AI Tools | ChatGPT Alternative for banned countries

magento 2 | customer can't login or logins with wrong password


I have faced this issue 2wice now and i though it might be better if i make a post about it, the first time i experience this issue i notice that you can login with any password for any customer, so i opened a issue @ magento GitHub page 23296 and after debugging locally i found the problem and fix it and it was related to hash compare coding, after some months i had to do an update and again it returned but this time the opposite customers cant login even if they have a correct password, and below is the solution for booth:

1- open this file: vendor/magento/framework/Encryption/Encryptor.php
2- @ function isValidHas, replace the hash comparison code as follow:

Original Code:
public function isValidHash($password, $hash)
    {
        $this->explodePasswordHash($hash);

        foreach ($this->getPasswordVersion() as $hashVersion) {
            $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);
        }

        $hash = $this->getPasswordHash();
        return Security::compareStrings(
            $password,
            $hash
        );
}

Modified Code:
public function isValidHash($password, $hash)
    {
        $this->explodePasswordHash($hash);

        foreach ($this->getPasswordVersion() as $hashVersion) {
            $password = $this->hash($this->getPasswordSalt() . $password, $hashVersion);
        }

        /*$hash = $this->getPasswordHash();
        return Security::compareStrings(
            $password,
            $hash
        );*/
        $hash = $this->getPasswordHash();
        return Security::compareStrings($password, $hash);
}

Comments