Zend certified PHP/Magento developer

How can I get pre-hashed password after customer registration

Please note: I understand this would be open to a potential security risk. However, due to the nature of my site, I want to exhaust as many solutions as possible to help stop fraud from taking place. With the way Magento saves and hashes passwords, it’s impossible to compare passwords. One way to catch abusers/fraudsters is to compare the password they use at registration, as many use the same thing to speed the process up.

Intention: I want to grab the raw password upon successful registration, hash it (without salt) and save it in a table on a remote server that has no connection to my site’s server. It would simply save the customer ID and the new hashed password.

I think I could do this 1 of 2 ways:

  1. Extend the core model with an extra function that will do this
  2. Create a new module that would use the customer_register_success ? event and grab it separately.

I’m unsure of whether or not it’s possible to grab the password before it’s hashed with solution 2.

Either way, after doing a little searching through core customer models, I’ve really only found a couple of possibilities.

In /core/Mage/Customer/Model/Customer.php

$this->setData('password', $password);

I’m unable to tell if this is passing the pre-hashed password or not, though it does precede setPasswordHash().

Now, I’ve attempted to test these just to see what I get as a result, but I’m failing to grab anything. I’ve attempted to extend core/Mage/Customer/Model/Customer.php by doing the following:

config.xml



    
        1.0.0
    



    
        
            Custommodule_Password_Model
        

        
          
            Custommodule_Password_Model_Export
          
        

           

Custommodule_Password.xml

< ?xml version="1.0"?>

  
      
          true
          local
          
      
  

/Custommodule/Password/Model/Export.php

class Customermodule_Password_Model_Export extends Mage_Customer_Model_Customer
{


public function getPassword($password) {
   $email = $this->getData('email');
   $pw = $this->getData('password');
   $customer = Mage::getModel("customer/customer")->loadByEmail($email);
   $customerId = $customer->getId();


}

}

I’ll be honest, I’m not even entirely sure if this is the correct way to grab the customer entity or if I’m extending the correct model class.

Any help, suggestions, tips are greatly appreciated.