nullset Posted March 16, 2010 Share Posted March 16, 2010 Hi there, This may seem like a dumb question, (noob) but does anyone know if there a way that once a customer creates a user account and makes a purchase, that automatically their user account, password and item details (bank stuff not required) can be sent automatically to a different online system, for example to configure their account after purchase? Link to comment Share on other sites More sharing options...
Guest Posted March 16, 2010 Share Posted March 16, 2010 Neil, The customer creates an account(usually) before making a purchases. So there is no reason for you to create their account after the purchase. At the minimum (with PWA) you will receive basic information and shipping information. Chris Link to comment Share on other sites More sharing options...
nullset Posted March 16, 2010 Author Share Posted March 16, 2010 Neil, The customer creates an account(usually) before making a purchases. So there is no reason for you to create their account after the purchase. At the minimum (with PWA) you will receive basic information and shipping information. Chris hi Chris, thanks for the quick reply! Our use case is slightly odd, we are selling some hardware, which after purchase but before delivery will need to be further configured (by the user) via a external wizard on another server. The user may choose to configure it straight away, or might want to do it later, so we want to clone the user/name password to instantly create a login & pass on the configuration wizard part, so that is instantly ready for them to log into when ever they want. Hope that makes sense? Link to comment Share on other sites More sharing options...
♥kymation Posted March 17, 2010 Share Posted March 17, 2010 This could take some work. osCommerce stores a hash (one-way encryption) of the user's password. It's somewhat unlikely that the other system would use the same hash. The other system might be modified to use the osCommerce login, or the opposite of course. You could also pass the raw username and password to the other system. Are osC and the other system running on the same server? If they are, coding a bridge in PHP should not be too much trouble. I will be harder if they are running separately. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
nullset Posted April 14, 2010 Author Share Posted April 14, 2010 This could take some work. osCommerce stores a hash (one-way encryption) of the user's password. It's somewhat unlikely that the other system would use the same hash. The other system might be modified to use the osCommerce login, or the opposite of course. You could also pass the raw username and password to the other system. Are osC and the other system running on the same server? If they are, coding a bridge in PHP should not be too much trouble. I will be harder if they are running separately. Regards Jim Thanks Jim, The other system will be on another server unfortunately, and its Java not php, you mention "pass the raw username and password to the other system", do you mean that we could alter the oscommerce code to pass this on, before it is encrypted? This sounds like what we would be after, is this possible, and if so where would you go about doing it? Many thanks Neil Link to comment Share on other sites More sharing options...
♥kymation Posted April 14, 2010 Share Posted April 14, 2010 You would have to intercept the username and password in the top of login.php. Note that doing this is extremely risky. You are sending unencrypted passwords over the internet to another server. That's a hacker's dream. I think you need to rethink this whole process. I would look at modifying one system or another so they use the same hash. Sending encrypted passwords still retains some risk, but not nearly as bad as sending them in the clear. Or you could set up some sort of encryption for both the username and password sent between the two systems. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
nullset Posted April 14, 2010 Author Share Posted April 14, 2010 You would have to intercept the username and password in the top of login.php. Note that doing this is extremely risky. You are sending unencrypted passwords over the internet to another server. That's a hacker's dream. I think you need to rethink this whole process. I would look at modifying one system or another so they use the same hash. Sending encrypted passwords still retains some risk, but not nearly as bad as sending them in the clear. Or you could set up some sort of encryption for both the username and password sent between the two systems. Regards Jim Thanks Jim, Of course you make very valid points, I was thinking we could include our own encryption system alright. I will look into this further... best regards, Neil Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.