Remove the Password in osCommerce

When a person elects to buy from your shop the first time, they are presented with a “create_account” page, on which they fill out some details about themselves. For years I’ve been teaching people to rename this page, and simplify it.

It’s frightening for a potential buyer to have to give so much information, I think. So, you can easily change the words “create account” to “your details for delivery” or somesuch. You can also remove some of the fields that are not needed (such as date of birth, fax number and others).

How about removing the password fields?

Doing this make the whole page less intimidating, and is very easy to do…

Step 1. Open up create_account.php

Find this:

[php]$password = tep_db_prepare_input($HTTP_POST_VARS[‘password’]);
$confirmation = tep_db_prepare_input($HTTP_POST_VARS[‘confirmation’]);[/php]

Change to:

[php]$password = tep_create_random_value(10);
$confirmation = $password;[/php]

Here we are saying, set the password to a random value of 10 characters, and set the confirmation the same!

Step 2: In the same file

Find this:


This creates the “welcome email” that is sent to the user. We need to add in a short message here to tell them what their new password is. So change it to:

$email_text .= sprintf(EMAIL_PASSWORD, $password);[/php]

I have used a new text definition called “EMAIL_PASSWORD”, so this must be added to the language file…

Step 3: Add the definition to the create_account language file

Open up /includes/languages/{language}/create_account.php and add this:

[php]define(‘EMAIL_PASSWORD’, ‘Your password for all future orders is %s – please keep this password safe!’);[/php]

Step 4: Back to create_account.php

Remove the password and confirmation input box by finding this:


‘ . ENTRY_PASSWORD_TEXT . ‘‘: ”); ?>


Simply remove it all.

DONE! Now there is no password input boxes. The password is automatically created and emailed to the new client in the “welcome email”.

Going further

What you could now do is log the new customer off, and force them to check their email in order to get the password to log in. This might be a step too far, but I’ll show you the basics of how to do it;

Step 5: Redirect to logoff.php

In create_account.php, find this:

[php]tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, ”, ‘SSL’));[/php]

Change to:

[php]tep_redirect(tep_href_link(FILENAME_LOGOFF, ”, ‘SSL’));[/php]

On the “log out” page you will need to have a message saying “check your email to log back in”. I’ll cover that in a future post.

This could be a good way of weeding out buyers that are not really buyers, and those who insertt fake email addresses.

Lack of Action

I must apologise for the lack of action in the blog recently. Been far too busy in real life as well as having to have a day in hospital.

If you don’t already follow me on Twitter, you should do (search for oscommerce_pro). It’s perfect for short soundbites which are easier to keep updated when I am out and about.