Supertex Posted September 24, 2015 Share Posted September 24, 2015 @@burt @@kymation @@Jack_mcs Ok...I have a few customers that I create carts for. So far, I just go to the database, copy their pw hash, save it, and drop the hash from my own account in its place. Then I can log into their account as them, and create a cart. Then I log out and replace the hash. They then log in, and finish out the order with shipping and payment. I've done this on numerous occasions for about 5 different customers. Yesterday, I did this, and the customer's order had MY discounts applied. Also, I got the order email that he should have gotten. I was really confused as to how this could happen, but today, when I went to the DB to look closely at the order...I see my own customer ID, yet everything else on the order was from his account. I do know that he logged in very soon after I logged out...within minutes. I was logged in on another tab, to the admin. Is it possible, that the session somehow carried over to his login?? Any idea what caused this? What would happen if he was logged in and I went through the above steps? I have the "create order" addon, but that creates a FINISHED order, and I need for the customer to be able to select shipping and payment, THEN complete the order. Is there a better way to add items to a customer's cart from the admin side? osC v2.3.1 MySQL v8.0.32 PHP v5.6.40 Installed addons: . Attribute Sets Plus .. Create Account & Manual Order Maker .. Customer Testimonials 2.3.4 .. Customer Blacklist .. Dynamic Info Pages .. FedEx Web Svcs v9 .. Filtered Sales Report .. Generic Box .. Google XML Sitemap SEO .. Maximum Order Value .. Modular Front Page .. Monthly Sales & Tax Report .. Multiple Products Manager .. Must Accept Terms & Conditions .. Order Editior .. PDF Customer Invoice .. Price in Cart Only .. Product Sort/Order .. Product Sort in Cart .. Quantity Discounts .. Restrict Delivery Methods .. SEO Header Tags - Reloaded .. Separate Pricing Per Customer .. Simpler Admin Session Length Control .. Sitemap SEO .. Show Free Ship + Modules .. Specials by Category for SPPC .. Store Mode (open|closed|maintenance) .. Store Pickup Shipping .. Theme Switcher .. Ultimate SEO URLs 5 Pro .. UPS XML Rates & Svcs 1.4 .. USPS methods 7.3.1 .. Who's Online Dashboard . Fixes: Add to cart -> 'product not found' : FIX Login issues with IE 11 : FIX Tools: Incredibly Handy: osC Xref Link to comment Share on other sites More sharing options...
burt Posted September 24, 2015 Share Posted September 24, 2015 Firstly let me say this: "how you run your business, is your business". From a 3rd party point of view, this procedure of changing passwords could turn out to be a real problem in terms of sanity of data. Put bluntly, it's not something I would be recommending anyone to do such a thing. You should explore a way (inside admin) to; 1. select a client 2a. view clients saved cart, and update clients saved cart id required (remove/edit already saved products, add new products) 2b. add a cart (and contents) to a client if no saved cart exists 3. send email to client I am unsure if such an Addon already exists, and if it does, what standard of code it contains. There is one similar called "recover cart" or somesuch, I am not 100% sure if that allows to edit a clients cart. Link to comment Share on other sites More sharing options...
Supertex Posted September 24, 2015 Author Share Posted September 24, 2015 Firstly let me say this: "how you run your business, is your business". From a 3rd party point of view, this procedure of changing passwords could turn out to be a real problem in terms of sanity of data. Put bluntly, it's not something I would be recommending anyone to do such a thing. I could not agree more. And this specific problem (potentially the least among many much larger ones) should be reason enough. I won' t be offering this "service" any longer, until I can find an addon to handle it. osC v2.3.1 MySQL v8.0.32 PHP v5.6.40 Installed addons: . Attribute Sets Plus .. Create Account & Manual Order Maker .. Customer Testimonials 2.3.4 .. Customer Blacklist .. Dynamic Info Pages .. FedEx Web Svcs v9 .. Filtered Sales Report .. Generic Box .. Google XML Sitemap SEO .. Maximum Order Value .. Modular Front Page .. Monthly Sales & Tax Report .. Multiple Products Manager .. Must Accept Terms & Conditions .. Order Editior .. PDF Customer Invoice .. Price in Cart Only .. Product Sort/Order .. Product Sort in Cart .. Quantity Discounts .. Restrict Delivery Methods .. SEO Header Tags - Reloaded .. Separate Pricing Per Customer .. Simpler Admin Session Length Control .. Sitemap SEO .. Show Free Ship + Modules .. Specials by Category for SPPC .. Store Mode (open|closed|maintenance) .. Store Pickup Shipping .. Theme Switcher .. Ultimate SEO URLs 5 Pro .. UPS XML Rates & Svcs 1.4 .. USPS methods 7.3.1 .. Who's Online Dashboard . Fixes: Add to cart -> 'product not found' : FIX Login issues with IE 11 : FIX Tools: Incredibly Handy: osC Xref Link to comment Share on other sites More sharing options...
♥kymation Posted September 24, 2015 Share Posted September 24, 2015 This does sound like a session issue. Otherwise, I agree with @@burt -- this is a high-risk process. Unfortunately I don't know of a better way to do it. It may take some custom code. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
knifeman Posted September 24, 2015 Share Posted September 24, 2015 I could not agree more. And this specific problem (potentially the least among many much larger ones) should be reason enough. I won' t be offering this "service" any longer, until I can find an addon to handle it. We use master password for existing accounts and a guest checkout for new customers. Link to comment Share on other sites More sharing options...
♥John W Posted September 24, 2015 Share Posted September 24, 2015 Use a master password and log in with their email address. I'm not really a dog. Link to comment Share on other sites More sharing options...
burt Posted September 24, 2015 Share Posted September 24, 2015 Data Protection is also a factor to be considered. Master Password can potentially give you access to data that you (shopowner) have no right to. Watch out for PCI compliance, I'm looking at 10.2.2 and 10.2.5 - where an audit trail is required for those with unusual access (eg master password). I reiterate...do it right and all is well. Take shortcuts and things can go fubar quickly. Link to comment Share on other sites More sharing options...
♥John W Posted September 24, 2015 Share Posted September 24, 2015 I guess every situation can require different needs. In my case I'm logging in becaue of a phone order typically, and complete the order while their on the phone. I'm also given the CC over phone in which I enter it. I use Authorize.net AIM and have for over a decade. I don't store any cc data in any way. I'm also the only person that has this access. I don't exactly see a difference in doing this versus doing through the admin panel from a PCI standpoiint. Another advantage of doing this for me is I take the customer route through the site for all these orders, which I find helpful. I'm not really a dog. Link to comment Share on other sites More sharing options...
Supertex Posted September 24, 2015 Author Share Posted September 24, 2015 Master password might be more of a "frontside" solution, but sounds to me like it's just an automated way of doing exactly what I was already doing...and comes with the same risk(?). Something I couldn't find before (the way the addon section returns results is somewhat peculiar to me) is the "populate cart" addon. However, it was designed for 2.2, so I have no idea how well it will work with 2.3...if at all. We'll soon see. And not that it matters, but I don't allow the entry of financial data on the site at all. That's all handled at PayPal. So there's no data within the customer account or the DB, that isn't already visible in the admin, or on orders. Regardless, I will no longer make use of this practice - even sparingly. osC v2.3.1 MySQL v8.0.32 PHP v5.6.40 Installed addons: . Attribute Sets Plus .. Create Account & Manual Order Maker .. Customer Testimonials 2.3.4 .. Customer Blacklist .. Dynamic Info Pages .. FedEx Web Svcs v9 .. Filtered Sales Report .. Generic Box .. Google XML Sitemap SEO .. Maximum Order Value .. Modular Front Page .. Monthly Sales & Tax Report .. Multiple Products Manager .. Must Accept Terms & Conditions .. Order Editior .. PDF Customer Invoice .. Price in Cart Only .. Product Sort/Order .. Product Sort in Cart .. Quantity Discounts .. Restrict Delivery Methods .. SEO Header Tags - Reloaded .. Separate Pricing Per Customer .. Simpler Admin Session Length Control .. Sitemap SEO .. Show Free Ship + Modules .. Specials by Category for SPPC .. Store Mode (open|closed|maintenance) .. Store Pickup Shipping .. Theme Switcher .. Ultimate SEO URLs 5 Pro .. UPS XML Rates & Svcs 1.4 .. USPS methods 7.3.1 .. Who's Online Dashboard . Fixes: Add to cart -> 'product not found' : FIX Login issues with IE 11 : FIX Tools: Incredibly Handy: osC Xref Link to comment Share on other sites More sharing options...
Dan Cole Posted September 24, 2015 Share Posted September 24, 2015 Doesn't order editor/create order allow you to do all this without having to use the customer password? I know one of the contributions handles it and I think that's the name of it. ..we use it all the time to handle phone orders or local customer who want to pick up. If you can't find it let me know and I'll have a closer look at the module we use. Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Supertex Posted September 25, 2015 Author Share Posted September 25, 2015 Hi Dan. I actually have Order edit/create installed. However, it creates a completed order with no options for paying out. I -could- compile a PP 'bill' to send to my customers, but that addon also has some issues with the OT Quantity Discount module, which I rely heavily upon. I haven't had time to try and iron out the discount module compatibility, but since the editor only created 'completed' orders, I really haven't seen much point. Actually, at this point, I would have uninstalled it, but that lil dude is weaved in there deep enough that I just decided to leave it alone. So far, I have the Populate Cart addon adapted to 2.3 and working - for the most part. I haven't looked at the 'products with attributes' section of it yet, but from what I see so far, it does -exactly- what I need, and all from the admin. Changes can even be made to the cart while the customer is logged in - they just have to log out-in to see it. :) osC v2.3.1 MySQL v8.0.32 PHP v5.6.40 Installed addons: . Attribute Sets Plus .. Create Account & Manual Order Maker .. Customer Testimonials 2.3.4 .. Customer Blacklist .. Dynamic Info Pages .. FedEx Web Svcs v9 .. Filtered Sales Report .. Generic Box .. Google XML Sitemap SEO .. Maximum Order Value .. Modular Front Page .. Monthly Sales & Tax Report .. Multiple Products Manager .. Must Accept Terms & Conditions .. Order Editior .. PDF Customer Invoice .. Price in Cart Only .. Product Sort/Order .. Product Sort in Cart .. Quantity Discounts .. Restrict Delivery Methods .. SEO Header Tags - Reloaded .. Separate Pricing Per Customer .. Simpler Admin Session Length Control .. Sitemap SEO .. Show Free Ship + Modules .. Specials by Category for SPPC .. Store Mode (open|closed|maintenance) .. Store Pickup Shipping .. Theme Switcher .. Ultimate SEO URLs 5 Pro .. UPS XML Rates & Svcs 1.4 .. USPS methods 7.3.1 .. Who's Online Dashboard . Fixes: Add to cart -> 'product not found' : FIX Login issues with IE 11 : FIX Tools: Incredibly Handy: osC Xref Link to comment Share on other sites More sharing options...
Dan Cole Posted September 25, 2015 Share Posted September 25, 2015 @@Supertex Hummm....not sure what you mean Shawn...the version we use allows you to edit the order too so you can add or change items etc. We don't usually start an order and then let the customer login to complete it so maybe that's where the difference lies. Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.