disco_ii_disco Posted December 19, 2014 Share Posted December 19, 2014 Hi all, Close to launching my new site but have just found what I think may be another bug. If you place an order as a guest and then try to register at a later date, you get the error message: The following errors were detected: Invalid Username and/or Password This could be quite annoying. Is there a reason why guests shouldn't be able to register or shall I go ahead and make changes so that they can? Cheers, Chris Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 19, 2014 Share Posted December 19, 2014 This has been a problem for a long time. I do not know if a solution has been implemented in CC5214. When checking out as a guest (aka, a 'ghost' customer), an email address is stored in the customer database table, and a 'fake' password. Then, when that customer attempts to register as a customer, CubeCart will say that the email address already exists. The problem may also be that said ghost customer can only checkout as a guest just that one time - because the email address already exists. There is a function in admin where an administrator can move a customer from 'ghost' to 'registered', but the customer will still need to use the "Forgot Password" feature. I would like to see some kind of advisory to customers who choose to not create an account when checking out -- and the ramifications of that choice. Quote Link to comment Share on other sites More sharing options...
disco_ii_disco Posted December 19, 2014 Author Share Posted December 19, 2014 I am working on the latest version of Cubecart so no, hasn't been fixed in 5.2.14. I am going to dive in and try to fix it - I really don't want error messages like this putting customers off from completing their purchase (especially when it won't be obvious what they have done wrong)! Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 19, 2014 Share Posted December 19, 2014 One solution is a coding edit to require all customers make an account. That is, disable the ability for a guest checkout. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 20, 2014 Share Posted December 20, 2014 Hi I raised this as a github issue quite some time ago (I dont have the reference to hand but believe it is still open as it certainly hasnt been fixed). The solution as I see it, is when somebody tries to register and the system detects that a "customer" already exists with that email address to do the following : 1) If a full customer is registered, then can give an appropriate error message and direct the user to revover their "list" password if necessary 2) If a guest registration, then give an aporopriate message (what is displayed now is confusing) and then new code to first verify that it is the same person (dont want peopke hijacking another person's guest registration) and then allow to enter details to convert guest to a full customer registration. Many people checkout as a guest the first time when shopping at a store, so to then not allow them to convert to a full registration is confusing and will lose a lot of customers Ian Quote Link to comment Share on other sites More sharing options...
disco_ii_disco Posted December 20, 2014 Author Share Posted December 20, 2014 When shopping online with an electrical store the other day, the site asked me for my e-mail address first. It was then able to determine that I already had an account (which I didn't realise) and gave me the options to log in or checkout as a guest. Very easy process. If it had thrown up errors - saying I couldn't use that e-mail address - I would have probably left the site! Yes, don't want other users hi-jacking a guest users' account so the "recover password" feature could be used. It doesn't work at the moment for guest users but could easily be changed. The passwordRequest function - line 562ish user.class.php - just looks for customers of type 1 at the moment. I think the best temporary solution is to create an ajax look up on the customer e-mail field (I have moved this to be the first field in the checkout.confirm page). If the e-mail address is in the database a prompt to log in appears. (Could maybe hide the password boxes if a guest too). Have done the php part no problem, but am not very good with javascript/ajax/jquery! Quote Link to comment Share on other sites More sharing options...
disco_ii_disco Posted December 21, 2014 Author Share Posted December 21, 2014 Have just tested the process on my old site and a guest can then register at a later date - without throwing up an error. It hasn't been in an issue in 10 years of trading so will make my new site act like this too. (I'm struggling with the ajax solution at this moment in time) This is too big of an issue to not fix before launching my store. (I have around 15,000 guest customers who would find it very difficult to reorder!) Quote Link to comment Share on other sites More sharing options...
Toucan Web Design Posted December 22, 2014 Share Posted December 22, 2014 First I've heard of this one.. had a check through the user class and everything appears to be in order.. register customer checks if they're existing and type = 1, which shouldn't be triggered on guest accounts.. similarly the create user function checks for an existing ghost account and updates rather than inserts.. everything in the code suggests it should be fine. Hmm, I've just spotted one difference between an earlier version and the current one though, on createUser on the user class, it used to set: $data['type'] = $type; As part of the global data set... now it only does that on insert... so it's possible that the register/update is working fine, but it's leaving them as guest users, which can't be logged in as, so useless.. I'd recommend changing that back just in case: $data['new_password'] = '0'; $data['ip_address'] = get_ip_address(); To: $data['new_password'] = '0'; $data['type'] = $type; $data['ip_address'] = get_ip_address(); Quote Link to comment Share on other sites More sharing options...
disco_ii_disco Posted December 23, 2014 Author Share Posted December 23, 2014 Hi Toucan, thanks for your reply. I must admit, I was a little confused when posting my original question. Looking in the database, I thought customer type 2 was a registered user and type 1 was a guest! I made the change you suggested but it has not solved the problem entirely. The situation I have now: A GUEST (or ghost) user CAN place another order as a GUEST A GUEST (or ghost) CAN register during the checkout - when placing a second order - but they do not automatically get logged in so get re-directed to the log in page I have traced it so far to around line 1084 of cubecart.class.php // Log in if (isset($_POST['register']) && $_POST['register']==1 && !$GLOBALS['user']->authenticate($_POST['user']['email'], $_POST['password'], false, false, false, false)) { //chris debugging //$GLOBALS['gui']->setError('Login error - redirection prevented'); httpredir('index.php?_a=login'); } A REGISTERED user can not re-order as a GUEST so instead I give them this more helpful message: $error_messages[] = 'This email address is already in use. Please <a href='index.php?_a=login'>log in</a> or use this <a href='index.php?_a=recover'>forgot password link</a>'; Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted December 24, 2014 Share Posted December 24, 2014 I tried using your more friendly error message, but CC sanitized it, even though you had escaped the url's. I do not allow Guest purchases, but it's certainly possible that an old customer would try to register again, and your message, even without the actual links, is much better. Quote Link to comment Share on other sites More sharing options...
disco_ii_disco Posted December 27, 2014 Author Share Posted December 27, 2014 DityButter: I think you will have make a small change to classes/sanitze.class.php around line 31. I have: private static $exempt = array('description', 'offline_content', 'doc_content','content_html', 'content_text', 'cat_desc', 'copyright', 'maillist_format', 'store_copyright', 'htaccess-data', 'NotificationData', 'php_code'); This offers a more helpful error message but I am now working on a much better fix. I do not want a customer to receive any error message if they have entered valid data. Error messages = abandoned baskets. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.