Page 1 of 1
Active customer can place an order as a Guest with the same email address
Posted: Thu Mar 25, 2021 11:33 pm
by haxcop
Hello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said, Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Re: Active customer can place an order as a Guest with the same email address
Posted: Thu Mar 25, 2021 11:53 pm
by straightlight
haxcop wrote: ↑Thu Mar 25, 2021 11:33 pm
Hello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said,
Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Posted in Bug Reports; OC version.
Re: Active customer can place an order as a Guest with the same email address
Posted: Thu Mar 25, 2021 11:59 pm
by haxcop
straightlight wrote: ↑Thu Mar 25, 2021 11:53 pm
haxcop wrote: ↑Thu Mar 25, 2021 11:33 pm
Hello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said,
Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Posted in Bug Reports; OC version.
You are correct I missed that very important detail.
Opencart Version - 3.0.3.6
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 12:08 am
by straightlight
haxcop wrote: ↑Thu Mar 25, 2021 11:59 pm
straightlight wrote: ↑Thu Mar 25, 2021 11:53 pm
haxcop wrote: ↑Thu Mar 25, 2021 11:33 pm
Hello Team,
I would like to know if anyone here could help me to solve this small issue.
Today I noticed one of my customers was able to place an order as a Guest using the same Details as he used previously for registration and past orders.
That said,
Opencart should not allow to continue as a Guest and prompt for login if the customer details already exist (name + last name + email_address).
Thanks in advance,
Posted in Bug Reports; OC version.
You are correct I missed that very important detail.
Opencart Version - 3.0.3.6
No problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 12:33 am
by haxcop
straightlight wrote: ↑Fri Mar 26, 2021 12:08 am
haxcop wrote: ↑Thu Mar 25, 2021 11:59 pm
straightlight wrote: ↑Thu Mar 25, 2021 11:53 pm
Posted in Bug Reports; OC version.
You are correct I missed that very important detail.
Opencart Version - 3.0.3.6
No problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
Thanks for your prompt reply.
I don't mean "order_id", I mean "customer_id" is linked to unique contents in the tables which one of these must be always unique like customer email correct?
Well as Q.A. perspective and customer care it is not a good option to have multiple orders from the "same" customer "email" but not all allocated under the same "customer_id"
My reason is:
My customer contacts me in regards to his last order, so I look into the customer section and locate his account but I could not see the order in question, which makes me spend more time looking for it until I noticed the difference that the order was placed correctly but out of his current account, as a guest user, even when he used the same email address.
In these terms, the system should be able to identify the email in use for guest accounts if is already registered and ask the user to log in or use a different email address.
So I add to add the customer_id number in the orders table so I could help him and have a proper record of the problem/solution
I see more benefits than issues in this regards,
Let me know what you think?
Thanks,
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 12:42 am
by straightlight
haxcop wrote: ↑Fri Mar 26, 2021 12:33 am
straightlight wrote: ↑Fri Mar 26, 2021 12:08 am
haxcop wrote: ↑Thu Mar 25, 2021 11:59 pm
You are correct I missed that very important detail.
Opencart Version - 3.0.3.6
No problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
Thanks for your prompt reply.
I don't mean "order_id", I mean "customer_id" is linked to unique contents in the tables which one of these must be always unique like customer email correct?
Well as Q.A. perspective and customer care it is not a good option to have multiple orders from the "same" customer "email" but not all allocated under the same "customer_id"
My reason is:
My customer contacts me in regards to his last order, so I look into the customer section and locate his account but I could not see the order in question, which makes me spend more time looking for it until I noticed the difference that the order was placed correctly but out of his current account, as a guest user, even when he used the same email address.
In these terms, the system should be able to identify the email in use for guest accounts if is already registered and ask the user to log in or use a different email address.
So I add to add the customer_id number in the orders table so I could help him and have a proper record of the problem/solution
I see more benefits than issues in this regards,
Let me know what you think?
Thanks,
The change you're referring about with the customer ID has been added on the master branch as an admin order filter already but not on previous OC versions. Which is why, on this day, you're suggesting that change to be made. However, it is already done. It's just not implemented into the OC version you are currently using.
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 1:03 am
by ADD Creative
A quick workaround and probably not very user friendly, would be to add the following just after.
https://github.com/opencart/opencart/bl ... #L172-L174
Code: Select all
$this->load->model('account/customer');
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 1:16 am
by haxcop
straightlight wrote: ↑Fri Mar 26, 2021 12:42 am
haxcop wrote: ↑Fri Mar 26, 2021 12:33 am
straightlight wrote: ↑Fri Mar 26, 2021 12:08 am
No problem. As for the bolded statement you're addressing about, each order IDs are unique which means, not only for security (and nowadays not only for laws reasons), customers do have the right to enter differentiated, but valid, information during checkout in accordance to PCI compliance. An account does not need to be matched with the customer's personal data information from a created account on an E-Commerce website while filling a service procurement order during checkout.
Thanks for your prompt reply.
I don't mean "order_id", I mean "customer_id" is linked to unique contents in the tables which one of these must be always unique like customer email correct?
Well as Q.A. perspective and customer care it is not a good option to have multiple orders from the "same" customer "email" but not all allocated under the same "customer_id"
My reason is:
My customer contacts me in regards to his last order, so I look into the customer section and locate his account but I could not see the order in question, which makes me spend more time looking for it until I noticed the difference that the order was placed correctly but out of his current account, as a guest user, even when he used the same email address.
In these terms, the system should be able to identify the email in use for guest accounts if is already registered and ask the user to log in or use a different email address.
So I add to add the customer_id number in the orders table so I could help him and have a proper record of the problem/solution
I see more benefits than issues in this regards,
Let me know what you think?
Thanks,
The change you're referring about with the customer ID has been added on the master branch as an admin order filter already but not on previous OC versions. Which is why, on this day, you're suggesting that change to be made. However, it is already done. It's just not implemented into the OC version you are currently using.
Thanks for the prompt reply,
Ok in that case that's good to know - perhaps do you know where the change is located So I could easily pick up and implement it?
Thanks again,
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 1:18 am
by haxcop
ADD Creative wrote: ↑Fri Mar 26, 2021 1:03 am
A quick workaround and probably not very user friendly, would be to add the following just after.
https://github.com/opencart/opencart/bl ... #L172-L174
Code: Select all
$this->load->model('account/customer');
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}
Hi ADD Creative,
Thanks for the support and quick work on this thread, I will try and test your workaround,
regards,
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 2:29 am
by haxcop
ADD Creative wrote: ↑Fri Mar 26, 2021 1:03 am
A quick workaround and probably not very user friendly, would be to add the following just after.
https://github.com/opencart/opencart/bl ... #L172-L174
Code: Select all
$this->load->model('account/customer');
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}
I have tried the modification manually on the file and works as expected Thank you!
Now another simple question you or anyone else with better coding experience than me could tell me why if I try to implement this modification via ocmod instead of directly on the file it will not work? is there any restriction on the controller files? or my guest.ocmod.xml file has something wrong that I can't see?...
Thanks in advance,
Code: Select all
<?xml version="1.0" encoding="UTF-8" ?>
<modification>
<generator>Created with OpenIX - https://openix.io/en/tool/opencart/ocmod</generator>
<name>guestcheckout</name>
<version>1</version>
<code>1</code>
<author>add_creative</author>
<link>https://forum.opencart.com/posting.php?mode=quote&f=201&p=817654</link>
<file path="catalog/controller/checkout/guest.php">
<operation>
<search><![CDATA[if ((utf8_strlen($this->request->post['email']) > 96) || !filter_var($this->request->post['email'], FILTER_VALIDATE_EMAIL)) {
$json['error']['email'] = $this->language->get('error_email');
}]]></search>
<add position="after"><![CDATA[$this->load->model('account/customer');
if ($this->model_account_customer->getTotalCustomersByEmail($this->request->post['email'])) {
$json['error']['warning'] = $this->language->get('error_exists');
}]]></add>
</operation>
</file>
</modification>
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 2:47 am
by mikeinterserv
Change CODE to something meaningful not just 1
Check your modification log
Refresh modifications
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 3:05 am
by haxcop
mikeinterserv wrote: ↑Fri Mar 26, 2021 2:47 am
Change CODE to something meaningful not just 1
Check your modification log
Refresh modifications
Hi, Thanks for your reply,
Still not working and, yes I did a refresh and everything as usual... could it be something else?
regards,
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 3:08 am
by mikeinterserv
I will test it for you and see
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 3:23 am
by mikeinterserv
There are a few things that need fixing - I will fix them and repost the mod
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 3:28 am
by mikeinterserv
OK try this
Re: Active customer can place an order as a Guest with the same email address
Posted: Fri Mar 26, 2021 8:30 am
by haxcop
Thanks that worked
is interesting to see that works taking the after as a reference and adding it before instead of the top to bottom, a good workaround!