DAVID3733 Posted April 24, 2019 Share Posted April 24, 2019 I have Simple Master Password v3.1 osC 2.3.x installed on 2.3.4.1 CE BS4 PHP-7.2 I am not sure if the issue i have is by design or not all seems to work fine except if a client has purchased via paypal express I cannot log on as the customer for a new sale to be made via other means when i look into the database there are no passwords stored for these transactions, and i can understand why if that is supposed to be the case But would have thought we could still login as the customer after the fact I am pretty sure we could on the old server with a lower PHP of 5.4, I do not think it has such a high encryption, and certainly never said encypt in the admin panel as the version above does so the question is should i be able to log in as a old paypal express customer? Should the database be storing passwords for paypal express customers? Hope i have explained this enough regards david David Link to comment Share on other sites More sharing options...
♥JcMagpie Posted April 24, 2019 Share Posted April 24, 2019 From what I remember PayPal Express allows guest checkout! So if the customer used that option you probably will not have any saved password. 😊 just checked and I do use it and it will allow guest checkout Link to comment Share on other sites More sharing options...
DAVID3733 Posted April 24, 2019 Author Share Posted April 24, 2019 Hi Thanks for replying to my question, I did think that would be the case but its nice to have it confirmed So that leaves master Password not working if the password field is blank I used a password from a known customer account and put the encrypted details direct into the database and can log into it So I assume that its normal from all other aspects which just leaves master password not liking a blank password field I believe the contrib uses the function below in password_funcs.php // This function validates a plain text password with a // salted or phpass password function tep_validate_password($plain, $encrypted) { if (tep_not_null($plain) && tep_not_null($encrypted)) { if (tep_password_type($encrypted) == 'salt') { return tep_validate_old_password($plain, $encrypted); } if (!class_exists('PasswordHash')) { include('includes/classes/passwordhash.php'); } $hasher = new PasswordHash(10, true); return ($hasher->CheckPassword($plain, MASTER_PASS) || $hasher->CheckPassword($plain, $encrypted)); } return false; } Not sure but i read this as it only looks at the password if its not null so if its null its not not running slightly (by a lot) out of my depth in reading the function, but thats kind of what it says to me David Link to comment Share on other sites More sharing options...
♥JcMagpie Posted April 24, 2019 Share Posted April 24, 2019 😊 having never used the add-on i'm not in a position to comment on that, but if you send me a link to the add-on I'm happy to install on test site and try. The link in first post just takes me to the apps page. Link to comment Share on other sites More sharing options...
DAVID3733 Posted April 24, 2019 Author Share Posted April 24, 2019 Hi again https://apps.oscommerce.com/y2XRp&simple-master-password-for-osc-2-3-1 https://apps.oscommerce.com/y2XRp&simple-master-password-for-osc-2-3-1 regards David Link to comment Share on other sites More sharing options...
♥JcMagpie Posted April 24, 2019 Share Posted April 24, 2019 Hi, Yes found it just after I posted 😊 it's the one ♥BrockleyJohn updated I installed it and it's working fine as far as I can tell. The problem is not the master password it's doing everything it should. The problem is that osC saves some basic customer info even if the customer has not registerd. As a customer checking out with PayPal express you should check out and have no foot print as far as an account is concerned in osC. However osC uses the customer details and makes an account (or customer) with the name and email but with no pasword. This will not be a problem if customer keeps simply buying by just using guest checkout, but if they do decide to make an account then the email will already be in the db and they will get an error. I don't know the code that well for this part of osC so not sure there is a easy fix for this. I would say that as it's a guest checkout you don't actualy have an account on which to use master password on! The customer did not make an account, osC decided to save some info into the customer table which you are assuming is an account. I know it's not helping but the add-on is doing what it's design to, no password not account that's how osC looks to work. I'm sure one of the developers will be able to offer better input. Link to comment Share on other sites More sharing options...
DAVID3733 Posted April 24, 2019 Author Share Posted April 24, 2019 Yes I agree it doing everything that it should, and if i hadn't have had a old paypal customer come back to purchase via credit card I wouldn't have known that there was a issue It just needs to ignore that the password field is blank so we can be logged in Thanks a lot for looking at this, it helps a lot to know its how it should be, even if thats not quite what I would like regards David Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.