Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

E-Commerce Modules /

Discuss about the various e-commerce modules available:
Ecommerce, SS Shop, SilverCart and SwipeStripe
Alternatively, have a look the shared mailinglist.

Moderators: martimiz, Nicolaas, Sean, Ed, frankmullenger, biapar, Willr, Ingo, Jedateach, swaiba

anonymous purchase - removing the need for a password

Go to End

4 Posts   1857 Views


Community Member, 187 Posts

20 September 2009 at 6:20pm


I want to remove the password field from the e-commerce module but I not sure where they are being generated. Can anyone help? I am aware the user can type in anything but they cause confusion in the order process where I don't need it.




Community Member, 10 Posts

23 September 2009 at 1:51am

Look in OrderForm.php, make username and password feilds hidden and set a random password. Do auto login. But you may want to disable the account page that lists users editable details. Check if user exists and get passowd if user exists.

This is just a quick work around. May want to think about how to make it secure without user login.


Community Member, 187 Posts

24 September 2009 at 11:26am

Thanks Neonfrog. That worked well. I had already removed the account access as I say, these are really anonymous sales of services.Tell me if I have missed something but if they don't need to log in to the account section there is no real need to collect passwords?




Community Member, 70 Posts

26 October 2009 at 7:13am

Just one point here.

You aren't actually doing an anonymous purchase - you are creating the a/c without the user having to put in a username and password.

The danger here is that the same customer, coming back to purchase again will be unable to complete the process as their username (email) already exists, but they don't know this/don't have a password etc.

I haven't tested this, but I am pretty sure that is how it works.