Customers With Guest Accounts Can Request Forgoten Password

Description

When a customer checks out without crating an account, a guest account is created for them.
The customer can register at a later date and the original account will be converted to a standard account.

However if a customer forgets they did not actually create an account,they can request a new password via the forgotten password page. The customer will get an email with their reset password however will still not be able to login as the login page ignores any guest account.

As you can imagine this is rather confusing for the customer (and myself after one got in touch with us) as everything appears like they should have an account.

I have two proposed fixes for this;
1. The forgotten password page also ignores guest accounts.
2. The forgotten password page changes a guest account to a standard account if a password is requested.

Fix 1;
Open /catalog/password_forgotten.php
Find around line 25;
$check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
Change to;
$check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where guest_account='0' AND customers_email_address = '" . tep_db_input($email_address) . "'");

Fix 2;
Open /catalog/password_forgotten.php
Find around line 32;
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_db_input($crypted_password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");
Change to;
tep_db_query("update " . TABLE_CUSTOMERS . " set guest_account='0', customers_password = '" . tep_db_input($crypted_password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");

Environment

None

Steps to reproduce

None

Assignee

Giles Marshall

Reporter

Scott Murphy

Labels

None

Severity

Minor

Components

Fix versions

Affects versions

Priority

Configure