Almost a year ago, burch posted some REALLY helpful information about the customer password hashing: http://extranet.mivamerchant.com/for...ncryption-Info
Using this information, I was able to create a compatible library in PHP that so far is working great for us (in testing). My next step, I want to create a compatible library for the password reset portion too. Would it be possible to get burch (or whomever) to post how the customer password reset token is generated? Also, possibly, the generated customer password as well, if that's not seen as a possible security risk to post. I looked and looked through the limited source kit, but I am not familiar enough with the organization there to know for sure if the functions are included in there or not. I did find reference to them, but couldn't find the actual functions for me to recreate.
I can easily generate my own tokens and passwords (and I am betting that any token stored properly in the database would work for resetting the customer's password), but I figured with all of the effort I went through to create the password compatibilities, I might as well try to keep this compatible too.
Thanks!
Using this information, I was able to create a compatible library in PHP that so far is working great for us (in testing). My next step, I want to create a compatible library for the password reset portion too. Would it be possible to get burch (or whomever) to post how the customer password reset token is generated? Also, possibly, the generated customer password as well, if that's not seen as a possible security risk to post. I looked and looked through the limited source kit, but I am not familiar enough with the organization there to know for sure if the functions are included in there or not. I did find reference to them, but couldn't find the actual functions for me to recreate.
I can easily generate my own tokens and passwords (and I am betting that any token stored properly in the database would work for resetting the customer's password), but I figured with all of the effort I went through to create the password compatibilities, I might as well try to keep this compatible too.
Thanks!
Comment