Documentation You are here: start » v » 0.7.0 » customers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
v:0.7.0:customers [2011/05/13 08:09] – wikipedia link fixes foxybrettv:0.7.0:customers [2017/04/26 07:02] (current) – external edit 127.0.0.1
Line 36: Line 36:
  
 ===== Synchronizing Users and Passwords ===== ===== Synchronizing Users and Passwords =====
 +<wrap tip>FoxyCart v0.7.1+ have significantly improved functionality in this area.</wrap> Please check the latest documentation for more information.
 +
 Because FoxyCart was built from the ground up to augment and not replace external systems, it is a common occurrence that FoxyCart customer records will need to be created or updated from an external system, or that FoxyCart customers will need to automatically create users in external systems (like a CMS or CRM). Typically an integration like this will primarily use [[.:advanced:transaction_xml_datafeed|the Transaction XML Datafeed]] and [[.:advanced:api|the API]] to create and sync users, and [[.:advanced:sso|Single Sign-On (SSO)]] to make the customer checkout experience seamless. Because FoxyCart was built from the ground up to augment and not replace external systems, it is a common occurrence that FoxyCart customer records will need to be created or updated from an external system, or that FoxyCart customers will need to automatically create users in external systems (like a CMS or CRM). Typically an integration like this will primarily use [[.:advanced:transaction_xml_datafeed|the Transaction XML Datafeed]] and [[.:advanced:api|the API]] to create and sync users, and [[.:advanced:sso|Single Sign-On (SSO)]] to make the customer checkout experience seamless.
  
 While the possibilities for this type of synchronization are near limitless, the single most important thing is usually the customer's password. FoxyCart customer passwords are returned by the XML datafeed and the API as  [[wp>Hash_function|hashes]], and not the actual cleartext password. While the initial user creation is generally straightforward it can get tricky to maintain sync when passwords are reset, so if you tackle an advanced integration you must ensure that any and all password resetting functionality on your systems simultaneously updates the FoxyCart customer record.  While the possibilities for this type of synchronization are near limitless, the single most important thing is usually the customer's password. FoxyCart customer passwords are returned by the XML datafeed and the API as  [[wp>Hash_function|hashes]], and not the actual cleartext password. While the initial user creation is generally straightforward it can get tricky to maintain sync when passwords are reset, so if you tackle an advanced integration you must ensure that any and all password resetting functionality on your systems simultaneously updates the FoxyCart customer record. 
  
-FoxyCart currently supports (v0.7.1the following hashing methods (in alphabetical order, and in PHP pseudocode, using ''$'' to denote a variable, ''.'' to denote concatenation, and a single quote to encapsulate a string):+<wrap important>FoxyCart v0.7.1+ offers significantly improved password hashing support, as well as customer-specific hashing methods.</wrap> FoxyCart v0.7.0 only supports the following hashing methods (in alphabetical order, and in PHP pseudocode, using ''$'' to denote a variable, ''.'' to denote concatenation, and a single quote to encapsulate a string) on a //per-store// and not per-user basis:
  
-  ; ''concrete5'' 
-  : **Method:** ''md5($password.':'.$salt)'' 
-  : **Configuration:** The configuration value is the one single salt used for all customer records, since Concrete5 uses a single site-wide salt. 
-  ; ''joomla'' 
-  : **Method:** ''md5($password.$salt).':'.$salt'' 
-  : **Configuration:** The length of the randomly generated salt. 
-  : **Notes:** This is the method used as of Joomla 1.0.13. 
-  ; ''kohana3'' 
-  : **Method:** The hashing methods in the [[https://github.com/kohana/auth/blob/3.0/master/classes/kohana/auth.php|Kohana3 Auth module]]. 
-  : **Configuration:** The Auth module's ''$config['salt_pattern']'' value. FoxyCart defaults to the default value in the Auth module. 
   ; ''md5''   ; ''md5''
   : **Method:** ''md5($password)''   : **Method:** ''md5($password)''
   : **Configuration:** n/a   : **Configuration:** n/a
   : **Notes:** This is provided for legacy purposes, as many older systems may use unsalted MD5 hashes. It is not recommended unless you need to sync with a system that requires it.   : **Notes:** This is provided for legacy purposes, as many older systems may use unsalted MD5 hashes. It is not recommended unless you need to sync with a system that requires it.
-  ; ''md5_salted_suffix'' 
-  : **Method:** ''md5($password.$salt)'' 
-  : **Configuration:** The length of the randomly generated salt. 
-  ; ''md5_salted_suffix_2char'' 
-  : **Method:** ''md5($password.$salt)'' 
-  : **Configuration:** n/a 
-  : **Notes:** This really should only be used for synching to osCommerce prior to v2.3. 
-  ; ''phpass'' 
-  : **Method:** Uses the [[http://www.openwall.com/phpass/|phpass library]] in "portable" mode. (Portable mode is what most systems that use phpass default to.) 
-  : **Configuration:** The configuration value sets the iterations used to instantiate the ''PasswordHash'' class. Defaults to 8, which is what Wordpress and most other systems default to. 
-  : **Supported Systems:** 
-    * [[http://wordpress.org/|Wordpress]] 
-    * osCommerce 2.3+ 
- 
   ; ''sha1''   ; ''sha1''
   : **Method:** ''sha1($password)''   : **Method:** ''sha1($password)''
   : **Configuration:** n/a   : **Configuration:** n/a
   : **Notes:** This is provided for legacy purposes, as many older systems may use unsalted MD5 hashes. It is not recommended unless you need to sync with a system that requires it.   : **Notes:** This is provided for legacy purposes, as many older systems may use unsalted MD5 hashes. It is not recommended unless you need to sync with a system that requires it.
-  ; ''sha1_salted_suffix'' 
-  : **Method:** ''sha1($password.$salt)'' 
-  : **Configuration:** The length of the randomly generated salt. 
-  : **Supported Systems:** 
-    * [[http://silverstripe.org/|Silverstripe]] (default configuration) 
- 
-  ; ''sha256_salted_suffix'': 
-  : **Method:** ''sha256($password.$salt)'' 
-  : **Configuration:** The length of the randomly generated salt. 
-  : **Notes:** <wrap tip>This is the recommended hashing method.</wrap> 
  
-If you need alternate hashing methods please [[http://forum.foxycart.com/|let us know]]. Also important to note: In FoxyCart v0.7.0 only unsalted SHA-and MD5 are available, and are store-wide, not customer-specific.+If you need alternate hashing methods please [[:static:upgrading|upgrade]], as FoxyCart v0.7.1 supports many more hashing methods.
  
 Once the user creation and synchronization functionality is handled, [[.:advanced:sso|Single Sign-On (SSO)]] allows a customer who's already logged into the merchant's site to continue through to checkout with their user already loaded. This prevents users from needing to log in once to a site, then again on checkout. (SSO checkouts require the [[wp>Card_Security_Code|CSC]] to be entered, in order to minimize the risk of a malicious user stealing a cookie and processing an order using saved payment information.) Once the user creation and synchronization functionality is handled, [[.:advanced:sso|Single Sign-On (SSO)]] allows a customer who's already logged into the merchant's site to continue through to checkout with their user already loaded. This prevents users from needing to log in once to a site, then again on checkout. (SSO checkouts require the [[wp>Card_Security_Code|CSC]] to be entered, in order to minimize the risk of a malicious user stealing a cookie and processing an order using saved payment information.)

Page Tools

Site Tools