Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Example: website.com/index.php?route=account/login?unique_customer_token=TOKEN
The link will be sent by email, then if they click the link it will let them login automatically. Sorry for the noobish question.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
You don't need this. Try this solution instead: viewtopic.php?f=202&t=220903#p805005 . The master branch also contains the customer_token in the catalog from startup on Github Opencart. It's just currently under development.zerdnem wrote: ↑Wed Jul 28, 2021 2:37 pmIgnore user_token, is there any solution to generate links that will direct customers to their accounts without having to use username & password?
Example: website.com/index.php?route=account/login?unique_customer_token=TOKEN
The link will be sent by email, then if they click the link it will let them login automatically. Sorry for the noobish question.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Ok thank you. I will try to implement this codestraightlight wrote: ↑Wed Jul 28, 2021 5:20 pmYou don't need this. Try this solution instead: viewtopic.php?f=202&t=220903#p805005 . The master branch also contains the customer_token in the catalog from startup on Github Opencart. It's just currently under development.
No problem. However, I would suggest to download the package and make a backup of your current store, especially if it's already live. Then, to use this method to look for all appliable terms like: customer_token . See this post: viewtopic.php?f=202&t=221869&p=810094#p810094 . Also take note that the catalog/controller/startup/login.php file is loaded from the system/config folder. You might want to use VQMod exceptionally on this one (without cache): https://www.opencart.com/index.php?rout ... n_id=19501 .zerdnem wrote: ↑Wed Jul 28, 2021 6:16 pmOk thank you. I will try to implement this codestraightlight wrote: ↑Wed Jul 28, 2021 5:20 pmYou don't need this. Try this solution instead: viewtopic.php?f=202&t=220903#p805005 . The master branch also contains the customer_token in the catalog from startup on Github Opencart. It's just currently under development.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Now that the issue has been solved, please add: [SOLVED] at the beginning of the subject line on your first post.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
You would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
Do you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.ADD Creative wrote: ↑Wed Jul 28, 2021 8:26 pmYou would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
The previous link with the API token is pretty straightforward on how you could gather it and use it: viewtopic.php?f=202&t=224934&p=825873#p825848 .zerdnem wrote: ↑Wed Jul 28, 2021 8:32 pmDo you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.ADD Creative wrote: ↑Wed Jul 28, 2021 8:26 pmYou would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Yeah I'm also checking that solution and this articlestraightlight wrote: ↑Wed Jul 28, 2021 8:33 pmThe previous link with the API token is pretty straightforward on how you could gather it and use it: viewtopic.php?f=202&t=224934&p=825873#p825848 .zerdnem wrote: ↑Wed Jul 28, 2021 8:32 pmDo you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.ADD Creative wrote: ↑Wed Jul 28, 2021 8:26 pmYou would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
You would need to generate a token for a customer and store it for that customer in the database. I would also store a time so you can expire them. Make sure the token is a long cryptographically secure random one. You can then generate a link to your new controller with the code and possibly the email address.
In your new controller, check the email and code match. If they match and it's not expired log the customer in.
Check out the catalog/controller/account/forgotten.php and catalog/controller/account/reset.php files to see how the password reset work. What you are doing is similar, but logging in instead of resetting the password.
However, you must think of it like this. You are effectively putting the customers username and password in a link in an email. Anyone who has the link can login as that customer. You need to consider if that's a safe thing to do.
Thank you. The email will be sent to selected customers only and I will try to create this as a one-time use link.ADD Creative wrote: ↑Thu Jul 29, 2021 7:32 amYou would need to generate a token for a customer and store it for that customer in the database. I would also store a time so you can expire them. Make sure the token is a long cryptographically secure random one. You can then generate a link to your new controller with the code and possibly the email address.
In your new controller, check the email and code match. If they match and it's not expired log the customer in.
Check out the catalog/controller/account/forgotten.php and catalog/controller/account/reset.php files to see how the password reset work. What you are doing is similar, but logging in instead of resetting the password.
However, you must think of it like this. You are effectively putting the customers username and password in a link in an email. Anyone who has the link can login as that customer. You need to consider if that's a safe thing to do.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Users browsing this forum: OSWorX and 418 guests