8 replies to this topic

[chemist4]

Part of a combined login/create account page I installed several months ago includes generating a random password so customers do not have to create one for themselves. It is, of course, given to them with the note that they can change it if they want to. However, even though I had it all working when I installed it, it now does not generate the password. The code originally read:

$password = tep_create_random_value(10);

Which should create a random password 10 characters long. But I started getting an error message that the password needs to be at least 5 characters long. So I replaced that code with:

$password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);

Which is the same as on the password forgotten page, yet I still get the error that the password is not long enough.

I know the function is in functions/general.php, so it should work, but it doesn't. This means that a customer has to really want to buy from me to do so since they have to go through the account creation process twice (and the DOB and phone number requirements I had removed were showing up as errors again).

What could be the reason for a basic function of the store to stop working?

Edited by chemist4, 19 May 2012 - 03:15 PM.

[DunWeb]

@chemist4

When a store is working and then suddenly stops, one of several things could have happened:

• Your server software has been updated and you need to update the store code to be compatible.
  
• Your site has been hacked
  
• You changed / added / removed a contribution that is now effecting the functionality of the site.

Chris

[chemist4]

Thanks Chris,

I went over the code and got it working (it is the Combined Login and Create Account add-on from here). I am not sure how it ever worked in the first place. Though I must admit I have not tested my login/create account page in several months, and it may not have worked except on my dev store.

Anyway, if anyone uses, or wants to use,  that add-on and would like to know what I changed I can post it. It is very handy to not require the customer to come up with a password for every site they buy from. With the automatically generated password, if they never come back it doesn't matter: they essentially check out as a guest, and if they do they can change it to anything they want.

[MrPhil]

I'm curious about what problems you found with the random string generation (for passwords). You're definitely running the one defined in includes/functions/general.php and not one defined elsewhere? It looks OK to me (2.3.1 version). It does depend on good random numbers from tep_rand() call, which in turn uses mt_rand() (a standard random number generator in PHP). I note that the tep_rand() function may try to reseed the mt_rand() generator, which if not done correctly could cause problems. As for returning strings less than the desired length, I dunno -- it shouldn't.

[chemist4]

MrPhil, on 20 May 2012 - 11:44 PM, said:

I'm curious about what problems you found with the random string generation (for passwords). You're definitely running the one defined in includes/functions/general.php and not one defined elsewhere? It looks OK to me (2.3.1 version). It does depend on good random numbers from tep_rand() call, which in turn uses mt_rand() (a standard random number generator in PHP). I note that the tep_rand() function may try to reseed the mt_rand() generator, which if not done correctly could cause problems. As for returning strings less than the desired length, I dunno -- it shouldn't.

I'm not going to claim to understand exactly how it all works, or doesn't; I just know that some of it didn't make sense to me, logically. For instance, the create account portion was taken right from the create_account.php file, so it had all the code to process the form, yet it was referring to the create_account.php file to do so instead of processing it itself. I think that is the biggest reason it didn't work. Once I changed that it worked as far as generating the passwords.

There were also some "}" either missing, extra, or in the wrong place. And some fields to enter required information were not shown. I know from reading in these forums that getting things like telephone number to not be required is sometimes tricky, but setting the minimum value to 0 worked for me (others say it must be blank).

So I don't know why it didn't work. I would think handing off the form data to another page would work the same as on any other form where the "action" is an external file. Maybe it is because the create_account page is expecting the password to be entered and encrypted, though it is still encrypted when it is inserted into the DB. But there are no problems with the random password generating function (I have updated it to the 2.3.1.1 version) that I can see. I tried the password forgotten function just to be sure and it worked fine before and after I updated. So I am guessing that the password was being generated, it was just being lost when the form data was sent to create_account.php.

[jellybean55]

and how did you fix it? i am having the same problem

[chemist4]

jellybean55, on 07 June 2012 - 03:37 PM, said:

and how did you fix it? i am having the same problem

It's been long enough I really don't remember exactly what I did. I know it involved changing the "action" to the same page (to itself) instead of create_account.php. I am working on making my changes into an add-on with full installation instructions. That and my combined checkout_shipping and checkout_payment, which I call "Short Checkout", should be ready soon.

[MrPhil]

Note that osC 2.3.2 has just been released, which supposedly fixes all these password issues. You might want to consider upgrading to this new version.

[chemist4]

MrPhil, on 19 July 2012 - 01:03 PM, said:

Note that osC 2.3.2 has just been released, which supposedly fixes all these password issues. You might want to consider upgrading to this new version.

It's now at 2.3.3. Are there any issues with going from 2.3.1.1 to 2.3.3? The instructions are only for 2.3.2 to 2.3.3.