Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

master password paypal password


Recommended Posts

I have Simple Master Password v3.1 osC 2.3.x

installed on CE BS4 PHP-7.2

I am not sure if the issue i have is by design or not

all seems to work fine except if a client has purchased via paypal express I cannot log on as the customer for a new sale to be made via other means

when i look into the database there are no passwords stored for these transactions, and i can understand why if that is supposed to be the case

But would have thought we could still login as the customer after the fact

I am pretty sure we could on the old server with a lower PHP of 5.4, I do not think it has such a high encryption, and certainly never said encypt in the admin panel as the version above does

so the question is should i be able to log in as a old paypal express customer?

Should the database be storing passwords for paypal express customers?

Hope i have explained this enough





Link to comment
Share on other sites

From what I remember PayPal Express allows guest checkout! So if the customer used that option you probably will not have any saved password.

😊 just checked and I do use it and it will allow guest checkout



Link to comment
Share on other sites


Thanks for replying to my question, I did think that would be the case but its nice to have it confirmed

So that leaves master Password not working if the password field is blank

I used a password from a known customer account and put the encrypted details direct into the database and can log into it

So I assume that its normal from all other aspects which just leaves master password not liking a blank password field

I believe the contrib uses the function below in password_funcs.php

// This function validates a plain text password with a
// salted or phpass password
  function tep_validate_password($plain, $encrypted) {
    if (tep_not_null($plain) && tep_not_null($encrypted)) {
      if (tep_password_type($encrypted) == 'salt') {
        return tep_validate_old_password($plain, $encrypted);

      if (!class_exists('PasswordHash')) {

      $hasher = new PasswordHash(10, true);

      return ($hasher->CheckPassword($plain, MASTER_PASS) || $hasher->CheckPassword($plain, $encrypted));

    return false;

Not sure but i read this as it only looks at the password if its not null

so if its null its not not running

slightly (by a lot) out of my depth in reading the function, but thats kind of what it says to me


Link to comment
Share on other sites

😊 having never used the add-on i'm not in a position to comment on that, but if you send me a link to the add-on I'm happy to install on test site and try. The link in first post just takes me to the apps page.


Link to comment
Share on other sites


Yes found it just after I posted 😊 it's the one ♥BrockleyJohn  updated I installed it and it's working fine as far as I can tell. The problem is not the master password it's doing everything it should. The problem is that osC saves some basic customer info even if the customer has not registerd. As a customer checking out with PayPal express you should check out and have no foot print as far as an account is concerned in osC. However osC uses the customer details and makes an account (or customer) with the name and email but with no pasword.

This will not be a problem if customer keeps simply buying by just using guest checkout, but if they do decide to make an account then the email will already be in the db and they will get an error.

I don't know the code that well for this part of osC so not sure there is a easy fix for this.

I would say that as it's a guest checkout you don't actualy have an account on which to use master password on! The customer did not make an account, osC decided to save some info into the customer table which you are assuming is an account.

I know it's not helping :( but the add-on is doing what it's design to, no password not account that's how osC looks to work. I'm sure one of the developers will be able to offer better input.


Link to comment
Share on other sites

Yes I agree it doing everything that it should, and if i hadn't have had a old paypal customer come back to purchase via credit card I wouldn't have known that there was a issue

It just needs to ignore that the password field is blank so we can be logged in

Thanks a lot for looking at this, it helps a lot to know its how it should be, even if thats not quite what I would like



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...