README

As Granny Weatherwax once said, I aten’t dead!

Well, looking at the site you would be forgiven for thinking that I was, or at least that this project was.

I may have abandoned or at least neglected this project for a while, but I do fully intend to return to it.  I have changed jobs and eCommerce is pretty much all I do during my day job now.  A lot of which is Magento, which is a wonderful system if you want what it offers.  This project though (YiiCommerce) still has its place and I fully believe it can be a great platform for eCommerce with a great founding and perhaps some unique features you won’t find in any other eCommerce solution.

If I have not got any further with this project by the next Hackday in my city I will be using the full 24 hours to get the project rolling again, but with a bit of luck and a following wind, I will return long before then.

Don’t give up hope, there is still a place in my heart for YiiCommerce.

Note about passwords :-

YiiCommerce tries to authenticate customers and admins using hashing in the following order :-
* New osCommerce style - phpass but by default NOT portable libraries - phpass will read portable hashes but as we require 5.3 for yiicommerce, new passwords will be stored in the most secure way first (i.e. BLOWFISH)
* Old osCommerce style - salt + password, separated by a colon. it starts with md5, then sha1, then sha256 - I'm not aware of any patches that use anything other than md5 but if there is and it's not on that list, the UserIdentity class can be altered. 
* Plain sha1 - password unsalted - useful for adding yourself into the db
* Plain md5 - password unsalted - also useful for the above reasons.

The system will by default automatically update anything less than a phpass password to the latest password on successful login.

Note that admins have usernames without an @ symbol and and customers have logins of their email address