Remove the Password in osCommerce

By | April 24, 2009

When a person elects to buy from your shop the first time, they are presented with a “create_account” page, on which they fill out some details about themselves. For years I’ve been teaching people to rename this page, and simplify it.

It’s frightening for a potential buyer to have to give so much information, I think. So, you can easily change the words “create account” to “your details for delivery” or somesuch. You can also remove some of the fields that are not needed (such as date of birth, fax number and others).

How about removing the password fields?

Doing this make the whole page less intimidating, and is very easy to do…

Step 1. Open up create_account.php

Find this:

[php]$password = tep_db_prepare_input($HTTP_POST_VARS[‘password’]);
$confirmation = tep_db_prepare_input($HTTP_POST_VARS[‘confirmation’]);[/php]

Change to:

[php]$password = tep_create_random_value(10);
$confirmation = $password;[/php]

Here we are saying, set the password to a random value of 10 characters, and set the confirmation the same!

Step 2: In the same file

Find this:


This creates the “welcome email” that is sent to the user. We need to add in a short message here to tell them what their new password is. So change it to:

$email_text .= sprintf(EMAIL_PASSWORD, $password);[/php]

I have used a new text definition called “EMAIL_PASSWORD”, so this must be added to the language file…

Step 3: Add the definition to the create_account language file

Open up /includes/languages/{language}/create_account.php and add this:

[php]define(‘EMAIL_PASSWORD’, ‘Your password for all future orders is %s – please keep this password safe!’);[/php]

Step 4: Back to create_account.php

Remove the password and confirmation input box by finding this:


‘ . ENTRY_PASSWORD_TEXT . ‘‘: ”); ?>


Simply remove it all.

DONE! Now there is no password input boxes. The password is automatically created and emailed to the new client in the “welcome email”.

Going further

What you could now do is log the new customer off, and force them to check their email in order to get the password to log in. This might be a step too far, but I’ll show you the basics of how to do it;

Step 5: Redirect to logoff.php

In create_account.php, find this:

[php]tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, ”, ‘SSL’));[/php]

Change to:

[php]tep_redirect(tep_href_link(FILENAME_LOGOFF, ”, ‘SSL’));[/php]

On the “log out” page you will need to have a message saying “check your email to log back in”. I’ll cover that in a future post.

This could be a good way of weeding out buyers that are not really buyers, and those who insertt fake email addresses.

5 thoughts on “Remove the Password in osCommerce

  1. Adam Gersbach

    That’s a great tip which is sure to enhance the user experience. I think it will be really worth taking that extra time to do this for future clients.


  2. Rob

    Hi and thanks for a great tip..

    Is it possible to display the password in the order confirmation mail? Ive tried but Im not very good with php..

    Thanks again..

  3. Gary Post author

    Why would you want to show a password in a order confirmation email? I see no good reason. The blogpost shows how to do it in the welcome email, use the same idea for the confirmation email.

Leave a Reply

Your email address will not be published.