Closed (duplicate)
Project:
Commerce Checkout Login
Version:
7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
25 Feb 2012 at 04:33 UTC
Updated:
10 Sep 2015 at 10:00 UTC
Jump to comment: Most recent
Comments
Comment #1
IckZ commentedsubscribe++
Comment #2
Robin Millette commentedDuplicate of #1425148: Make password field required
Comment #3
versatil commentedI don't think this is a duplicate.
The Issue @ http://drupal.org/node/1425148 is specifically for requiring the password field for existing users. Not only was that implemented there, it was also implemented arguably better in the patches provided by Tommy Kaneko here: http://drupal.org/node/1414608
I believe kevin.klikka is asking why aren't the password fields made available for account creation purposes. By default the password is blank and an e-mail is sent out via a default Rule/Action with a one time login link. (See: Accounts created with "Create new accout for anonymous order" Checkout rule have blank password.)
I'd be interested but I'm okay with the one time login in the meantime.
Comment #4
versatil commentedOkay so I needed to implement this but I can't make a patch atm because my code is all over the place for all the features I was trying to implement (very hack-like).
It took me a while to figure out how to even do this, the idea is add password fields and leave them somewhere for people to apply during their business logic. Being new to Drupal I had no idea how to do this, why form hooks weren't working, etc.
I figured we can make an invisible Pane that has its own checkout_form callback that looks up the account details, the password would have to be saved in the Commerce Order's data serial (should it be removed after business logic is executed)?
I don't have time to clean up, put stuff into callbacks, etc. and make a patch, on a very tight deadline, just wanted to share for those who might be in a similar position:
after the secondmail patch (http://drupal.org/node/1442494#comment-5609926)
validation functions (FULL CREDIT to Logintoboggan module):
Put the following action in the "Create a new account for an anonymous order" before Save Entity (note you may have to enable PHP Evaluation/Code in your Modules to have PHP as an action, cannot use Set data value as User Entity isn't provided a "pass" (for good reason I bet!)):
i would have liked to somehow respect whatever system for user registration... but i dont have time for all that and just came across logintoboggan in the process. i wouldnt have any idea where to start lol.
good luck!
if I have time (unlikely in the next 2 weeks) i'll come back and try to offer a patch or something
edited: April 4th 2012 7:30AM EST,
- use password_confirm form element so it does the password strength checking in javascript in realtime, there's a new function after_build and the pass2_validate is removed, no use for it as Drupal does this natively now.
- also changed the form_submit function, dunno how I had it working when I said !empty($user->uid) ... that would be FALSE when there is no user logged in...
- seems I forgot to post the Rules Action snippet
Comment #5
yanniboi commentedThanks versatil!! I really need this right now..
I'm working on a File Download based commerce site and atm anonymous users that don't check their emails don't know why they can't see their files... duh!
Not really ever done any coding work before, but I'm gonna have to start at some point so I'l give it a try and then post how well I got on.
Comment #6
versatil commentededit: check my original comment as i've updated the code
Ah. I spent a good deal of time getting further acquainted with Git before I started up on Drupal again (it has been years). It makes it easier on me because I can make my own code without worrying too much about affecting what the original authors are working on. It wouldn't be easy to figure out how to do that from scratch, could take a few hours, maybe a few weeks to get it all sorted out, but it's an investment that pays for itself.
As for coding... yeah even as a "coder" I try to stay away from code, but it seems Drupal esp. Drupal Commerce really shines once you're not shy of hacking away at some code. Making a module is super easy, don't know why I shy away from just making modules for customizations instead of trying to get existing modules to do things they weren't designed to do.
anywho, yeah, i'm still figuring things out myself so I would only use the code above if you're like me and seriously pressed for time. i don't know what's right, better, secure, etc. and the above lacks testing. so if things break i can't really support.
Before I worked on the password stuff I made a Rule to automatically log a user in. Probably a very risky thing to do, but from a user experience standpoint I wanted the user to be logged in when he's given links to his order, instead of leading to an access denied page they can see their order. I also made a custom one-time-login-url link that forces a logout as by default Drupal would have had the user's password to blank, so if they were logged in and visited the reset link they would not be able to change their password as they'd have to confirm their current password, which they can't because it's blank (and passwords can't be blank). So the solution I came up with before working on password entry was to have a link that forces logout then takes them to the reset url.
Here's the rules.inc (commerce_checkout_login.rules.inc):
You would add this Rule after you've 1) marked the order as complete, 2) created the new user and applied the Order to the new account (modify the e-mail as necessary!), this Rule relies on the owner of the order and current user being different meaning the order is assigned to the new user but the user is still anonymous (0):
export/import code:
again i bet the above poses serious problems and wouldn't put it in production without review unless you're super pressed for time like myself
Comment #7
yanniboi commentedRight so I've been messing around with the password transfer (from the commerce_checkout_pane to the user account) and I can't seem to be getting it to work. I've read through your instructions and there are two bits I dont understand. Don't worry about trying to explain it all to me because I know you're on a deadline and havn't got the time, but I do wonder what the "includes/commerce_registration.checkout_pane.inc" file does/why you edited it out.. It seems I'm either not getting the password out of the checkout_pane or the pane itself isn't getting the data.
It doesn't help that I'm not really sure how to go about debugging. As far as time is concerned, I definitely would rather be working on this (because its cool!) but I'm thinking if I could just find a way to get logintobbogan to redirect unauthenticated users to sign in before allowing them to proceed with checkout that would do the trick (for now....)
Any ideas? (do you IRC?)
Comment #8
versatil commentedThe commented out file key is because I probably borrowed the pane stuff directly from somewhere else and there was no need for a whole file to refer to. I'm not exactly sure how the file key works probably Drupal refers to that file for functions related to that pane.
The way it works is that it saves the password as part of the order data, so you have to use a Rule action (Configuration->Workflow->Rules) to extract that data and apply it to the new user. Here's the modified version of the existing Rule:
You should be able to use Rules for that. E.g. using the events Before Add to Cart, After Add to Cart, something like that, check if the [site:current-user]'s uid is 0, if it is then redirect to the login page with a message (both should be under the System optgroup). Actually, without all the password stuff I added that's how the checkout should work, you get to the checkout page and you can't proceed unless you login first.
I just want to minimize the steps it takes for the user to get from the product to the purchase, even though my employer really wanted to enforce login, I decided to cut out a whole part of the project to get the user creation stuff above working. Unfortunately using the Auth.net module for DC required I had to have another page for the credit card form. The cc info doesn't get saved anywhere (good thing, we don't want to have anything to do with your cc info) so there's no way to carry it through a Review page, i.e. it gets processed immediately even while you're login stuff is trying to sort itself out. That's a major recipe for disaster, but pushing it to a review page was all that really could be done.
Another thing if you're like me and new to all this is that... when the user logs in... even if all you have is one link on the site... if they log in and see their user page instead of the product or service they were looking for... they might still manage to miss it. It's incredible. But that's what happened. Repeatedly. I was afraid to play with login redirect rules because I didn't know if it would affect this Checkout Login module and I didn't really have time to look into how to change the landing page when a user logs in.
Just sharing some of my experiences, might save others time/headache.
Comment #9
versatil commentedNope. Should I? It's been forever since I've used it, but if it's an excellent resource for drupal devs then I'll have to look into it. I have like no chat applications, maybe 1 but just for ease of us in office between machines/colleagues (sending links and stuff).
Comment #10
marcoka commentedletting them directly set a password? what if that is disabled and the password is mailed, confirmation link?
Comment #11
brianlp commentedIs there any update on this? I couldn't get it to work, there is no password field showing up. :(
I'd be more than happy to have a sreamline checkout process since I get a considerable amount of negative feedback from my download site. People are used to get easy access to their stuff.
Comment #12
luksakWe should try to get this fixed...
The code posted #4 is not the proper way.
Why do we need this password validation code? This could be handeled by Drupal Core, right?
We have to take Drupal Core user account settings into consideration as mentioned in #10.
Someone with the required knowledge about security has to review this: Is the password being removed from the form data saved to the database?
Comment #13
luksakanyone?
Comment #14
jennypanighetti commentedNobody has managed to implement this cleaner?? This seems like SUCH an important component to a working Drupal site...
Comment #15
mrpeanut commentedI'd really like to see this implemented as well. For now, I have created an extra pane with a simple Boolean checkbox for "Create account." If they check that, then Rules sends the "Create a new account" mail.
If they don't check it, then the rule doesn't fire. Not very pretty, but it essentially achieves the same result.
Comment #16
Horroshow commented+1
It would be a good workaround for the one time login URL problem (see links below). It would help the user set a password instead of emailing them a link.
Ideally it would have to work with CAPTCHA to avoid spammer.
http://drupal.org/node/1430694
http://drupal.org/node/1289898
https://drupal.org/node/2076647
Comment #17
Horroshow commentedIs there an update on this issue? Thanks guys.
Comment #18
Stathes commentedok so this module doesnt provide any out of the box way to login in anonymous users? This post has a picture of literally the exact functionality and points to this module? Am i missing something?
https://drupalcommerce.org/extensions/sandbox/project/commerce-checkout-...
Comment #19
capfive commentedStathes that is a sandbox project that adds on the functionality to this module, would probably be brought out as a submodule when it is completed, you should download it and then report in that thread if it is working or not to help speed the process of launching it :) that's what i am doing right now.
This functionality needs to be implemented!
Comment #20
capfive commentedJust a quick update, that modules works VERY well https://www.drupal.org/sandbox/purushothaman.drupalgeeks/2115745 I think there is a solution that is coming :) everyone should help these guys out and get it into dev/production!
Comment #21
legolasboThe last patch (#60) in #2009986: Add capability to require login for existing and new users solves this problem and I will therefor close this as a duplicate.