Documentation You are here: start » v » 2.0 » customers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
v:2.0:customers [2020/02/04 05:50] – [Synchronizing Users and Passwords] adamv:2.0:customers [2026/01/15 11:46] (current) adam
Line 15: Line 15:
   * Do not enter a password.   * Do not enter a password.
   * Can enter an email address already used by other guest or saved customer records.   * Can enter an email address already used by other guest or saved customer records.
-  * Cannot choose to save their payment information. (This option is hidden from the checkout if in guest mode.) 
   * Cannot purchase a subscription. (Guest mode as an option is hidden if a subscription is in the cart.)   * Cannot purchase a subscription. (Guest mode as an option is hidden if a subscription is in the cart.)
   * Cannot be retrieved, created or edited via the API.   * Cannot be retrieved, created or edited via the API.
Line 25: Line 24:
 Non-guest customers: Non-guest customers:
   * Must have an email address unique among non-guest customers.   * Must have an email address unique among non-guest customers.
-  * Can choose to save their payment information. 
   * Can be created and edited via the API.   * Can be created and edited via the API.
-  * Can enter their previously used password when returning to a checkout page, or can checkout as a guest (if guest checkout is allowed by the store).+  * Can enter their previously used password when returning to a checkout page, or can checkout as a guest (if guest checkout is allowed by the store) to have their saved information automatically populated on the checkout.
   * Cannot be converted into a guest customer.   * Cannot be converted into a guest customer.
  
Line 56: Line 54:
  
 FoxyCart currently supports the following hashing methods (in alphabetical order, and in PHP pseudocode, using ''$'' to denote a variable, ''.'' to denote concatenation, and a single quote to encapsulate a string): FoxyCart currently supports the following hashing methods (in alphabetical order, and in PHP pseudocode, using ''$'' to denote a variable, ''.'' to denote concatenation, and a single quote to encapsulate a string):
 +
 +  ; ''Argon2id'':
 +  : **Method:** ''argon2id''
 +  : **Notes:** It will use the default configuration options when generating the hash
 +  ; ''BCrypt (with cost)'':
 +  : **Method:** ''bcrypt''
 +  : **Configuration:** The cost, default 14
 +  : **Notes:** <wrap tip>This is the recommended hashing method.</wrap> It will generate the standard ''$2y$'' crypt format, which is always 60 characters wide.
 +  : **Supported Systems:**
 +    * [[https://drupal.org/|Drupal]] 10.1.0+ (use a cost of 10)
 +
 +  ; ''BCrypt (for WordPress 6.8+)'':
 +  : **Method:** ''bcrypt_wp''
 +  : **Configuration:** The cost, default 10
 +  : **Notes:** It will generate the Wordpress specific ''$wp$2y$'' crypt format, which is always 63 characters wide.
 +  : **Supported Systems:**
 +    *[[http://wordpress.org/|Wordpress]] 6.8+
  
   ; ''concrete5''   ; ''concrete5''
   : **Method:** ''md5($password.':'.$salt)''   : **Method:** ''md5($password.':'.$salt)''
   : **Configuration:** The configuration value is the one single salt used for all customer records, since Concrete5 uses a single site-wide salt.   : **Configuration:** The configuration value is the one single salt used for all customer records, since Concrete5 uses a single site-wide salt.
 +  ; ''Craft CMS'':
 +  : **Method:** Specific to Craft.
 +  ; ''ExpressionEngine'':
 +  : **Method:** Specific to ExpressionEngine.
   ; ''joomla''   ; ''joomla''
   : **Method:** ''md5($password.$salt).':'.$salt''   : **Method:** ''md5($password.$salt).':'.$salt''
Line 67: Line 86:
   : **Method:** The hashing methods in the [[https://github.com/kohana/auth/blob/3.0/master/classes/kohana/auth.php|Kohana3 Auth module]].   : **Method:** The hashing methods in the [[https://github.com/kohana/auth/blob/3.0/master/classes/kohana/auth.php|Kohana3 Auth module]].
   : **Configuration:** The Auth module's ''$config['salt_pattern']'' value. FoxyCart defaults to the default value in the Auth module.   : **Configuration:** The Auth module's ''$config['salt_pattern']'' value. FoxyCart defaults to the default value in the Auth module.
 +  ; ''Magento MD5'':
 +  : **Method:** For older Magento installations.
   ; ''md5''   ; ''md5''
   : **Method:** ''md5($password)''   : **Method:** ''md5($password)''
Line 78: Line 99:
   : **Configuration:** n/a   : **Configuration:** n/a
   : **Notes:** This really should only be used for synching to osCommerce prior to v2.3.   : **Notes:** This really should only be used for synching to osCommerce prior to v2.3.
-  ; ''phpass'' 
-  : **Method:** Uses the [[http://www.openwall.com/phpass/|phpass library]] in "portable" mode. (Portable mode is what most systems that use phpass default to.) 
-  : **Configuration:** The configuration value sets the iterations used to instantiate the ''PasswordHash'' class. Defaults to 8, which is what Wordpress and most other systems default to. 
-  : **Supported Systems:** 
-    * [[http://wordpress.org/|Wordpress]] 
-    * osCommerce 2.3+ 
  
   ; ''pbkdf2''   ; ''pbkdf2''
Line 89: Line 104:
   : **Configuration:** Comma separated values for ''iterations'', ''key length'', ''algorithm'', ''salt size''. Defaults to ''1000, 32, sha1, 16''.   : **Configuration:** Comma separated values for ''iterations'', ''key length'', ''algorithm'', ''salt size''. Defaults to ''1000, 32, sha1, 16''.
   : **Notes:** Returns a base64 encoded string, made up of a concatenated string using ''"\0" . $salt . $hash''. No separate salt is returned, and the hash should be base64 decoded before encoding the concatenated string.   : **Notes:** Returns a base64 encoded string, made up of a concatenated string using ''"\0" . $salt . $hash''. No separate salt is returned, and the hash should be base64 decoded before encoding the concatenated string.
- 
   ; ''pbkdf2''   ; ''pbkdf2''
   : **Method:** From [[https://github.com/modxcms/revolution/blob/develop/core/model/modx/hashing/modpbkdf2.class.php|MODX Revolution's code]]. Note that MODX no longer uses this method.   : **Method:** From [[https://github.com/modxcms/revolution/blob/develop/core/model/modx/hashing/modpbkdf2.class.php|MODX Revolution's code]]. Note that MODX no longer uses this method.
Line 97: Line 111:
     * [[http://modx.com/|MODX Revolution 2.x]] (old default configuration; no longer default)     * [[http://modx.com/|MODX Revolution 2.x]] (old default configuration; no longer default)
  
 +  ; ''phpass''
 +  : **Method:** Uses the [[http://www.openwall.com/phpass/|phpass library]] in "portable" mode. (Portable mode is what most systems that use phpass default to.)
 +  : **Configuration:** The configuration value sets the iterations used to instantiate the ''PasswordHash'' class. Defaults to 8, which is what Wordpress and most other systems default to.
 +  : **Supported Systems:**
 +    * [[http://wordpress.org/|Wordpress]] 6.7 and older
 +    * osCommerce 2.3+
   ; ''sha1''   ; ''sha1''
   : **Method:** ''sha1($password)''   : **Method:** ''sha1($password)''
Line 109: Line 129:
   ; ''sha256_salted_suffix'':   ; ''sha256_salted_suffix'':
   : **Method:** ''sha256($password.$salt)''   : **Method:** ''sha256($password.$salt)''
 +  : **Configuration:** The length of the randomly generated salt.
 +  ; ''sha256_salted_prefix'':
 +  : **Method:** ''sha256($salt.$password)''
   : **Configuration:** The length of the randomly generated salt.   : **Configuration:** The length of the randomly generated salt.
   ; ''drupal sha512'':   ; ''drupal sha512'':
Line 115: Line 138:
   : **Supported Systems:**   : **Supported Systems:**
     * [[https://drupal.org/|Drupal]] 7+     * [[https://drupal.org/|Drupal]] 7+
 +  : **Notes:** Beginning in v10.1.0, Drupal uses PHP's standard ''password_hash()'' function, which uses bcrypt, which we support and is detailed below.
  
   ; ''Webvanta SHA1'':   ; ''Webvanta SHA1'':
   : **Method:** Specific to Webvanta.   : **Method:** Specific to Webvanta.
-  ; ''Craft CMS'': 
-  : **Method:** Specific to Craft. 
-  ; ''Magento MD5'': 
-  : **Method:** For older Magento installations. 
-  ; ''ExpressionEngine'': 
-  : **Method:** Specific to ExpressionEngine. 
-  ; ''BCrypt (with cost)'': 
-  : **Method:** ''bcrypt'' 
-  : **Configuration:** The cost. 
-  : **Notes:** <wrap tip>This is the recommended hashing method.</wrap> It will generate the standard ''$2y$'' crypt format, which is always 60 characters wide. 
  
  
  
-If you need alternate hashing methods please [[http://forum.foxycart.com/|let us know]].+If you need alternate hashing methods please [[http://foxy.io/contact|let us know]].
  
 Once the user creation and synchronization functionality is handled, [[.:sso|Single Sign-On (SSO)]] allows a customer who's already logged into the merchant's site to continue through to checkout with their user already loaded. This prevents users from needing to log in once to a site, then again on checkout. (SSO checkouts require the [[wp>Card_Security_Code|CSC]] to be entered, in order to minimize the risk of a malicious user stealing a cookie and processing an order using saved payment information.) Once the user creation and synchronization functionality is handled, [[.:sso|Single Sign-On (SSO)]] allows a customer who's already logged into the merchant's site to continue through to checkout with their user already loaded. This prevents users from needing to log in once to a site, then again on checkout. (SSO checkouts require the [[wp>Card_Security_Code|CSC]] to be entered, in order to minimize the risk of a malicious user stealing a cookie and processing an order using saved payment information.)

Site Tools