Jack_mcs Posted August 13, 2022 Posted August 13, 2022 @osCommerce-OfficialI tried logging into my customer account after converting the V2 database. A message was displayed saying the password was not correct and had to be reset. I click the password forgotten but could not get past the captcha image. On each the message was that it was incorrect. My questions are: 1 - Why do I have to reset the password? If it is just a compatibility issue and the password will stay the same then I guess that is OK. But if all of the customers have to change their passwords that seems a needless bother to them,. Is there a way to prevent this? 2 - There's no way to change the captcha image without reloading the page in the browser. And even then the challenge doesn't always change. It took me seven tries, and about 12 reloads, to find a image that I could decipher. This is going to make a lot of customers angry. Can you, at least, add a refresh button to change the challenge? Spacing the characters in the challenge would be better. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Jack_mcs Posted August 20, 2022 Author Posted August 20, 2022 @osCommerce-OfficialAny idea on when this will be addressesd? I can get the reset email now but still can't login after changing the password, I gave up on guessing at the captcha characters after 15 tries. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
osCommerce-Official Posted August 21, 2022 Posted August 21, 2022 @ynechitajlo could you please comment regarding password and captcha here? Quote
pandrei Posted August 21, 2022 Posted August 21, 2022 On 8/13/2022 at 9:21 PM, Jack_mcs said: 1 - Why do I have to reset the password? If it is just a compatibility issue and the password will stay the same then I guess that is OK. But if all of the customers have to change their passwords that seems a needless bother to them,. Is there a way to prevent this? It is impossible to save previous passwords because they were not stored at all and because the security model was fundamentally changed to meet modern security standards. Quote
osCommerce-Official Posted August 22, 2022 Posted August 22, 2022 @Serge Bayev could you please also check this regarding passwords and captcha? See Jack's message above. Thanks! Quote
osCommerce-Official Posted August 22, 2022 Posted August 22, 2022 @Jack_mcs Please try to use Google's ReCaptcha You can find the setting in Settings / Configuration / MyStore - search for "Preferred use ReCaptcha" and set it to TRUE. Then go to Settings / Google Settings and enter Re-captchs key there. We suggest v2 version of ReCaptcha Quote
Serge Bayev Posted August 22, 2022 Posted August 22, 2022 Hi Jack, On 8/13/2022 at 9:21 PM, Jack_mcs said: 1 - Why do I have to reset the password? If it is just a compatibility issue and the password will stay the same then I guess that is OK. But if all of the customers have to change their passwords that seems a needless bother to them,. Is there a way to prevent this? Passwords are encrypted using a one-way encryption mechanism. It's not possible to recover the actual password text. In the latest version, the password encryption method has been updated to meet the latest security standards of modern data protection. Thus, we can't decrypt old passwords to re-encrypt them, nor we can use passwords encrypted with old algorithms. I know that many would like to avoid this step, but this is The Way... On 8/13/2022 at 9:21 PM, Jack_mcs said: 2 - There's no way to change the captcha image without reloading the page in the browser. And even then the challenge doesn't always change. It took me seven tries, and about 12 reloads, to find a image that I could decipher. This is going to make a lot of customers angry. Can you, at least, add a refresh button to change the challenge? Spacing the characters in the challenge would be better. After the captcha image is generated, it's available to you for a while, so yes, it's possible that you will see the same captcha after refreshing the page if there was no input attempt. I assure you that we spent a lot of time trying to find a balance in captcha distortion between "my 90-yo grandma will guess" and "God Damn you, Cypher!.." Maybe try switching to Google reCaptcha? You can enable it in "Settings" -> "Configuration" -> "My store", find "Preferred use ReCaptcha", select it, click "Edit" and change it to "True", then "Save". You'll then need to configure Google reCaptcha in "Settings" -> "Google Settings". Hope I've been helpful. Thank you! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.