Post by zerdnem » Wed Jul 28, 2021 2:01 pm

Good day everyone! I just want to know if it is possible to let customers autologin without username & password, similarly to what an admin can do using user_token. The purpose for this query is, I'm sending emails to customers with link to a specific page that needs customer login.
Last edited by zerdnem on Thu Jul 29, 2021 11:50 am, edited 1 time in total.

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by thekrotek » Wed Jul 28, 2021 2:28 pm

user_token expires the same way the front-end session does, so you won't solve your task with it.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by zerdnem » Wed Jul 28, 2021 2:37 pm

Ignore user_token, is there any solution to generate links that will direct customers to their accounts without having to use username & password?

Example: website.com/index.php?route=account/login?unique_customer_token=TOKEN

The link will be sent by email, then if they click the link it will let them login automatically. Sorry for the noobish question.

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by thekrotek » Wed Jul 28, 2021 4:10 pm

Well, it is possible to create such modification, which generate one-time tokens. When user logs in with this token, it is automatically removed and to login the same way again a new token should be generated. I can create this modification for you, if you wish.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by straightlight » Wed Jul 28, 2021 5:20 pm

zerdnem wrote:
Wed Jul 28, 2021 2:37 pm
Ignore user_token, is there any solution to generate links that will direct customers to their accounts without having to use username & password?

Example: website.com/index.php?route=account/login?unique_customer_token=TOKEN

The link will be sent by email, then if they click the link it will let them login automatically. Sorry for the noobish question.
You don't need this. Try this solution instead: viewtopic.php?f=202&t=220903#p805005 . The master branch also contains the customer_token in the catalog from startup on Github Opencart. It's just currently under development.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by zerdnem » Wed Jul 28, 2021 6:16 pm

straightlight wrote:
Wed Jul 28, 2021 5:20 pm
You don't need this. Try this solution instead: viewtopic.php?f=202&t=220903#p805005 . The master branch also contains the customer_token in the catalog from startup on Github Opencart. It's just currently under development.
Ok thank you. I will try to implement this code

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by straightlight » Wed Jul 28, 2021 8:10 pm

zerdnem wrote:
Wed Jul 28, 2021 6:16 pm
straightlight wrote:
Wed Jul 28, 2021 5:20 pm
You don't need this. Try this solution instead: viewtopic.php?f=202&t=220903#p805005 . The master branch also contains the customer_token in the catalog from startup on Github Opencart. It's just currently under development.
Ok thank you. I will try to implement this code
No problem. However, I would suggest to download the package and make a backup of your current store, especially if it's already live. Then, to use this method to look for all appliable terms like: customer_token . See this post: viewtopic.php?f=202&t=221869&p=810094#p810094 . Also take note that the catalog/controller/startup/login.php file is loaded from the system/config folder. You might want to use VQMod exceptionally on this one (without cache): https://www.opencart.com/index.php?rout ... n_id=19501 .

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by zerdnem » Wed Jul 28, 2021 8:16 pm

I'm using OC v3.0.2.0 so customer_token is not yet implemented, I'm using my code editor's string search feature.

Thank you, this will suffice.

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by straightlight » Wed Jul 28, 2021 8:18 pm

zerdnem wrote:
Wed Jul 28, 2021 8:16 pm
I'm using OC v3.0.2.0 so customer_token is not yet implemented, I'm using my code editor's string search feature.

Thank you, this will suffice.
Now that the issue has been solved, please add: [SOLVED] at the beginning of the subject line on your first post.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Wed Jul 28, 2021 8:26 pm

zerdnem wrote:
Wed Jul 28, 2021 6:16 pm
Ok thank you. I will try to implement this code
You would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by zerdnem » Wed Jul 28, 2021 8:32 pm

ADD Creative wrote:
Wed Jul 28, 2021 8:26 pm
You would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
Do you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by straightlight » Wed Jul 28, 2021 8:33 pm

zerdnem wrote:
Wed Jul 28, 2021 8:32 pm
ADD Creative wrote:
Wed Jul 28, 2021 8:26 pm
You would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
Do you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.
The previous link with the API token is pretty straightforward on how you could gather it and use it: viewtopic.php?f=202&t=224934&p=825873#p825848 .

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by zerdnem » Wed Jul 28, 2021 8:39 pm

straightlight wrote:
Wed Jul 28, 2021 8:33 pm
zerdnem wrote:
Wed Jul 28, 2021 8:32 pm
ADD Creative wrote:
Wed Jul 28, 2021 8:26 pm
You would be wasting your time looking at that code. It's for CSRF protection. Kind of the opposite of what you want to do.
Do you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.
The previous link with the API token is pretty straightforward on how you could gather it and use it: viewtopic.php?f=202&t=224934&p=825873#p825848 .
Yeah I'm also checking that solution and this article

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by ADD Creative » Thu Jul 29, 2021 7:32 am

zerdnem wrote:
Wed Jul 28, 2021 8:32 pm
Do you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.
You would need to generate a token for a customer and store it for that customer in the database. I would also store a time so you can expire them. Make sure the token is a long cryptographically secure random one. You can then generate a link to your new controller with the code and possibly the email address.

In your new controller, check the email and code match. If they match and it's not expired log the customer in.

Check out the catalog/controller/account/forgotten.php and catalog/controller/account/reset.php files to see how the password reset work. What you are doing is similar, but logging in instead of resetting the password.

However, you must think of it like this. You are effectively putting the customers username and password in a link in an email. Anyone who has the link can login as that customer. You need to consider if that's a safe thing to do.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by zerdnem » Thu Jul 29, 2021 11:49 am

ADD Creative wrote:
Thu Jul 29, 2021 7:32 am
zerdnem wrote:
Wed Jul 28, 2021 8:32 pm
Do you have any suggestions on how should I do this? I don't need the full code, I just want to have an understanding how something like this is implemented.
You would need to generate a token for a customer and store it for that customer in the database. I would also store a time so you can expire them. Make sure the token is a long cryptographically secure random one. You can then generate a link to your new controller with the code and possibly the email address.

In your new controller, check the email and code match. If they match and it's not expired log the customer in.

Check out the catalog/controller/account/forgotten.php and catalog/controller/account/reset.php files to see how the password reset work. What you are doing is similar, but logging in instead of resetting the password.

However, you must think of it like this. You are effectively putting the customers username and password in a link in an email. Anyone who has the link can login as that customer. You need to consider if that's a safe thing to do.
Thank you. The email will be sent to selected customers only and I will try to create this as a one-time use link.

New member

Posts

Joined
Sun Dec 06, 2020 2:19 pm

Post by straightlight » Thu Jul 29, 2021 7:40 pm

Now that the issue has been solved, please add: [SOLVED] at the beginning of the subject line on your first post.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 100 guests