You can set a % discount for each customer if you wish. This will apply a % discount to the value of all items within the order, excluding shipping, handling and any other costs. This is in addition to any customer group discount applied so care should be taken to not give double-discounts inadvertently.

In Kartris, passwords are hashed for additional security. This means that the raw password is not stored in the database; instead, a function called a 'hash' is used to scramble the password, and this scrambled value is stored. When a customer logs in, the password they give is also scrambled and then compared to the stored scrambled password to make sure they match.

Because the raw password is not stored, the system cannot send the password to the customer as a reminder because the hash is not reversible. Similarly, you cannot find the password of a customer or an admin from the back end, or even by looking directly into the database.

Therefore if a customer loses or forgets their password, it must be reset. There are two ways to do this (1) the store owner can change any customer password from the back end (2) the customer can request a password change from the front end.

In the first case above, you should always be careful when customers request a password change on the telephone or by email that you are absolutely 100% sure that the customer is the genuine owner of the account.

In the second case (online request to change password), the customer will be sent a link to the email address of their account that is valid for a limited period (1 hour) and that will allow them to reset their password.

There is no way for a customer to change their own email address in Kartris. The email address is assumed to be unique, and therefore we use this as the username. To avoid various issues with changing email addresses (including verification of the new account to ensure that its owner accepts the change and the problem of existing accounts), we have made changing email addresses a back-end only feature at present. If a customer needs to change their email address, then their only option is to contact the store owner so that an admin can change it for them.

The Kartris back end will check that the email address is not already in use (you cannot have two accounts with the same email), but it will not check that the owner of the new email address consents to the change (i.e. that the person making the change owns the new account), or that someone requesting the change (by telephone or email) is actually the owner of that account.

For security reasons, you should always be careful when customers request an email address change that you are absolutely 100% sure that the customer is the genuine owner of both email accounts. The best way is to write to both the old and new addresses separately and get a reply from both (a reply that includes your original email text). It is vital that you don't inadvertently hand control of an account to a third party due to lax security procedures. Although they could not access credit card data, they would be able to access personal details such as address and phone number as well as order history.

Most payment gateways have a setting 'AuthorizedOnly'. If checked, this means that only customers whose accounts have the 'Approve for special payments' box checked will see this payment option at checkout. This is most commonly used for payment methods you may want to restrict to trusted customers, such as 'PO_OfflinePayment' (where a customer can order goods without a credit card and the invoice is sent to them for payment later).

If the 'AuthorizedOnly' box for a payment method is not checked, then this payment option is available to all users.

If the 'AuthorizedOnly' box for a payment method is checked, but the user is not approved for special payments, they will not see this option at checkout.

When an account is created, Kartris will store the current language in the account record so that it can be used for any communications later. It is also useful to know the preferred language in case you need to contact a customer about something.

This determines whether the user has requested to become an affiliate or not (they can do this from a link in the 'my account' section on the front end). You can approve an affiliate by giving them a % commission above zero.

Kartris operates a strict 'opt-in' mailing list. This requires not just that someone sign up to the mailing list (including by clicking a link in the 'my account' section or checking a box during checkout), but also that they respond to the confirmation email that is sent automatically, by clicking the link within it.

Over the years that we have produced e-commerce software, some customers have queried the need for the extra confirmation step, as they feel it reduces the number of sign-ups on the list. While it does indeed do this, the reason is clear: to prevent the addition of addresses by people who don't own those addresses (either accidentally or maliciously).

For example, I could sign up an email address of someone with a very similar email address to mine by accident. But I would not then receive the confirmation link, and so could not click it to confirm the address. Consequently, this bad address would not be added to the mailing list.

Your web host will not tolerate you continuing to mail to a list which has generated spam complaints because some addresses turn out to belong to people who were added without their consent, especially once they find it is because you did not confirm addresses properly. In such cases, the whole list is tainted. While 99% of the addresses might be genuine, you have no way of knowing which ones are not, and will have no choice but to discard the whole list and start again using proper opt-in confirmation.

So there is nothing to be gained from not using opt-in confirmation, because it is only a matter of time before you'd be forced to discard a tainted list and start from scratch with it.

The mailing list details are stored for reference, so that if asked by your host, you can provide the sign-up date/time and IP, and confirmation date/time and IP for any email address. You can also provide proof that your system is coded to ensure only confirmed opt-in can be used.

We don't provide any built-in tools to send to the mailing list. Proper mailing list management should use a dedicated mailing program that has the facility to parse bounce messages (as well as remove requests) to determine which email addresses should no longer be contacted.

The mailing list can be exported from Kartris using the 'custom exports' feature - 'Configuration > Database Admin > Data Export > Saved Exports'.

Powered by tomeCMS