Jump to content

[webservice] login via a webservice


Makio64
 Share

Recommended Posts

Hello,

 

Im looking to a way to log a user via webservice with his email/password

 

something like : 

 
$opt = array(
     'resource'          =>'customers',
     'filter[email]'  =>'['+$_POST['email']+']',
     'filter[password]'  =>'['+$_POST['password']+']',
     'display' =>'[email,lastname,firstname,credit,adress]'
);

$xml = $webService->get( $opt );
Any idea about the password encryption ?
 
Thanks
 
 

Share this post


Link to post
Share on other sites

Hi,

 

Create keys in back office for webservice access and then give them to the users.

 

If you want to automate the process you could make a 'cron' like file that would deal with authentification and return key to then access webservice.

 

Regards

Share this post


Link to post
Share on other sites

Actually connect to the webservice works, the problem is the filter password.

 

It's encoded in the BDD and I should send the same encoding in the filter, but I have no idea witch hash is use, I was thinking md5 but no.

 

Thanks for helping me

Edited by Makio64 (see edit history)

Share this post


Link to post
Share on other sites

For me there is no password for webservice only a key stored without encoding in ps_account_webservice.

 

You can generate a key in bo wich will provide something like OXFQDX3YYM8MJH1RYGAQHH2LX79ZNRX

but you can also put the key you want like : THISISMYKEYFORPRESTASHOPWEBSERVICE

 

I might be wrong but perhaps you mix with cookies wich are strongly crypted.

Share this post


Link to post
Share on other sites

I think there is a misunderstanding.

 

Actually I can get the customer I want and all is informations ( credit / birthday / etc .. ) wihout password as you say but with the key when I initialize my webservice.

 

But I need to create a login system, where the user push the login/password. Then my plan was to use them as filter, compare to the bdd and if the couple login/password exist and return the customer corresponding or an error message if there is not customer with this combinaison.

 

The only problem, I dont know whitch algorythm prestashop use to encrypt the customer password and then i can't send the good password for the combinaison.

 

So the real question is : witch algorythm prestashop use to encrypt customer password.

 

Thanks !

Share this post


Link to post
Share on other sites

In config/settings.inc.php :

define('_COOKIE_KEY_', 'OXFQDX3YYM8MJH1RYGAQHH2LX79ZNRX');

 

The customer password encryption is :

md5(_COOKIE_KEY_+password)

 

The request in my first post did the job with this :)

 

I hope it help someone else !

Share this post


Link to post
Share on other sites

  • 2 months later...

Hello,

 

i run this webservice (to login via the webservice), with email and passwd in $opt, but the user is no logged in the Prestashop.

 

Do i need something else to get to user logged in?

 

I tried several ways, but nothing worked :\

Share this post


Link to post
Share on other sites

  • 9 months later...

hello,

 

I use like this:

$password = md5('5BeHRGBt7r012341t1t1LXDDo1234yON1r67JyM4321VHDgnq4321CmS' + 'rl61122');

$opt = array(
         'resource'       => 'customers',
         'filter[email]'  => '[[email protected]]',
         'filter[password]'  => '['.$password.']',
         'display' => '[email,lastname,firstname,credit,adress]'
      );

And I have 400 bad request.

 

Error : This call to PrestaShop Web Services failed and returned an HTTP status of 400. That means: Bad Request

 

You can help me? what I have bad in my syntax?

 

Thanks,

Share this post


Link to post
Share on other sites

  • 4 weeks later...

Thank you  xabikip

 

Xabikip can  I know about your web services so it can be help me for my confusion, Can you use th elibrary of the Prestashop Web services Library referenced in documentation???

 

Or you create custom web services for your own way?

 

Please reply me as possible..

 

 

For reply

 

Nikhil ['}

Edited by Nikhil.nj (see edit history)

Share this post


Link to post
Share on other sites

  • 4 months later...

Hi Nikhil,

 

I'm running into the same problem as Xabikip. Indeed, i'm trying to login via webservice using email + MD5 hash as described in your post but i always get the same error => 'This call to PrestaShop Web Services failed and returned an HTTP status of 400. That means: Bad Request.'

 

Any idea what could cause this issue ?

 

Also does this method work with employee endpoint ?

 

Waiting for your reply

Thanks a lot

Best

Samy

Share this post


Link to post
Share on other sites

  • 2 years later...

Hi,

The only difference I found with my code, is that I call the webservice this way:

"customers/?filter=" + email + "&filter[passwd]=" + hmacMD5".

So maybe you have to change

$opt = array(
         'resource'       => 'customers',
         'filter[email]'  => '[[email protected]]',
         'filter[password]'  => '['.$password.']',
         'display' => '[email,lastname,firstname,credit,adress]'
      );

 to

$opt = array(
         'resource'       => 'customers',
         'filter[email]'  => '[[email protected]]',
         'filter[passwd]'  => '['.$password.']',
         'display' => '[email,lastname,firstname,credit,adress]'
      );

Hope it helps!

Share this post


Link to post
Share on other sites

  • 2 years later...
  • 2 months later...

hello, 

 

any news ? 

i am trying to retrieve customers (users based on login password), i saw in 1.7 this is the way to encode password :

$password = md5('5BeHRGBt7r012341t1t1LXDDo1234yON1r67JyM4321VHDgnq4321CmS' + 'rl61122');

but i can't manage to retrieve it

Share this post


Link to post
Share on other sites

  • 1 month later...

Hello!
I need to get a user of my website to login to the prestashop ecommerce. With the APi I managed to validate the email and password, now I only need that when I refresh the ecomerce, I appear logged in. Any suggestion?
My code is the following

//--------------Login
// get information from PrestaShop
$ webService = new PrestaShopWebservice ('https://www.xxxxx.com/', 'XXXXXXXXXXXXXXXXXXXX', false);

$ email = '[email protected]'; // $ _REQUEST ['email'];
$ password = 'XXXXX';
// $ password = $ _REQUEST ['password'];

$ optUser = array (
'resource' => 'customers',
'filter [email]' => '['. $ email. ']',
'display' => '[id, email, lastname, firstname, passwd]'
);

$ resultUser = ($ webService-> get ($ optUser));

foreach ($ resultUser-> customers-> customer as $ info) {

if (password_verify ($ password, $ info-> passwd) == true) {
$ response = array ();
$ response ['status'] = 'succes';
$ response ['message'] = "You did it!";
setcookie ("userId", $ info-> id);

$ _SESSION ['user'] = $ email;
header ('Content-type: application / json');

echo json_encode ($ response);

echo '<br>'. $ info-> passwd;
echo '<br>'. $ cook;
} else {
$ response = array ();
$ response ['status'] = 'error';
$ response ['message'] = 'Wrong password';
header ('Content-type: application / json');
echo json_encode ($ response);
}
}

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More