Delete customers or using old cookie key for recoverung their passwords

[pl.sabotinov]

Hello everybody,

I am preparing a new webstore based on Prestashop 8.1.4. My old store is on 1.6.1.13. So I managed after many adjustments to migrate every entity from the old store - to the new one - customers/adresses/customer groups/products/combinations/price rules ...etc. except Orders and Carriers. I initially didn't want to transfer them to my new store. HAve created new logic of delivery. So except some few issues left - everything is transferred and works correctly. The only main problem is the password of the old customers. You know it is based on the old store Cookie key. So now in the new store with new Cookie Key - they could not login. But I am really in a Doubt if I should keep these customers and their Adresses or should delete them fully and let them create new ones with the new Cookie Key, same emails. So the two otions are:

Variant 1:  Keep these addresses and customers - but have to replace cookie key, change a lot in some functions , which is risky. Also I do not know if I replace cookie key, what would happen exactly with admin, team passwords in BO? Except that the old passwords have very low number of symbols and are considered weak from the login form. I do not know if this also would cause problems and should modify some core code. There is also one problem with address fields validation, so not so easy to complete it. Of course negative Part is that some customers might don't want to renew their accounts (input addresses once again) and I might loose them.

OR

Variant 2: Delete all migrated customers and their addresses - they do not have any orders nor any shopping carts in BO or DB. They were intentionally left. But thisway they will create their correct new passwords with accepted length and I will not digin to recreate all the things connected to Cookie key. Of course negative part is that they should insert again their addresses. But all admin passwrds will be kept. 

The main question in Variant 2 - is there a realy safe way to delete all these customers and their Addresses and allow them to register with the same email accounts. I think it is ok - as they are not connected to any shopping cart or order in the database. So I think I even can delete them from BO. (If needed I will delete also some rows from DB tables, but..) If someone has better experience with that please advise me which option is safe/better, or what kind of issues i can get in choosing one of these two options. 

Thanks in advance.

 

[El Patron]

carrying over the cookie key should only be one change, I hope this helps.

Copy the 1.6 Cookie Key (Encryption Key)

In PrestaShop 1.6, the cookie key is stored in:

/config/settings.inc.php

Look for this line:

define('_COOKIE_KEY_', 'abcdefghijklmnopqrstuvwxyz1234567890');

Copy the entire value (the long alphanumeric string).

In your new PrestaShop 8.1.4, open:

/app/config/parameters.php

Look for:

cookie_key: 'something_here'

Replace the value with your old 1.6 _COOKIE_KEY_ value.

This ensures that password hashes stored in the old database will continue to match when customers log in.

[pl.sabotinov]

Hello El Patron,

and thank you for the detailed answer. Yes I actually know this procedure. The only thing I am not sure here is what would happen with the few customers that have been made in the new Presta 8.1.4. And also the employees in the Back Office - I suppose their passwords are encrypted with the new Cookie key. Or I am wrong? Is it the same algorithm for their password encryption? Or they have another logic and tables for storing the passwords.

Maybe i am more concerned about the Back Office employees, admin pass also. What would happen - could they login with old cookie? Regarding the few new customers it is easy to be regenerated again.

Thank you, once again.

[El Patron]

7 hours ago, pl.sabotinov said:

Hello El Patron,

and thank you for the detailed answer. Yes I actually know this procedure. The only thing I am not sure here is what would happen with the few customers that have been made in the new Presta 8.1.4. And also the employees in the Back Office - I suppose their passwords are encrypted with the new Cookie key. Or I am wrong? Is it the same algorithm for their password encryption? Or they have another logic and tables for storing the passwords.

Maybe i am more concerned about the Back Office employees, admin pass also. What would happen - could they login with old cookie? Regarding the few new customers it is easy to be regenerated again.

Thank you, once again.

Anyone whose password hash doesn't match will need to use the "Lost Password" feature to generate a new one.

[pl.sabotinov]

Hello again,

also there is one more issue that is not clear to me (Before changing the Cookie with the old one). If I go in BackOffice and change the password of some migrated user from Customers->Edit profile data. So after that if i go in front office and try to log in with this new password I get the following error in browser : HTML Error 500 or when debug mode is on i get this fatal error:

Fatal error: Uncaught --> Smarty: Unable to load template 'file:../_partials/.tpl' in 'file:_partials/desktop-header.tpl' <-- thrown in /home/mipiseuz/shop/vendor/smarty/smarty/libs/sysplugins/smarty_internal_template.php on line 196

So I see in DB that the password of this user has already much  different value in ps_customers -> 'passwd' field. So it is encrypted with the new Cookie Key I suppose. But my site could not be loaded from this browser anymore. That happensalso when i try to reset the password by mail -  I receive the mail with the new password entry form. I replace it with new one, but still can not login. Once again error html 500 and browser can not load the site.

 I have to go clear history - cookies. And after that this browser can load the new site again. So it seems even from backoffice changing the old customers paswrods is causing some issue.

Therefore i am a bit confused if I will be able to reset the admin password when i change the cookie with the old one in app/config/parameters.php. Does any one know what is the cause of this behaviour exactly?

 

Thanks in advance. 

[pl.sabotinov]

Hello again,

I found the reason of this strange behaviour. Just to be usefull for someone else (like me) after migration. So the reason to html error 500 was that all the customers from groups that have been migrated from old presta have all modules disabled. (HAve to edit Customer groups) And because many of my customers are in the three standartd groups i realized too late to check the other - imported groups. So it seems after migration we have to check and ebnable the modules for these customer groups. Maybe for me the error from Debug mode was too common , so I couldn't pointed the exact reason. And also many customers (of standard groups) worked correctly.  But still I hope it will be helpful for someone else. Also regarding login of migrated customers with new cookie key, I think there is more elegant solution than change/use the cookie from old site. Here link to the forum discussion where 2 methods are proposed and both work -  have been tested. The pass when login attempt is saved in the DB with the new cookie.

Topic Cookie Key after migration of data

regards,