Magmi Login fails after SUPEE-11219 update?

[frostitution]

Magento's latest update (1.9.4.3) made some changes to passwords and how they are stored (minimum length, hash related changes). One of our users changed their password and has since been unable to login to Magmi. My password has remained unchanged prior to the update and I can login just fine.

Can anyone else confirm this issue or is this just user error?

[bandm]

Just to add to this, I'm having the same problem as above.

Having looked at the password field in the DB the structure of the hash is completely different to what is being checked against in the login script.

== New Password Structure ==

XXXXXX.XXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXX.X.XXXXXXXXX

== Old Password Structure ==

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

== Magmi Password Validation Function ==

private function validatePass($hash,$pass){
    #first try : standard CE magento hash

    $hash = explode(":",$hash);
    $cecheck = md5($hash[1] . $pass);
    $eecheck = hash('sha256',$hash[1] . $pass);
    $valid=($cecheck == $hash[0] || $eecheck== $hash[0]);

    return $valid;
}

Looks like there is nothing to run the explode on anymore.

Is there any timeline of a fix or a work around? :)

[roshan-kaushish82]

I am also getting the same issue.. can anyone help on this please?

[mlaurense]

Quick 'n' dirty fix. Edit inc/magmi_auth.php:

At the top: require_once('../../app/Mage.php');

Change public function authenticate() so it contains the following:

Mage::app();
$user = Mage::getModel('admin/user');
return $user->authenticate($this->user, $this->pass);

This will allow you to login.