Purchase without account is badly broken

[rudolfl]

Hi all,

 

This contribution has a flaw in design.

 

Consider situation:

Customer tries to buy without an account, then drops out before completing the order.

 

Customer will never be able to complete the transaction ever again.

 

Here is what happens:

When customer tries to buy without an account, customer details are entered in database. Once order is completed, details are erased. If customer does not complete the order, details are never erased and customer can not use same e-mail address!

 

A "band-ais" solution is to modify create_account.php

Find line:

 $check_email_query = tep_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");

 

and change to:

 $check_email_query = tep_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'" . "and guest_account='0'");

This way, e-mail check is only performed on "real" customers and quest customer can use same e-mail again to complete the order.

 

However, this is a dirty solution -- original customer entry is no "zombie" entry in database and never gets cleaned. One can add code to create_account.php to detect quest customers with same e-mail and clean up all old entries before creating a new one. But what if customer never returns?

Really, a stand-alone script is needed to be run as cron job to remove all guest account entries that are older than, say 1 day.

 

Rudolf

[rudolfl]

There is another problem with PWA module -- order confirmation e-mail contains link to "detailed invoice". But, since customer does not have an account, link is broken and customers are unhappy.
Link should not be included in e-mail if customer checked out as guest.
 

Find:
 $email_order = STORE_NAME . "\n" .
                 EMAIL_SEPARATOR . "\n" .
                 EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "\n" .
                 EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $insert_id, 'SSL', false) . "\n" .
                 EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "\n\n";

 

Replace with:

$email_order = STORE_NAME . "\n" .
                 EMAIL_SEPARATOR . "\n" .
                 EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "\n";
        // If checked out as guest, do not include order URL
        if (!$order->customer['is_dummy_account'])
                $email_order .= EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $insert_id, 'SSL', false) . "\n";
                 $email_order .= EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "\n\n";

 

Rudolf