Programmatically Created Magento Accounts Unable to Login

Published by John on August 23, 2018 Under Magento

Recently, one of my web design clients reached out to me because they noticed users were no longer able to register on their website. They use Magestore’s SocialLogin plugin and they were getting an error that the customer email was missing when using the register option within the plugin.

After some debugging, I determined that the issue was not related to any issue with the SocialLogin plugin, but rather a change their SEO team had suggested, which was to add a trailing slash to all URLs. As a result of this, the account creation POST request was getting redirected and loosing all the posted values. I did a quick update to this and after that, the register functionality started working and the account was created, however customers created using the plugin were unable to login.

The plugin, including logins, was working on their development site and I noticed that on the live website, if I updated/saved the user’s password in the adminhtml backend, the customer would then be able to login on the front end of the website. So, I realized it must be something to do with how the account was being created within SocialLogin.

After a bit more digging, I determined that their dev site hadn’t received the recent Magento security updates, which made changes to cookies, sessions, and a few other customer related issues. It turned out, the SocialLogin code needed to be updated to add the new(ish) Password Created At field to the customer record. After this, the login worked, both immediately after account creation and also upon subsequent logins.

The Problem

Customers created via the backend ADMINHTML section of Magento, along with the the default /customer/account/create/ page were able to login as suspected.

However, customer accounts created programmatically, in this using Magestore’s SocialLogin plugin, but also probably in other ways, were not. Instead, these accounts did not generate an error during login, but instead just got redirected to Magento’s login page with out error.

The Fix

In this case, the fix was to add setPasswordCreatedAt(time()) to the createAccAction() function in app/code/local/Magestore/Sociallogin/controllers/PopupController.php. The new code looks like this:


            $customer = Mage::getModel('customer/customer')
                ->setFirstname($firstName)
                ->setLastname($lastName)
                ->setEmail($email)
                ->setPassword($pass)
                ->setConfirmation($passConfirm)
                ->setPasswordCreatedAt(time());

I imagine this probably applies to other plugins or code that create users programmatically as well, so the above may look a bit different, but basically the fix is to set the Password Created At time to the customer record:


$customer_data->setPasswordCreatedAt(time());

We are checking now to see if there is an updated version of the Sociallogin plugin and getting/installing that, so we can remove the mod I made to fix it.

Update: My client just confirmed that the Social Login plugin is no longer supported by Magestore and the latest version they have available does not include the above fix.


No Comments |

Add a Comment