

    Update: Mage::helper('core')->decrypt will not decrypt password hash, since it was hashed with md5 hash function, so there is a way to check if passwords are identical (Mage::helper('core')->validateHash), but you can't retrieve the original password.

    Update 2: So question asker has some few interesting questions, which he provided in the comments, I will address those here:

    1. Why hash for 123456 is 0f474c41fd20617eb8f1a0cb9b08f3aa:Uh while it should have been e10adc3949ba59abbe56e057f20f883e in md5. The answer is - because hash method not only hashes incoming password, but also a randomly generated salt. Take a look at this method:

      public function getHash($password, $salt = false)
{
    if (is_integer($salt)) {
        $salt = $this->_helper->getRandomString($salt);
    }
    return $salt === false ? $this->hash($password) : $this->hash($salt . $password) . ':' . $salt;
}

      And these two methods in Customer model:

      public function setPassword($password)
{
    $this->setData('password', $password);
    $this->setPasswordHash($this->hashPassword($password));
    return $this;
}
public function hashPassword($password, $salt = null)
{
    return Mage::helper('core')->getHash($password, !is_null($salt) ? $salt : 2);
}

      So since the $salt argument is integer (2), the actual salt is randomly generated string. That's why you have different output hash, than you would have if you simple md5($passw).

    2. Also I was working directly with the getPassword() because it was working on user register

      That's a bit easier. During the registering process you have a $_POST data with raw password. With the help of $customer->setPassword($passw) you set it to $customer model. If you look at this function above, you'll see that both password and password hash attributes are set during this action. The only difference it: password isn't really an existing attribute, which means that it will not be stored at the DB, or anywhere else, and it will get lost as soon as $customer object is cleared from the memory.

    There is no way to get user password in Magento. The only thing you can do, is compare given password with existing password_hash (as I mentioned before): Mage_Core_Helper_Data::validateHash

    public function validateHash($password, $hash)
{
    $hashArr = explode(':', $hash);
    switch (count($hashArr)) {
        case 1:
            return $this->hash($password) === $hash;
        case 2:
            return $this->hash($hashArr[1] . $password) === $hashArr[0];
    }
    Mage::throwException('Invalid hash.');
}