Hello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said, Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said, Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Posted in Bug Reports; OC version.haxcop wrote: ↑Thu Mar 25, 2021 11:33 pmHello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said, Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
You are correct I missed that very important detail.straightlight wrote: ↑Thu Mar 25, 2021 11:53 pmPosted in Bug Reports; OC version.haxcop wrote: ↑Thu Mar 25, 2021 11:33 pmHello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said, Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Opencart Version - 3.0.3.6
No problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.haxcop wrote: ↑Thu Mar 25, 2021 11:59 pmYou are correct I missed that very important detail.straightlight wrote: ↑Thu Mar 25, 2021 11:53 pmPosted in Bug Reports; OC version.haxcop wrote: ↑Thu Mar 25, 2021 11:33 pmHello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said, Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Opencart Version - 3.0.3.6
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Thanks for your prompt reply.straightlight wrote: ↑Fri Mar 26, 2021 12:08 amNo problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
I don't mean "order_id", I mean "customer_id" is linked to unique contents in the tables which one of these must be always unique like customer email correct?
Well as Q.A. perspective and customer care it is not a good option to have multiple orders from the "same" customer "email" but not all allocated under the same "customer_id"
My reason is:
My customer contacts me in regards to his last order, so I look into the customer section and locate his account but I could not see the order in question, which makes me spend more time looking for it until I noticed the difference that the order was placed correctly but out of his current account, as a guest user, even when he used the same email address.
In these terms, the system should be able to identify the email in use for guest accounts if is already registered and ask the user to log in or use a different email address.
So I add to add the customer_id number in the orders table so I could help him and have a proper record of the problem/solution
I see more benefits than issues in this regards,
Let me know what you think?
Thanks,
The change you're referring about with the customer ID has been added on the master branch as an admin order filter already but not on previous OC versions. Which is why, on this day, you're suggesting that change to be made. However, it is already done. It's just not implemented into the OC version you are currently using.haxcop wrote: ↑Fri Mar 26, 2021 12:33 amThanks for your prompt reply.straightlight wrote: ↑Fri Mar 26, 2021 12:08 amNo problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
I don't mean "order_id", I mean "customer_id" is linked to unique contents in the tables which one of these must be always unique like customer email correct?
Well as Q.A. perspective and customer care it is not a good option to have multiple orders from the "same" customer "email" but not all allocated under the same "customer_id"
My reason is:
My customer contacts me in regards to his last order, so I look into the customer section and locate his account but I could not see the order in question, which makes me spend more time looking for it until I noticed the difference that the order was placed correctly but out of his current account, as a guest user, even when he used the same email address.
In these terms, the system should be able to identify the email in use for guest accounts if is already registered and ask the user to log in or use a different email address.
So I add to add the customer_id number in the orders table so I could help him and have a proper record of the problem/solution
I see more benefits than issues in this regards,
Let me know what you think?
Thanks,
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
A quick workaround and probably not very user friendly, would be to add the following just after.
https://github.com/opencart/opencart/bl ... #L172-L174
https://github.com/opencart/opencart/bl ... #L172-L174
Code: Select all
$this->load->model('account/customer');
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}
Thanks for the prompt reply,straightlight wrote: ↑Fri Mar 26, 2021 12:42 amThe change you're referring about with the customer ID has been added on the master branch as an admin order filter already but not on previous OC versions. Which is why, on this day, you're suggesting that change to be made. However, it is already done. It's just not implemented into the OC version you are currently using.haxcop wrote: ↑Fri Mar 26, 2021 12:33 amThanks for your prompt reply.straightlight wrote: ↑Fri Mar 26, 2021 12:08 am
No problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
I don't mean "order_id", I mean "customer_id" is linked to unique contents in the tables which one of these must be always unique like customer email correct?
Well as Q.A. perspective and customer care it is not a good option to have multiple orders from the "same" customer "email" but not all allocated under the same "customer_id"
My reason is:
My customer contacts me in regards to his last order, so I look into the customer section and locate his account but I could not see the order in question, which makes me spend more time looking for it until I noticed the difference that the order was placed correctly but out of his current account, as a guest user, even when he used the same email address.
In these terms, the system should be able to identify the email in use for guest accounts if is already registered and ask the user to log in or use a different email address.
So I add to add the customer_id number in the orders table so I could help him and have a proper record of the problem/solution
I see more benefits than issues in this regards,
Let me know what you think?
Thanks,
Ok in that case that's good to know - perhaps do you know where the change is located So I could easily pick up and implement it?
Thanks again,
Hi ADD Creative,ADD Creative wrote: ↑Fri Mar 26, 2021 1:03 amA quick workaround and probably not very user friendly, would be to add the following just after.
https://github.com/opencart/opencart/bl ... #L172-L174
Code: Select all
$this->load->model('account/customer'); if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) { $json['error']['warning'] = $this->language->get('error_exists'); }
Thanks for the support and quick work on this thread, I will try and test your workaround,
regards,
I have tried the modification manually on the file and works as expected Thank you!ADD Creative wrote: ↑Fri Mar 26, 2021 1:03 amA quick workaround and probably not very user friendly, would be to add the following just after.
https://github.com/opencart/opencart/bl ... #L172-L174
Code: Select all
$this->load->model('account/customer'); if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) { $json['error']['warning'] = $this->language->get('error_exists'); }
Now another simple question you or anyone else with better coding experience than me could tell me why if I try to implement this modification via ocmod instead of directly on the file it will not work? is there any restriction on the controller files? or my guest.ocmod.xml file has something wrong that I can't see?...
Thanks in advance,
Code: Select all
<?xml version="1.0" encoding="UTF-8" ?>
<modification>
<generator>Created with OpenIX - https://openix.io/en/tool/opencart/ocmod</generator>
<name>guestcheckout</name>
<version>1</version>
<code>1</code>
<author>add_creative</author>
<link>https://forum.opencart.com/posting.php?mode=quote&f=201&p=817654</link>
<file path="catalog/controller/checkout/guest.php">
<operation>
<search><![CDATA[if ((utf8_strlen($this->request->post['email']) > 96) || !filter_var($this->request->post['email'], FILTER_VALIDATE_EMAIL)) {
$json['error']['email'] = $this->language->get('error_email');
}]]></search>
<add position="after"><![CDATA[$this->load->model('account/customer');
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}]]></add>
</operation>
</file>
</modification>
Change CODE to something meaningful not just 1
Check your modification log
Refresh modifications
Check your modification log
Refresh modifications
Hi, Thanks for your reply,mikeinterserv wrote: ↑Fri Mar 26, 2021 2:47 amChange CODE to something meaningful not just 1
Check your modification log
Refresh modifications
Still not working and, yes I did a refresh and everything as usual... could it be something else?
regards,
Who is online
Users browsing this forum: No registered users and 85 guests