Customers Can't Login

[mmckinn]

Check this PHP configuration setting:
1. Admin->Tools->Server Info ... Press CTRL+F to "search the page" and search for session.hash_bits_per_character
2. If session.hash_bits_per_character is set to 6, then you'll need to apply this fix: http://www.zen-cart.com/showthread.p...02#post1270902

Ok. I checked that. It is set to 4.

[LindeeG]

Zen Cart 1.5.1
Server OS: Linux 2.6.18-404.el5PAE
PHP Version: 5.2.17 (Zend: 2.2.0) PHP Memory Limit: 64M
Database: MySQL 5.0.96-log
HTTP Server: Apache
Hosted on GoDaddy

This has been an on-going problem for several years and several versions with my cart as well. I was hoping that upgrading to 1.5.1 over a year ago would solve the problem but it hasn't.

Customer tries to log in, it says they've entered the wrong password or email. They request a new password, it never comes. Then they email me for help.

Recreate sessions is False and session.hash_bits_per_character is 5.

My "fix" has been to go into their account, set their email to mine, request a new password (which always comes), then set their email back and email them the password. I can ALWAYS log in with either their email or mine with the new password but sometimes they still can't. I've had them reset cookies. Some of them have another computer that will work. It doesn't seem to matter if Mac or Windows or what browser or OS. It doesn't matter how tech savvy they are.

I don't want to delete their account because it stores all their digital download orders.

Site url: http://lindeegembroidery.com/shop/

So my questions are:
1 why don't they receive a new password?
2 why can't they log in?
3 how do I fix it without deleting their account?

Lindee

[lhungil]

Zen Cart 1.5.1
Server OS: Linux 2.6.18-404.el5PAE
PHP Version: 5.2.17 (Zend: 2.2.0) PHP Memory Limit: 64M
Database: MySQL 5.0.96-log
HTTP Server: Apache
Hosted on GoDaddy

...

Customer tries to log in, it says they've entered the wrong password or email. They request a new password, it never comes. Then they email me for help.

...

My "fix" has been to go into their account, set their email to mine, request a new password (which always comes), then set their email back and email them the password. I can ALWAYS log in with either their email or mine with the new password but sometimes they still can't.

...

So my questions are:
1 why don't they receive a new password?
2 why can't they log in?
3 how do I fix it without deleting their account?
...

1) Where is YOUR email account hosted? Are you using SMTPAUTH (highly recommended w/ TLS)? Does your email provider use SPF and / or DKIM (and are they configured correctly)? Is your email hosting provider on any email BLACKLISTS? Does your email hosting provider have any limitations (such as number per minute, number per week, blocked hosts, etc)? Have you read this article?

For most of my clients once the email server and Zen Cart email configuration is correct (all use SMTPAUTH), the only time the resets fail are: when the customer entered the wrong email address (either when creating the account or requesting the reset) or the email was rejected by the client's email filters (such as SPAM).

2) Wrong email or password message: Usually this indicates exactly that. The customer entered the wrong email address or password. This can also occur after the customer has filled out "forgotten password" (until they enter the new password from the email). Often I find this is a case of the customer trying to do a copy / paste and including an extra space (" ") before or after the password or email address.

Have also seen this caused when a customer's computer: was infected, had a BHO (Browser Helper Objects) installed which interfered with Zen Cart's cookies (and Zen Cart's sessions), or had a "password manager" installed / enabled (with wrong credentials). This can in rare cases be caused by a BHO from an antivirus / internet security product (some are a little overaggressive with blocking private information such as email addresses or blocking / scrubbing cookies).

Considering this always works for you (even when they claim it does not for them), most likely there is an issue with the customers computer or internet connection (such as the items mentioned above). There may be some other variables / causes, but those are the usual suspects.


Handling on a Case By Case Basis
Your current workflow should work just fine. Another alternative would be to install and use "encrypted master password" (lets you log in as a customer, change password, log out). Kinda overkill for the situation IMHO, but works well.



NOTE: The memory limit seems a little on the low side and I'd also recommend against staying with PHP 5.2 (if not already on a GoDaddy cPanel website upgrade -- or switch to a different hosting provider). Zen Cart 1.5.4 includes many bugfixes and enhancements (and will run under currently supported versions of PHP). You may want to peruse the known bugs (and fixes) for Zen Cart 1.5.4 and also for other versions. An upgrade is something I would start planning NOW (upgrade should be performed on a development site - separate from the live site). Always better to take care of security and upgrades on your schedule before a site stops working or is compromised.

[lat9]

Handling on a Case By Case Basis
Your current workflow should work just fine. Another alternative would be to install and use "encrypted master password" (lets you log in as a customer, change password, log out). Kinda overkill for the situation IMHO, but works well.

Just a clarification on the Encrypted Master Password operation; it allows you to log into a customer's account but does not support you changing the customer's password.

[lhungil]

Just a clarification on the Encrypted Master Password operation; it allows you to log into a customer's account but does not support you changing the customer's password.

Whoops, I thought one could log into a customer's account and then go to "My Account" and change the customer's password... My bad! Perhaps this one might be more appropriate.