I'm currently looking at creating a mobile application which integrates with a Magento store and have managed to get many aspects of it working using the SOAP API such as retrieving products and categories.
I am now looking to solve an issue where I need the user of the mobile app to login in with their Magento customer login details, however looking through the SOAP API there is no method for an actual customer to login?
Does anyone have any idea of how I can perform this task.
Thanks
Actually its quite easy to authenticate a customer in your case. The customer info SOAP response gives us the password_hash of the user registered in Magento. This hash is an md5 hash which can authenticated using the password which the user will enter along with his email in your system. I have a sample code below hope this helps anyone looking for this answer.
$complexFilter = array(
'complex_filter' => array(
array(
'key' => 'email',
'value' => array('key' => 'eq', 'value' => 'someemail@gmail.com')
)
)
);
$result = $proxy->customerCustomerList($sessionId, $complexFilter);
var_dump($result);
/**
* Validate hash against hashing method (with or without salt)
*
* @param string $password
* @param string $hash
* @return bool
*/
function validateHash($password, $hash)
{
$hashArr = explode(':', $hash);
switch (count($hashArr)) {
case 1:
return md5($password) === $hash;
case 2:
return md5($hashArr[1] . $password) === $hashArr[0];
}
}
var_dump(validateHash('asdfgh',$result[0]->password_hash));
After some trial and error and more research I managed to come up with this solution which now allows me to authenticate a username and password against Magento.
It involves creating a PHP Script which I have uploaded to the Magento website currently its a proof of concept but I will add some more security such as a unique hash key which the mobile phone sends with the request over SSL of course and this along with the username and password will validate and get a Magento Session.
<?php
header('Content-Type: application/json');
// Get Post Vars
$username = addslashes($_REQUEST['username']);
$password = addslashes($_REQUEST['password']);
if ($username == "") {
echo json_encode(array('error','Access Denied'));
die();
}
if ($password == "") {
echo json_encode(array('error','Access Denied'));
die();
}
// Mage Path
require_once( dirname(__FILE__).'/app/Mage.php' );
// Initialize Magento ...
Mage::app("default");
$id = 1; // The Store ID.
$session = Mage::getSingleton('customer/session');
$status = true;
try {
$session->login($username, $password);
$session->setCustomerAsLoggedIn($session->getCustomer());
}catch ( Exception $e) {
$status = false;
}
if ($status == true) {
$userID = Mage::getSingleton('customer/session')->getId();
echo json_encode(array('status' => 1, 'userID' => $userID));
} else {
echo json_encode(array('status' => 0, 'message' => 'Access Denied'));
}
?>