COWOA (for ZC v1.5.x)

[DrByte]

Email addresses should not be treated as case-sensitive.

[Limitless]

For the very same reasons why passwords are case sensitive.. Makes the login/username harder to guess..

That is silly. Email addresses are not case sensitive in the 'real' world. Unless someone wants to petition for a change to RFC 5322 and RFC 6531.

User names in Windows (local and directory/domain based) are not sensitive because it would allow duplicate users (potentially), same with case sensitive email addresses.

[email protected] would be a 'different' user than [email protected], yet on the internet both would be delivered to the same place, so I could then reset [email protected]'s password using the user [email protected] credentials.

[bbarasa]

Can I turn off/skip shipping page?

Now that I have COWOA working, I'm having trouble customizing the checkout process. I am using this for a conference registration. Nothing will ever get shipped, so I don't think users should have to fill out a shipping page. It won't make any sense to them. The "products" are set up as virtual products and to skip shipping page but COWOA is taking user to shipping info page first. I can't find any way to turn this off.

[countrycharm]

Can I turn off/skip shipping page?

Now that I have COWOA working, I'm having trouble customizing the checkout process. I am using this for a conference registration. Nothing will ever get shipped, so I don't think users should have to fill out a shipping page. It won't make any sense to them. The "products" are set up as virtual products and to skip shipping page but COWOA is taking user to shipping info page first. I can't find any way to turn this off.

Yes go to your admin/catalog then click on the Categories/Products an tick the box that says ( Yes, Skip Shipping Address )

[countrycharm]

Ummm I'm not sure this is broken or a bug at all.. I believe the case sensitivity of logins (customers and admins) is a part of Zen Cart v1.5's new security model.. I would suggest confirming this with Dr Byte before "fixing" it.. If I am correct, then clearly it's not a good idea to change this and simply you should educate your customers instead.. Even if I am not correct this would be my suggestion anyway as it's better security anyway.. an on-screen message would do the trick..

I agree with you 100% Diva on it been more secure this way, but as Drbyte said Email addresses should not be treated as case-sensitive. In any case I will be looking into how to fix this if there is enough people who needs the Email change to case- insensitive. Any suggestions are welcome.

[DivaVocals]

That is silly. Email addresses are not case sensitive in the 'real' world. Unless someone wants to petition for a change to RFC 5322 and RFC 6531.

User names in Windows (local and directory/domain based) are not sensitive because it would allow duplicate users (potentially), same with case sensitive email addresses.

[email protected] would be a 'different' user than [email protected], yet on the internet both would be delivered to the same place, so I could then reset [email protected]'s password using the user [email protected] credentials.

Ummm you and I are speaking apples and oranges here.. I'm not speaking of email addresses being used on an email server to send email.. If that's what I meant then your response above would make sense..

In a software system, USER NAMES/LOGINS can indeed be case sensitive if the system is programmed as such.. So if you use an e-mail address as a USER NAME/LOGIN in a system where the user name/login IS case sensitive.. then YES [email protected] is not going to be the same as [email protected]..

And I have worked in SEVERAL organizations where logins for systems ARE indeed case sensitive (including corporate systems which use an e-mail address as the user login).

Now you may think this is silly, doesn't make sense, or whatever.. This doesn't make what am saying any less true.. Logins for systems CAN can be case sensitive (yes EVEN IF the login/user name is an e-mail address).. However, going back and forth on this point is moot since this is NOT how Zen Cart's customer login's work..

Email addresses should not be treated as case-sensitive.

The doctor has spoken..

[DrByte]

Hmmmmm. I stand corrected. While as stated earlier I agree that email addresses should be treated as case INsensitive ...

... upon inspecting the code, it seems like the core code for customer login actually does treat it as "case sensitive" ... whether for COWOA or not.
It would actually be more accurate to say: Zen Cart presently tests for an exact match, without translating it to bypass case-sensitivity.

That said, you can expect that to change in a future version ;)

[DrByte]

To make COWOA case-insensitive for the "no-account" customers, you could simply edit the header_php.php for the orders_status page and wrap strtolower() around both variables in the comparison done in:

Code:

  if (isset($_POST['query_email_address']) && $customer_info->fields['customers_email_address'] != $_POST['query_email_address']) {

That might not take into account the use of multibyte characters in your email addresses, but if that's a rarity for your typical customer then it might be moot.

[Limitless]

To make COWOA case-insensitive for the "no-account" customers, you could simply edit the header_php.php for the orders_status page and wrap strtolower() around both variables in the comparison done in:

Code:

  if (isset($_POST['query_email_address']) && $customer_info->fields['customers_email_address'] != $_POST['query_email_address']) {

Thank you!

[Limitless]

Ummm you and I are speaking apples and oranges here.. I'm not speaking of email addresses being used on an email server to send email.. If that's what I meant then your response above would make sense..

In a software system, USER NAMES/LOGINS can indeed be case sensitive if the system is programmed as such.. So if you use an e-mail address as a USER NAME/LOGIN in a system where the user name/login IS case sensitive.. then YES [email protected] is not going to be the same as [email protected]..

And I have worked in SEVERAL organizations where logins for systems ARE indeed case sensitive (including corporate systems which use an e-mail address as the user login).

Now you may think this is silly, doesn't make sense, or whatever.. This doesn't make what am saying any less true.. Logins for systems CAN can be case sensitive (yes EVEN IF the login/user name is an e-mail address).. However, going back and forth on this point is moot since this is NOT how Zen Cart's customer login's work..

The doctor has spoken..

Not to continue this, but what you refer to as an 'email address login' is really a UPN, whether that is really the 'email address' of the user, is irregardless. And 'checking' case sensitivity and HAVING 5 users with [email protected], [email protected], [email protected] and [email protected] is ridiculous and those are NOT email addresses as they would all have mail delivered to the same place. Your security by obscurity just fell apart.

Within ~applications~ on a corporate network, sure, ~programmers~ can require case sensitivity on user names, but if you display that logins MUST BE IN CAPS on the login page, that sort of defeats the argument.

And this IS the place to talk about this, while ZenCart does not use email addresses for logins, my inquiry was related to order status checking with COWOA accounts and that does require using an email address along with order number to verify identity.

*nix systems and their derivatives have case sensitive user names. Windows, Netware and other LDAP based systems do not.