Jump to content

Can a customer who has ordered as a guest then register as a customer?


Recommended Posts

Hi all,


Close to launching my new site but have just found what I think may be another bug.


If you place an order as a guest and then try to register at a later date, you get the error message:



The following errors were detected:

  • Invalid Username and/or Password


This could be quite annoying. Is there a reason why guests shouldn't be able to register or shall I go ahead and make changes so that they can?





Link to comment
Share on other sites

This has been a problem for a long time. I do not know if a solution has been implemented in CC5214.


When checking out as a guest (aka, a 'ghost' customer), an email address is stored in the customer database table, and a 'fake' password. Then, when that customer attempts to register as a customer, CubeCart will say that the email address already exists. The problem may also be that said ghost customer can only checkout as a guest just that one time - because the email address already exists.


There is a function in admin where an administrator can move a customer from 'ghost' to 'registered', but the customer will still need to use the "Forgot Password" feature.


I would like to see some kind of advisory to customers who choose to not create an account when checking out -- and the ramifications of that choice.

Link to comment
Share on other sites

I am working on the latest version of Cubecart so no, hasn't been fixed in 5.2.14.


I am going to dive in and try to fix it - I really don't want error messages like this putting customers off from completing their purchase (especially when it won't be obvious what they have done wrong)!

Link to comment
Share on other sites


I raised this as a github issue quite some time ago (I dont have the reference to hand but believe it is still open as it certainly hasnt been fixed). The solution as I see it, is when somebody tries to register and the system detects that a "customer" already exists with that email address to do the following :

1) If a full customer is registered, then can give an appropriate error message and direct the user to revover their "list" password if necessary

2) If a guest registration, then give an aporopriate message (what is displayed now is confusing) and then new code to first verify that it is the same person (dont want peopke hijacking another person's guest registration) and then allow to enter details to convert guest to a full customer registration.

Many people checkout as a guest the first time when shopping at a store, so to then not allow them to convert to a full registration is confusing and will lose a lot of customers


Link to comment
Share on other sites

When shopping online with an electrical store the other day, the site asked me for my e-mail address first. It was then able to determine that I already had an account (which I didn't realise) and gave me the options to log in or checkout as a guest.


Very easy process.


If it had thrown up errors - saying I couldn't use that e-mail address - I would have probably left the site!


Yes, don't want other users hi-jacking a guest users' account so the "recover password" feature could be used. It doesn't work at the moment for guest users but could easily be changed. The passwordRequest function - line 562ish user.class.php - just looks for customers of type 1 at the moment.


I think the best temporary solution is to create an ajax look up on the customer e-mail field (I have moved this to be the first field in the checkout.confirm page). If the e-mail address is in the database a prompt to log in appears. (Could maybe hide the password boxes if a guest too).


Have done the php part no problem, but am not very good with javascript/ajax/jquery!

Link to comment
Share on other sites

Have just tested the process on my old site and a guest can then register at a later date - without throwing up an error.

It hasn't been in an issue in 10 years of trading so will make my new site act like this too. (I'm struggling with the ajax solution at this moment in time)

This is too big of an issue to not fix before launching my store. (I have around 15,000 guest customers who would find it very difficult to reorder!)

Link to comment
Share on other sites

First I've heard of this one.. had a check through the user class and everything appears to be in order.. register customer checks if they're existing and type = 1, which shouldn't be triggered on guest accounts.. similarly the create user function checks for an existing ghost account and updates rather than inserts.. everything in the code suggests it should be fine.


Hmm, I've just spotted one difference between an earlier version and the current one though, on createUser on the user class, it used to set:

            $data['type']             = $type;

As part of the global data set... now it only does that on insert... so it's possible that the register/update is working fine, but it's leaving them as guest users, which can't be logged in as, so useless.. I'd recommend changing that back just in case:


            $data['new_password']    = '0';
            $data['ip_address']        = get_ip_address();



            $data['new_password']    = '0';
            $data['type']             = $type;
            $data['ip_address']        = get_ip_address();

Link to comment
Share on other sites

Hi Toucan, thanks for your reply.


I must admit, I was a little confused when posting my original question. Looking in the database, I thought customer type 2 was a registered user and type 1 was a guest!


I made the change you suggested but it has not solved the problem entirely.


The situation I have now:

  • A GUEST (or ghost) user CAN place another order as a GUEST biggrin.png
  • A GUEST (or ghost) CAN register during the checkout - when placing a second order - but they do not automatically get logged in so get re-directed to the log in page ermm.gif

    I have traced it so far to around line 1084 of cubecart.class.php

    	// Log in
    					if (isset($_POST['register']) && $_POST['register']==1 && !$GLOBALS['user']->authenticate($_POST['user']['email'], $_POST['password'], false, false, false, false)) {
    						//chris debugging
                //$GLOBALS['gui']->setError('Login error - redirection prevented');


  • A REGISTERED user can not re-order as a GUEST so instead I give them this more helpful message: unsure.png
$error_messages[] = 'This email address is already in use. Please <a href='index.php?_a=login'>log in</a> or use this <a href='index.php?_a=recover'>forgot password link</a>';
Link to comment
Share on other sites

DityButter: I think you will have make a small change to classes/sanitze.class.php around line 31. I have:

private static $exempt = array('description', 'offline_content', 'doc_content','content_html', 'content_text', 'cat_desc', 'copyright', 'maillist_format', 'store_copyright', 'htaccess-data', 'NotificationData', 'php_code');

This offers a more helpful error message but I am now working on a much better fix. I do not want a customer to receive any error message if they have entered valid data. Error messages = abandoned baskets.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...