Documentation You are here: start » v » 2.0 » customers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
v:2.0:customers [2017/02/09 21:06] – [Synchronizing Users and Passwords] foxybrettv:2.0:customers [2026/01/15 11:46] (current) adam
Line 1: Line 1:
 ====== Customers: Notes and Features ====== ====== Customers: Notes and Features ======
  
-Without the customer, e-commerce wouldn't be very exciting (or profitable), so a thorough understanding of the customer as treated by FoxyCart is important for any merchant or developer using FoxyCart.+Without the customer, e-commerce wouldn't be very exciting (or profitable), so a thorough understanding mof the customer as treated by FoxyCart is important for any merchant or developer using FoxyCart.
  
  
Line 7: Line 7:
 There are two ways to create a customer record in FoxyCart. The first and most common is to allow the customer record to be created automatically upon a successful transaction. The second method is to create the customer record directly via [[.:api|the API]]. There are two ways to create a customer record in FoxyCart. The first and most common is to allow the customer record to be created automatically upon a successful transaction. The second method is to create the customer record directly via [[.:api|the API]].
  
-Regardless the method of creation, the single most important piece of a customer record is the email address used. The email address can be considered the unique key for the customer; there cannot be two different (non-guest) customer records with the same email address.+Regardless the method of creation, the single most important piece of a customer record is the email address used. The email address can be considered the unique key for the customer; there cannot be two different (non-guest) customer records with the same email address in a single store.
  
 ===== Guest Customers and Saved Customers ===== ===== Guest Customers and Saved Customers =====
Line 15: Line 15:
   * Do not enter a password.   * Do not enter a password.
   * Can enter an email address already used by other guest or saved customer records.   * Can enter an email address already used by other guest or saved customer records.
-  * Cannot choose to save their payment information. (This option is hidden from the checkout if in guest mode.) 
   * Cannot purchase a subscription. (Guest mode as an option is hidden if a subscription is in the cart.)   * Cannot purchase a subscription. (Guest mode as an option is hidden if a subscription is in the cart.)
   * Cannot be retrieved, created or edited via the API.   * Cannot be retrieved, created or edited via the API.
   * Cannot retrieve their information if they purchase again in the future and enter their previously used email. (Because they have no password, there'd be no way for the customer to authenticate anyway.)   * Cannot retrieve their information if they purchase again in the future and enter their previously used email. (Because they have no password, there'd be no way for the customer to authenticate anyway.)
   * Cannot be converted into a non-guest customer.   * Cannot be converted into a non-guest customer.
 +
 +To set up your checkout to use guest customers only, follow the instructions [[:v:2.0:customers:customers_step_by_step:guest_only_checkout|here]].
  
 Non-guest customers: Non-guest customers:
   * Must have an email address unique among non-guest customers.   * Must have an email address unique among non-guest customers.
-  * Can choose to save their payment information. 
   * Can be created and edited via the API.   * Can be created and edited via the API.
-  * Can enter their previously used password when returning to a checkout page, or can checkout as a guest (if guest checkout is allowed by the store).+  * Can enter their previously used password when returning to a checkout page, or can checkout as a guest (if guest checkout is allowed by the store) to have their saved information automatically populated on the checkout.
   * Cannot be converted into a guest customer.   * Cannot be converted into a guest customer.
  
Line 54: Line 54:
  
 FoxyCart currently supports the following hashing methods (in alphabetical order, and in PHP pseudocode, using ''$'' to denote a variable, ''.'' to denote concatenation, and a single quote to encapsulate a string): FoxyCart currently supports the following hashing methods (in alphabetical order, and in PHP pseudocode, using ''$'' to denote a variable, ''.'' to denote concatenation, and a single quote to encapsulate a string):
 +
 +  ; ''Argon2id'':
 +  : **Method:** ''argon2id''
 +  : **Notes:** It will use the default configuration options when generating the hash
 +  ; ''BCrypt (with cost)'':
 +  : **Method:** ''bcrypt''
 +  : **Configuration:** The cost, default 14
 +  : **Notes:** <wrap tip>This is the recommended hashing method.</wrap> It will generate the standard ''$2y$'' crypt format, which is always 60 characters wide.
 +  : **Supported Systems:**
 +    * [[https://drupal.org/|Drupal]] 10.1.0+ (use a cost of 10)
 +
 +  ; ''BCrypt (for WordPress 6.8+)'':
 +  : **Method:** ''bcrypt_wp''
 +  : **Configuration:** The cost, default 10
 +  : **Notes:** It will generate the Wordpress specific ''$wp$2y$'' crypt format, which is always 63 characters wide.
 +  : **Supported Systems:**
 +    *[[http://wordpress.org/|Wordpress]] 6.8+
  
   ; ''concrete5''   ; ''concrete5''
   : **Method:** ''md5($password.':'.$salt)''   : **Method:** ''md5($password.':'.$salt)''
   : **Configuration:** The configuration value is the one single salt used for all customer records, since Concrete5 uses a single site-wide salt.   : **Configuration:** The configuration value is the one single salt used for all customer records, since Concrete5 uses a single site-wide salt.
 +  ; ''Craft CMS'':
 +  : **Method:** Specific to Craft.
 +  ; ''ExpressionEngine'':
 +  : **Method:** Specific to ExpressionEngine.
   ; ''joomla''   ; ''joomla''
   : **Method:** ''md5($password.$salt).':'.$salt''   : **Method:** ''md5($password.$salt).':'.$salt''
Line 65: Line 86:
   : **Method:** The hashing methods in the [[https://github.com/kohana/auth/blob/3.0/master/classes/kohana/auth.php|Kohana3 Auth module]].   : **Method:** The hashing methods in the [[https://github.com/kohana/auth/blob/3.0/master/classes/kohana/auth.php|Kohana3 Auth module]].
   : **Configuration:** The Auth module's ''$config['salt_pattern']'' value. FoxyCart defaults to the default value in the Auth module.   : **Configuration:** The Auth module's ''$config['salt_pattern']'' value. FoxyCart defaults to the default value in the Auth module.
 +  ; ''Magento MD5'':
 +  : **Method:** For older Magento installations.
   ; ''md5''   ; ''md5''
   : **Method:** ''md5($password)''   : **Method:** ''md5($password)''
Line 76: Line 99:
   : **Configuration:** n/a   : **Configuration:** n/a
   : **Notes:** This really should only be used for synching to osCommerce prior to v2.3.   : **Notes:** This really should only be used for synching to osCommerce prior to v2.3.
-  ; ''phpass'' 
-  : **Method:** Uses the [[http://www.openwall.com/phpass/|phpass library]] in "portable" mode. (Portable mode is what most systems that use phpass default to.) 
-  : **Configuration:** The configuration value sets the iterations used to instantiate the ''PasswordHash'' class. Defaults to 8, which is what Wordpress and most other systems default to. 
-  : **Supported Systems:** 
-    * [[http://wordpress.org/|Wordpress]] 
-    * osCommerce 2.3+ 
  
   ; ''pbkdf2''   ; ''pbkdf2''
-  : **Method:** Microsoft Identity PBKDF2 implementation+  : **Method:** Microsoft Identity v2 PBKDF2 implementation
   : **Configuration:** Comma separated values for ''iterations'', ''key length'', ''algorithm'', ''salt size''. Defaults to ''1000, 32, sha1, 16''.   : **Configuration:** Comma separated values for ''iterations'', ''key length'', ''algorithm'', ''salt size''. Defaults to ''1000, 32, sha1, 16''.
-  ; ''pbkdf2 (MODX Revolution)'' +  : **Notes:** Returns a base64 encoded string, made up of a concatenated string using ''"\0" . $salt . $hash''. No separate salt is returned, and the hash should be base64 decoded before encoding the concatenated string. 
-  : **Method:** From [[https://github.com/modxcms/revolution/blob/develop/core/model/modx/hashing/modpbkdf2.class.php|MODX Revolution's code]]+  ; ''pbkdf2'' 
 +  : **Method:** From [[https://github.com/modxcms/revolution/blob/develop/core/model/modx/hashing/modpbkdf2.class.php|MODX Revolution's code]]. Note that MODX no longer uses this method.
   : **Configuration:** Comma separated values for ''iterations'', ''key length'', ''algorithm''. Defaults to ''1000, 32, sha256''.   : **Configuration:** Comma separated values for ''iterations'', ''key length'', ''algorithm''. Defaults to ''1000, 32, sha256''.
 +  : **Notes:** Returns a base64 encoded hash, and uses a 32 character long salt
   : **Supported Systems:**   : **Supported Systems:**
-    * [[http://modx.com/|MODX Revolution 2.x]] (default configuration)+    * [[http://modx.com/|MODX Revolution 2.x]] (old default configuration; no longer default)
  
 +  ; ''phpass''
 +  : **Method:** Uses the [[http://www.openwall.com/phpass/|phpass library]] in "portable" mode. (Portable mode is what most systems that use phpass default to.)
 +  : **Configuration:** The configuration value sets the iterations used to instantiate the ''PasswordHash'' class. Defaults to 8, which is what Wordpress and most other systems default to.
 +  : **Supported Systems:**
 +    * [[http://wordpress.org/|Wordpress]] 6.7 and older
 +    * osCommerce 2.3+
   ; ''sha1''   ; ''sha1''
   : **Method:** ''sha1($password)''   : **Method:** ''sha1($password)''
Line 104: Line 129:
   ; ''sha256_salted_suffix'':   ; ''sha256_salted_suffix'':
   : **Method:** ''sha256($password.$salt)''   : **Method:** ''sha256($password.$salt)''
 +  : **Configuration:** The length of the randomly generated salt.
 +  ; ''sha256_salted_prefix'':
 +  : **Method:** ''sha256($salt.$password)''
   : **Configuration:** The length of the randomly generated salt.   : **Configuration:** The length of the randomly generated salt.
   ; ''drupal sha512'':   ; ''drupal sha512'':
Line 110: Line 138:
   : **Supported Systems:**   : **Supported Systems:**
     * [[https://drupal.org/|Drupal]] 7+     * [[https://drupal.org/|Drupal]] 7+
 +  : **Notes:** Beginning in v10.1.0, Drupal uses PHP's standard ''password_hash()'' function, which uses bcrypt, which we support and is detailed below.
 +
   ; ''Webvanta SHA1'':   ; ''Webvanta SHA1'':
   : **Method:** Specific to Webvanta.   : **Method:** Specific to Webvanta.
-  ; ''Craft CMS'': 
-  : **Method:** Specific to Craft. 
-  ; ''Magento MD5'': 
-  : **Method:** For older Magento installations. 
-  ; ''ExpressionEngine'': 
-  : **Method:** Specific to ExpressionEngine. 
-  ; ''BCrypt (with cost)'': 
-  : **Method:** ''bcrypt'' 
-  : **Configuration:** The cost. 
-  : **Notes:** <wrap tip>This is the recommended hashing method.</wrap> It will generate the standard ''$2y$'' crypt format, which is always 60 characters wide. 
  
  
  
-If you need alternate hashing methods please [[http://forum.foxycart.com/|let us know]].+If you need alternate hashing methods please [[http://foxy.io/contact|let us know]].
  
 Once the user creation and synchronization functionality is handled, [[.:sso|Single Sign-On (SSO)]] allows a customer who's already logged into the merchant's site to continue through to checkout with their user already loaded. This prevents users from needing to log in once to a site, then again on checkout. (SSO checkouts require the [[wp>Card_Security_Code|CSC]] to be entered, in order to minimize the risk of a malicious user stealing a cookie and processing an order using saved payment information.) Once the user creation and synchronization functionality is handled, [[.:sso|Single Sign-On (SSO)]] allows a customer who's already logged into the merchant's site to continue through to checkout with their user already loaded. This prevents users from needing to log in once to a site, then again on checkout. (SSO checkouts require the [[wp>Card_Security_Code|CSC]] to be entered, in order to minimize the risk of a malicious user stealing a cookie and processing an order using saved payment information.)

Page Tools

Site Tools