First question is: When "Guest's" create an account, is the password Encrypted ?

Example: osCommerce catalog front page, Guest create an account. In this process an account is created, and when
returning, just typing in email address and password.
is this password encrypted ?


Second Question is: How do I create an Encrypted password
automatically and store to the data base for that user ?

Example: I am looking at having multiple accounts that are NOT for Commerce, or not just purchasing items on a commerce site. This will be more of an on going service to many. So I need to create the accounts with Encrypted Passwords with out my intervention.

Reason: As recent laws dealing with doing business with clients in California require encrypted passwords, or the site owner will need to notify every person on their system if the system is breached. Leaving the site owner (me for my pages) liable !

Any help would be greatly appreciated.


Thanks

Steve

The password is encrypted using an MD5 hash function and a randomly generated salt. This is a one-way hash - there is no way to reconstruct the password without brute-force "try all combinations".

All the code for creating the accounts, including hashing the password, is in the sources. It's just a SMOP (Simple Matter Of Programming) to use these to add accounts based on a list.

Note that if you use the osc option of accepting credit card numbers for manual processing. the CC number is stored, by default, unencrypted in the database. If you use a payment service, then the CC number isn't stored in your osc database, as far as I know.

I am more concerned with passwords for users to
my site. I will be storing their passwords and
usernames in a database, and I will need to
encrypt their passwords. I have not yet
seen the methods in the sources. If you
say its there I will find it. I have many hours
of other stuff to do first.
Thanks for your reply.