New Orders and Password

Is it mandatory that a customer enter a password enter placing an order?

Is there a way to not make it mandatory?

I realize that the system automatically creates a user registration upon order, but can I remove the password portion. This will probably mean the customer can't login to check their order status, but that's okay for now.



Terry

It is required that a user create a password for their user account so that it can be accessed in the future.

Do you want the user to have a chance to enter their password if they want to? If you want to remove the ability completely you would need to take out the validation for this field on your confirm pages, both the spry and server side for it.

Depending on what WebAssist tools you have you could also create a new random password for the user and set that during the checkout. Post back and let me know which way you would like to go and I can give you some more pointers on that.

Eric,

Hi. I think what would be best is to just require the email and *not* the password. What I would like to do is auto-generate a password and email that along with the order information in case the customer wants to login later and check their status.

Of course, I'll have to make sure to bypass the flow when a new order is created and not "re" generate a new password for someone who has ordered before.

What are your thoughts? I'm getting major push back from staff about forcing the password.

Terry

Ok, you can just remove the validations on the password field on your confirm pages. The validations that you will need to remove are just the spry validations, they will look like this in your page:

<script type="text/javascript">
			var sprypassword1 = new Spry.Widget.ValidationPassword("sprypassword1", {validateOn:["blur"], minAlphaChars:1, minNumbers:1, minChars:6});
			var spryconfirm1 = new Spry.Widget.ValidationConfirm("spryconfirm1", "UserPassword2", {validateOn:["blur"]});
			</script>

This will allow the user to enter a password and still have the regular validation occur if a password is entered. If a password is not entered it will not stop the user from proceeding.

The next part of this would be to create a new random password for the user and set that for them. You can use this code to create a new random password for the user:

<?php
if (!session_id()) session_start();
if(($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_SERVER["HTTP_REFERER"]) && strpos(urldecode($_SERVER["HTTP_REFERER"]), urldecode($_SERVER["SERVER_NAME"].$_SERVER["PHP_SELF"])) > 0) && isset($_POST) && !(isset($_POST["UserPassword"])))     {
  $_SESSION["NewUserRandomPassword"] = "".(WA_RandomPassword(20, true, true, true, ""))  ."";
}
?>

The final part would be to alter the code that is inserting or updating the user, this code has a line in it that sets the value of the user password. This part will need to be updated from this:

((isset($_POST["email"]))?$_POST["UserPassword"]:$row_WAATKusers['UserPassword'])

To this:

((isset($_SESSION["NewUserRandomPassword"]))?$_SESSION["NewUserRandomPassword"]:((isset($_POST["UserPassword"]))?$_POST["UserPassword"]:$row_WAATKusers['UserPassword']))

This is kind of a custom work around for this and it may not be very easy to implement but these steps should get you the result you are looking for. Before you attempt any part of this you should make sure to backup your confirm page so that you can get back to it if you need to. Let me know if you have any problems with any of this and I will help you with what I can.

Eric,

Okay, this has proven to be too difficult in implement. We have decided to do away with the password requirement completely.

As I started to look at the code, I see that there are many checks and balances to insure the password exists.

Is there a way to remove the password requirement all together?

Terry

Removing the password requirement all together would require all of the same steps plus a couple more. In addition to getting rid of the client side validations you would need to get rid of this part of the form itself and also the server side validations for the password.

You would still need to have the random password generated and use this value in place of the posted password in the insert server behavior for the user.

Please explain where you are having trouble with this and what the current result is and I will help you out with whatever I can.

Eric,

First, thank you for the help. Really appreciate it.

I think I've got this working with one exception that I'm finding. For the new customer who has never ordered before there doesn't seem to be a problem, however if I use an email address that has ordered, I get an error: "This email address is already registered."

How do I let this pass if the customer has already ordered in the past?

Terry

On what page is this error occurring for you, what is the URL when you see this error? If the user is already registered then the pp_confirm page should just update the user record, if the record does not exist then it should insert a new one. It sounds like your page is trying to insert the user no matter what.

Please post back with this info and any other details that you can think of. If I'm not able to identify the problem I may need to open a ticket for you so we can exchange the files in question. Let me know.

It happens on the checkout page. You can try it with this email www.soleusrunning.com (tmearl@yahoo.com)

It won't even to go the confirm page. However it seems like the checkout button does goto the confirm page and it sets the redirect back with the valid=false url variable.

It seems on line 177 of the confirm.php file it is checking to see if the user exists based on the UserEmail and UserPassword. It obviously doesn't find it if the user already exists because of the random password.

Should I take out the AND UserPassword = %s from the query string to it find the record just based on the UserEmail?

Let me know your thoughts,

Terry

The checkout form by default will give the user the option to login, or register as a new user. You will need to restore this portion.

If the user is not logged in when they get to this page there should be a link to login, it is this link that the user will need to make use of. The form fields that are there are to do a quick registration for a new user if you are not registered already. So the error you are getting is correct as this is not a login form but a new user registration form.

I'm including some screen shots of the page in both states so that you have a reference.