| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Migrating Users to 5.x without passwords | ||||
|
|
Thread Tools | Search this Thread |
#1
|
|||||||
|
|||||||
Migrating Users to 5.x without passwords
When migrating customers from 4.x to 5.x decrypting the passwords is probably not an option.
So, to force your customers to change their passwords on the new store, you would need the decrypted password from 4.x and the encrypted SHA512 password from 5.x. Is there a way to force a customer to change their password if there is nothing in the password column?
__________________
xCart 5.2.16 |
|||||||
#2
|
|||||||||
|
|||||||||
Re: Migrating Users to 5.x without passwords
Quote:
How would this work? Would be anyone able to enter any e-mail address and specify the new password? It looks to be insecure. Instead, you can do it as follows: export all user e-mails and send them an e-mail asking to use the page at [your-domain]/cart.php?target=recover_password for changing their passwords. Will this work?
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful Click here to learn how to apply patches X-Cart Extensions |
|||||||||
#3
|
|||||||
|
|||||||
Re: Migrating Users to 5.x without passwords
It would be very insecure to have nothing in the password field. Is there any way to have them change/recover their passwords on the store site?
Emailing the customers is most likely not an option.
__________________
xCart 5.2.16 |
|||||||
|
#4
|
|||||||||
|
|||||||||
Re: Migrating Users to 5.x without passwords
Quote:
Are you sure that the option of emailing and asking them to recover their password here (cart.php?target=recover_password) would not work for you? If so, why not? It is secure as we do not email passwords as plain text. Please, let me know. Tony
__________________
Found a bug in X-Cart? Post it to our bug tracker! Know how to make X-Cart better? Suggest an idea! |
|||||||||
#5
|
|||||||
|
|||||||
Re: Migrating Users to 5.x without passwords
That would work but the passwords would have to be decrypted from 4.x and encrypted to 5.2. There is the problem.
__________________
xCart 5.2.16 |
|||||||
#6
|
|||||||||
|
|||||||||
Re: Migrating Users to 5.x without passwords
Uh, sorry, but I don't get why you think that the "recover password" function won't work without decrypting passwords from 4.x and encrypting them to 5.2.
Or is there some other goal that you want to achieve by doing the re-encrypting?
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful Click here to learn how to apply patches X-Cart Extensions |
|||||||||
#7
|
|||||||
|
|||||||
Re: Migrating Users to 5.x without passwords
If the data is exported from xCart 4.x and then imported in to xCart 5.x... The passwords in the 4.x install are something like "B-wls09823hf92" so when a user tries to login to the 5.x install, the password reset option never comes up. Just a invalid password alert.
The same happens if the password field is left blank.
__________________
xCart 5.2.16 |
|||||||
#8
|
|||||||||
|
|||||||||
Re: Migrating Users to 5.x without passwords
Do you mean that "cart.php?target=recover_password" URL does not display the "Recovery password" page? It works OK for me on my local 5.2.5 installation.
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful Click here to learn how to apply patches X-Cart Extensions |
|||||||||
#9
|
|||||||
|
|||||||
Re: Migrating Users to 5.x without passwords
Ahhhh. Ok I see. You mean to email the customers that link and they can change their password. I was testing it as if the customer went to the store and tried to login. They get a password invalid.
__________________
xCart 5.2.16 |
|||||||
#10
|
|||||||||
|
|||||||||
Re: Migrating Users to 5.x without passwords
Customers should see "forgot password" link on the login screen. If this is not present it is something wrong with your installation or it is a bug in cart. If they try to login and login is wrong they can click on the link right there on the spot. No need for emails.
While on the subject the whole "forgot password" logic there is so messed up. The link is called "forgot password", the url is "recover password" and the text is "reset password". Most likely the email prompts you to click on a link and specify new password. So how is this "recover password" I don't know.... since nothing is being recovered but new password is being setup instead.
__________________
Steve Stoyanov CFLSystems.com Web Development |
|||||||||
|
|||
X-Cart forums © 2001-2020
|