The default web pages support password verification for visitors/guests logging in to make an online purchase. The following settings need to be in the site config file for this to occur (only edit the portion between the double-quotes that follows value=):

 

Site Admin Panel > Guest Related Settings > VerifyField > value = passwords

Site Admin Panel > Guest Related Settings > VerifyPrompt >value = Passwords:

Site Admin Panel > Guest Related Settings > 1PWEmail > value = 1

 

In addition, you must set (or can modify) the <RegEx> tag in the dynamicControls.xml file, which is the regular expression for validating the user-supplied password. See the Salesware E-Commerce Reference for more information.

Setting the value for VerifyField to passwords forces visitors/guests to enter their password before proceeding with a web purchase. This happens when performing a guest lookup using the Guest Lookup link, when attaching an existing guest to an item in the shopping cart and when changing the web purchaser on the Checkout.aspx page.

A guest’s web password is encrypted and saved in the passwords field of the guest record. It is not viewable in plain text anywhere. Guest passwords are changed and removed on the Web tab of the guest edit form in SysManager.

When a visitor/guest without a password or a guest who has forgotten his password gets to the GuestSelected.aspx page where he is prompted to enter his password, he can click on the link I forgot my password/I don't have a password. He then, is redirected to the ResetPswd.aspx page where he is instructed to click the Reset my password button. What happens next depends on what value you have for the key 1PWEmail. Setting this value to 1 uses the single e-mail method for getting a new password to the guest, while setting the value to 0 maintains the original two e-mail approach.

If you elect to use the single e-mail approach, you can adjust the wording on the ResetPswd.aspx page to let the guest know that after clicking the Reset my password button he receives an e-mail (using the PasswordReset2.txt template) with his new randomly generated password. He can either click on a link in the ResetPswd.aspx page to log-in with the new password or click on the link in the e-mail to log-in with the new password. At this point he can edit his guest record to change his password to something he can more easily remember (provided you have included password as one of the values for the GuestEditRows key).

If using the two e-mail approach to password resetting, again you can adjust the wording on the ResetPswd.aspx page as appropriate. When clicking the Reset my password button, the guest is sent an initial e-mail (using the PasswordReset1.txt template) letting him know that a request has been made to reset his password. The e-mail contains a link allowing the guest to reset his password by clicking this link. When the link in the e-mail is clicked the password is reset and the guest sees the ResetPswd.aspx page opened in a new browser window. The page notifies the guest that his password has been reset and that he receives a second e-mail (using the PasswordReset2.txt template) shortly with the new password. Once he has his new password, he can either click the link in the ResetPswd.aspx page to log-in, or he can click the link in the second e-mail to log-in. Once the visitors/guest has logged in with his new password, he can edit his guest record and change his password to something he can more easily remember (provided you have included password as one of the values for the GuestEditRows key).

With either method of password resetting, if a visitor/guest does not have a valid e-mail address in his guest record, he'll either have to call your place of business to update his guest record or you'll have to use a different log-in method until you feel that a sufficient number of your visitors/guests have up-to-date guest records.

See the section Setting up E-Commerce e-mail for instructions on editing the text in the two password resetting templates (PasswordReset1.txt and PasswordReset2.txt) and using HTML formatted templates.

The value used for the <RegEx> tag in the dynamicControls.xml file is a regular expression that is used to validate the password. The default regular expression can be replaced with another regular expression if you so choose. If you decide to replace the default regular expression, it is advised that you perform thorough testing of the expression before going live with it on your web site.