i am new with magento, yet given the task to make custom api's with admin authentication. i am done with the api's but stucked in the admin authentication. the main problem i am facing is that: the passwords in magento are md5 encrypted and i dont know what to do with that. Help in this regard will be appriciated. my authentication code is below:
public function indexAction() {
require_once 'app/Mage.php';
umask(0);
$app = Mage::app('default');
$array = $_GET;
$username = $_GET['username'];
$password = $_GET['password'];
Mage::getSingleton('core/session', array('name' => 'adminhtml'));
$user = Mage::getModel('admin/user')->loadByUsername($username); // user your admin username
$user_id = $user->getId();
// echo $user_id;
if(($user->getId())>=1)
{
echo "User Name: True";
echo "<br>";
$dbpassword = $user->getData('password');
// echo $dbpassword." ---- ";
// echo md5($username.$pass).":".$username;
// echo "<pre>";
// $a = Mage::helper('core')->validateHash($password, $dbpassword);
// print_r($a);
if($password == $dbpassword)
{
echo "<hr>";
echo "Password: True";echo "<br>";
echo "Authenticated :) Here we go!!";
}
else
{
echo "Password: False";
}
}
else
{
echo "User Name: False";
}
}
Use this function to validate your password against the magento hashed password
To check if the password is valid, do as below