Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

automatically send user info to another server?


nullset

Recommended Posts

Hi there,

This may seem like a dumb question, (noob) but does anyone know if there a way that once a customer creates a user account and makes a purchase, that automatically their user account, password and item details (bank stuff not required) can be sent automatically to a different online system, for example to configure their account after purchase?

Link to comment
Share on other sites

Neil,

 

The customer creates an account(usually) before making a purchases. So there is no reason for you to create their account after the purchase. At the minimum (with PWA) you will receive basic information and shipping information.

 

 

Chris

Link to comment
Share on other sites

Neil,

 

The customer creates an account(usually) before making a purchases. So there is no reason for you to create their account after the purchase. At the minimum (with PWA) you will receive basic information and shipping information.

 

 

Chris

 

hi Chris, thanks for the quick reply! Our use case is slightly odd, we are selling some hardware, which after purchase but before delivery will need to be further configured (by the user) via a external wizard on another server. The user may choose to configure it straight away, or might want to do it later, so we want to clone the user/name password to instantly create a login & pass on the configuration wizard part, so that is instantly ready for them to log into when ever they want.

Hope that makes sense?

Link to comment
Share on other sites

This could take some work. osCommerce stores a hash (one-way encryption) of the user's password. It's somewhat unlikely that the other system would use the same hash.

 

The other system might be modified to use the osCommerce login, or the opposite of course. You could also pass the raw username and password to the other system.

 

Are osC and the other system running on the same server? If they are, coding a bridge in PHP should not be too much trouble. I will be harder if they are running separately.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

  • 4 weeks later...

This could take some work. osCommerce stores a hash (one-way encryption) of the user's password. It's somewhat unlikely that the other system would use the same hash.

 

The other system might be modified to use the osCommerce login, or the opposite of course. You could also pass the raw username and password to the other system.

 

Are osC and the other system running on the same server? If they are, coding a bridge in PHP should not be too much trouble. I will be harder if they are running separately.

 

Regards

Jim

 

Thanks Jim,

The other system will be on another server unfortunately, and its Java not php, you mention "pass the raw username and password to the other system", do you mean that we could alter the oscommerce code to pass this on, before it is encrypted? This sounds like what we would be after, is this possible, and if so where would you go about doing it?

 

Many thanks

Neil

Link to comment
Share on other sites

You would have to intercept the username and password in the top of login.php.

 

Note that doing this is extremely risky. You are sending unencrypted passwords over the internet to another server. That's a hacker's dream. I think you need to rethink this whole process.

 

I would look at modifying one system or another so they use the same hash. Sending encrypted passwords still retains some risk, but not nearly as bad as sending them in the clear. Or you could set up some sort of encryption for both the username and password sent between the two systems.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

You would have to intercept the username and password in the top of login.php.

 

Note that doing this is extremely risky. You are sending unencrypted passwords over the internet to another server. That's a hacker's dream. I think you need to rethink this whole process.

 

I would look at modifying one system or another so they use the same hash. Sending encrypted passwords still retains some risk, but not nearly as bad as sending them in the clear. Or you could set up some sort of encryption for both the username and password sent between the two systems.

 

Regards

Jim

 

Thanks Jim, Of course you make very valid points, I was thinking we could include our own encryption system alright. I will look into this further...

best regards, Neil

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...