Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

FX_Email_Verification


Recommended Posts

As per request this topic is in regards to my contribution FX_Email_Verification.

This contribution attempts to prevent bogus email address's upon creation of new accounts. Once an account is created the customer is emailed a password which will allow them to log in. The password fields on the Create Account page are dimmed and prepopulated with a randomly created password. These fields cannot be edited and/or selected by the customer. The store owner has the option to display these password fields or not to display them on the Create Account page.

 

The contribution includes and Admin panel addition under customers. This selection titled 'Verify Customers' allows the store owner to view which accounts have been created and not logged into. After creating a new account, even using a bogus email address, the information is still written to the database. 'Verify Customers' will display all customers that have not logged into their account - within a set time period. This set time period can be edited - default value is 30 days which means that anyone that has created the account and has not logged in after 30 days after will be displayed with a status indicater of red in the 'Password Expired' column. One other useful date that can be edited is the 'account verification start date', all customers before this date will not display on the 'Verify Customers' page. Reason - that account has already been created, bogus email or not.

Customer accounts can be deleted from the 'Customer Verify' page.

 

Installation is simple, just copy the catalog folder over your existing. No database changes..

 

The contribution includes a read_me.txt which explains more specifics concerning editing variables such as where they are and values.

 

Please post any suggestions, comments, and/or issues in this topic.

Lloyd

Link to comment
Share on other sites

FX_Email_Verification v4.0 just posted. This version offers complete user editing of Settings from the Admin Panel. Previous versions required manual editing in the code pages for the following settings:

1. Account verification date - this setting allows the store owner to set the date that all customers whom have created an account before or after to be displayed or not on the customer verification page.

2. Password length - allows the store owner to set the length of the emailed password in characters.

3. Password expiry time in days - displays status of account if account has not been logged into from account creation date to now.

4. Display password text boxes on Create Account page - by request, store owner has the option of displaying password text boxes on the Create Account page.

 

This version now writes to the databse table 'configuration' with the four constants named above.

Lloyd

Link to comment
Share on other sites

Works great, but how can the email sent to the customer reflect now many days the admin has set there password for.

 

The email reads

The return link above is temporary and will expire in 24 minutes this is nolonger the case. Using the link prior to expiration will restore any items you may have had in your shopping cart.

 

With the time now set to days this doesnt apply.

 

It would be nice for the email to match the time set in the admin ie Your password expires in (what admin set it as) days.

Edited by scorp
Link to comment
Share on other sites

Works great, but how can the email sent to the customer reflect now many days the admin has set there password for.

 

The email reads

The return link above is temporary and will expire in 24 minutes this is nolonger the case. Using the link prior to expiration will restore any items you may have had in your shopping cart.

 

With the time now set to days this doesnt apply.

 

It would be nice for the email to match the time set in the admin ie Your password expires in (what admin set it as) days.

 

The expiration of the link details how long the session id should last. If the customer had any products in the cart before creating the account then - when they return the cart should still be there.

That was on previous versions which included the session id in the link. v4.0 just has a link back to the log-in page because I found out that including the session id was not neccessary to restore cart contents.

 

But you are right - that part of the email should be changed - worded better - and your suggestion to include a password expiration date would be nice.

I will add that in the next update.

 

You could do it yourself:

Page 'catalog/includes/languages/english/create_account_redirect.php' Line 36

define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 30; . ' days.' . "\n\n");

 

 

Thank you.

Lloyd

Link to comment
Share on other sites

Page 'catalog/includes/languages/english/create_account_redirect.php' Line 36

define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 30; . ' days.' . "\n\n");

Thank you.

 

Thx will try it

Edited by scorp
Link to comment
Share on other sites

I have just posted an update to address the above issue. Thank you for your comments scorp..

 

i cant get the line to work keeps failing on line 36.

 

ive tryed

define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 7; . ' days.' . "\n\n");

 

tryed without the ; after 7 could someone have a look at this im sure it just a / or something in the wrong place.

Link to comment
Share on other sites

i cant get the line to work keeps failing on line 36.

 

ive tryed

define('EMAIL_NOTE', SEPERATER . "\n" . 'The return link above is temporary and will expire in ' . defined('ACCOUNT_PASSWORD_EXPIRY') ? ACCOUNT_PASSWORD_EXPIRY : 7; . ' days.' . "\n\n");

 

tryed without the ; after 7 could someone have a look at this im sure it just a / or something in the wrong place.

Parse error: syntax error, unexpected ';' in /home/sites/my_site/public_html/catalog/includes/languages/english/create_account_redirect.php on line 36

Link to comment
Share on other sites

OK,

I uploaded an update - but if you want to do it maually then change the file:

At the top find this:

// Sets the session expire time to be displayed in minutes for the email

if (isset($SESS_LIFE)) {

$sess_minutes = $SESS_LIFE/60;

} else {

$sess_minutes = '-contact store owner for details-';

}

 

Put this under it:

if (defined('ACCOUNT_PASSWORD_EXPIRY')) {

$days = ACCOUNT_PASSWORD_EXPIRY;

} else {

$days = '30';

}

 

Then change Line 36 to this:

define('EMAIL_NOTE', SEPERATER . "\n" . 'The password above is temporary and will expire in ' . $days . ' days.' . "\n" . 'Using the return link above within ' . $sess_minutes . ' minutes will restore any items you may have had in your shopping cart.' . "\n\n");

Lloyd

Link to comment
Share on other sites

Parse error: syntax error, unexpected ';' in /home/sites/my_site/public_html/catalog/includes/languages/english/create_account_redirect.php on line 36

Forget my last msg you must of posted just before your post about the update works fine with the update.

Link to comment
Share on other sites

Hello, I instaled that contrib (version 3.0) and it works great.

It would be very nice if the link in the email would point to account_password.php in order that customers could easily change their password, because I think is it difficult to some customers to change their password because they are not familiar with oscommerce stores, and they can forget it.

 

That could be perfect is if that link could point to a site where you only need to enter the new password, instead entering before the old one.

 

Thank you very much

Link to comment
Share on other sites

You should download the latest version 4.0 plus the update 4.0-Update_a instead.. You can install directly over 3.0.

 

I could do that - have the link go to change password instead - however the customer would still have to log on using the generated password first in order to access the page.

 

If you want you can change the link in the email yourself.

Page: catalog\create_account.php Around Line 279

$fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_LOGIN;

Change to:

$fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_ACCOUNT_PASSWORD;

Lloyd

Link to comment
Share on other sites

Ok, I will try it. I knew that customers have to log on before, but I think is better if just after logging in, you see the change password page.

I will install version 4.0, but because I have other contributions that modify create_account.php I am going to edit only the changes between v3 and v4, as I did when I installed version 3.

 

Thank yoy very much, it is just the contribution I was looking for.

Edited by henryfabu
Link to comment
Share on other sites

If you want you can change the link in the email yourself.

Page: catalog\create_account.php Around Line 279

$fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_LOGIN;

Change to:

$fx_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG . FILENAME_ACCOUNT_PASSWORD;

 

I think this is a better way, least the customer can change the password after they have signed in. Not many people would go to my account and change it.

This way the customer has it forced apon them to change it if they wished.

Edited by scorp
Link to comment
Share on other sites

I think this is a better way, least the customer can change the password after they have signed in. Not many people would go to my account and change it.

This way the customer has it forced apon them to change it if they wished.

 

OK guys - Ill put it in the contrib and upload a complete pckg.

Thanks for the input..

 

Better yet - I will add the option to the Settings box in the Admin Panel..

Lloyd

Link to comment
Share on other sites

I have just posted the new version FX_Email_Verification 4.0a

 

The newer version address's the requested option of the email link in the password email sent to the customer. Store owner now has the option of choosing to redirect customer to the password change page or the default page. This option is added to the Settings box in the Admin Panel.

 

Numerous other editing has been performed - Register Globals enhancements - and a number of changes to the create_account page.

 

Thanks to all the above for the suggestions.

Lloyd

Link to comment
Share on other sites

  • 4 weeks later...

Hello,

 

I have installed the 4.0a contribution but I still have a question related to the following quotation in your install file (read_me.txt):

 

"The contribution now adds 5 new rows to the database table 'configuration'. These constants can be seen by searching for the text 'FX_Verification_Email' in the column 'configuration_title'. The dafault values are used and no changes made to the database table 'configuration' until the 'Update' button is pressed in the Admin Panel Customers/Verify Customers - Settings Box."

 

And I don't see any SQL file to update the 'configuration' table in your 4.0a package.

Maybe I am wrong but it seems this file is missing?

 

Thanks in advance.

Link to comment
Share on other sites

  • 4 weeks later...
And I don't see any SQL file to update the 'configuration' table in your 4.0a package.

Maybe I am wrong but it seems this file is missing?

 

This seems to be a common question. Most contributions use an sql file to update the database. Versions up to 3.0 did not perform any changes to the database. The necessary variable were hard coded and changed by the user. These variables were set on pages, catalog/admin/customer_verify.php and catalog/create_account.php. I receievd a request to move these variables to the Admin panel - Customers/Customer Verification. This would enable the store owner to change these variables from the Admin panel rather than needing to change the files and re-load. So along came version 4.0, the newer version allows the store owner to administer changes to the contribution from the Admin panel rather than accessing the file code - and thus needs to place these varibles somewhere else for safekeeping. So I did instigate some database changes - and still did it without an sql file for previous version updates version 3 to 4 as well.

 

This means that you never need an sql file for early versions, and still do not need one for the latest version. The database updates are performed when you click the 'Update' button in the Admin panel under customers/customer verification. Even if you have previously installed version 3.0 or prior - then updated to 4.0, the code will check first time for database updates from previous versions which did not require it. If the database updates have not been added then the new rows will be inserted. There after the new rows are only updated. You can see this on page:

 

admin/customer_verify.php

Line:131

if ($check['total'] > '0') {
 while (list($key, $value) = each($post_array)) {											
	$update_array = array('configuration_value' => $value);
	tep_db_perform(TABLE_CONFIGURATION, $update_array, 'update', "configuration_key = '" . $key . "'");
}
// Check if RETURN_URL exists in db - if not - needs to be inserted first time for previous version update				
$check_query = tep_db_query("select configuration_key from " . TABLE_CONFIGURATION . " where configuration_key = 'RETURN_URL' limit 1");

if (tep_db_num_rows($check_query) < 1) {
tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, date_added) values ('FX_Verification_Email', 'RETURN_URL', '" . $post_array['RETURN_URL'] . "', now())");
}
} else {
 while (list($key, $value) = each($post_array)) {											
	tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, date_added) values ('FX_Verification_Email', '" . $key . "', '" . $value . "', now())");
}
}

 

As always I appreciate the feedback.

Speaking of which, I received a PM from Patrick van Zuijlen concerning the following,

 

understand you would like to hear when someone has a suggestion.

 

I noticed that if a customer has an account, it is possible that he/she could change their e-mail address to a bogus one.

 

I think the difficult here is in the situation they must be logged-in to be able to go to their account_edit.php, but your contribution checks to prevent a session so they must use their new password from the e-mail.

Maybe it is possible to delete the session(s) or logg them out, a check for sure and then changing the password and sent the e-mail?

If they are able to refresh the account_edit page after the new password is saved, it is possible to see the new password.

 

A other option is that the customer cannot change the e-mail address, or maybe the administrator must approve the changed e-mail address.

 

When thinking about this, maybe the password_forgotten.php page can be used. In addition they put in the old and also the new e-mail address. The password and e-mail address are changed and the 'standard' password-forgotten mail is sent to the customer.

I do see that password_forgotten.php is not able to prevent a session/to be logged in

 

I am working on this - but I have two other websites that I have to finish first, (I get paid for them) and they are some major projects.

It will be a few weeks yet - but I intend to upload a new version of FX_Email_Verfication in the future.

Any other suggestions or comments concerning a new version would be appreciated.

 

Please post to this forum.

Edited by photofxplus

Lloyd

Link to comment
Share on other sites

  • 8 months later...

Dear Lloyd,

 

Thank you for sharing this wonderful contribution. :thumbsup: :thumbsup: . At least now we will know who is our genuine customer.

 

However, after successfully installing your version 4.0a, I tried to register new account and I did not received any email from my store for the password. Hope you can help me how to solve this problem as this contribution will help me to avoid getting credit card fraud customer in near future.

 

p/s: Emailed sent to gmail account but not to yahoo account.

 

Best regards.

Ariff

Edited by Ariffshah
Link to comment
Share on other sites

  • 4 weeks later...

Dear Lloyd,

 

is there anyway we as a store owner can check password for our client? One of my customer sign up today and she said that she did not received any email verification for creating the account.

 

It would be nice if we can resent the password verification or send them the verification link to our customer.

 

Cheers.

Link to comment
Share on other sites

  • 1 month later...
Dear Lloyd,

 

Thank you for sharing this wonderful contribution. :thumbsup: :thumbsup: . At least now we will know who is our genuine customer.

 

However, after successfully installing your version 4.0a, I tried to register new account and I did not received any email from my store for the password. Hope you can help me how to solve this problem as this contribution will help me to avoid getting credit card fraud customer in near future.

 

p/s: Emailed sent to gmail account but not to yahoo account.

 

Best regards.

Ariff

 

Till to date, more than 30+ new customer register and did not complete the verification. I am worried as all this customer are using yahoo & hotmail email account. Is anyone could help me to solve this as the other solution is to inform the customer to not register using yahoo or hotmail email account.

 

Thank you in advance.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...