magmi-git icon indicating copy to clipboard operation
magmi-git copied to clipboard
verified publisher icon dweeves

Magmi Login fails after SUPEE-11219 update?

Open frostitution opened this issue 6 years ago • 3 comments

Magento's latest update (1.9.4.3) made some changes to passwords and how they are stored (minimum length, hash related changes). One of our users changed their password and has since been unable to login to Magmi. My password has remained unchanged prior to the update and I can login just fine.

Can anyone else confirm this issue or is this just user error?

frostitution avatar Oct 29 '19 13:10 frostitution

Just to add to this, I'm having the same problem as above.

Having looked at the password field in the DB the structure of the hash is completely different to what is being checked against in the login script.

== New Password Structure ==

XXXXXX.XXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXX.X.XXXXXXXXX

== Old Password Structure ==

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

== Magmi Password Validation Function ==

private function validatePass($hash,$pass){
    #first try : standard CE magento hash

    $hash = explode(":",$hash);
    $cecheck = md5($hash[1] . $pass);
    $eecheck = hash('sha256',$hash[1] . $pass);
    $valid=($cecheck == $hash[0] || $eecheck== $hash[0]);

    return $valid;
}

Looks like there is nothing to run the explode on anymore.

Is there any timeline of a fix or a work around? :)

bandm avatar Nov 19 '19 10:11 bandm

I am also getting the same issue.. can anyone help on this please?

roshan-kaushish82 avatar Feb 08 '20 13:02 roshan-kaushish82

Quick 'n' dirty fix. Edit inc/magmi_auth.php:

At the top: require_once('../../app/Mage.php');

Change public function authenticate() so it contains the following:

Mage::app();
$user = Mage::getModel('admin/user');
return $user->authenticate($this->user, $this->pass);

This will allow you to login.

mlaurense avatar Feb 11 '20 12:02 mlaurense