Magic Login - Passwordless Sign-in and Google Sign-in

Overview

Passwords are the biggest enemy of your conversion rate. According to the Baymard Institute, 18.75% of shoppers abandon their cart because the account creation process is too complex. Forgotten passwords, reset emails, endless forms — all unnecessary friction that drives your customers away at checkout.

Magic Login eliminates this problem for good. With this module, your customers never need to create or remember a password again. They enter their email, receive a 6-digit code, type it in, and they're done. Or they click "Continue with Google" and are logged in instantly. The experience is the same as Slack, Notion, or Amazon.

Key benefits:

• Zero passwords: login via email code or Google Login in seconds
• Fullscreen mobile-first interface inspired by the Amazon checkout experience
• Automatic login/registration detection — one email field for everything
• Native integration with the PrestaShop checkout — smart redirection
• No modification to the PrestaShop database — 100% reversible
• Multi-store and multilingual compatible (FR/EN included)

Why remove passwords

The password problem in e-commerce

Your customers visit dozens of online stores. They don't remember their password on your site. When it's time to place an order, they're stuck in front of the login form. Some click "Forgot password" and wait for a reset email. Many others simply abandon their cart and go buy elsewhere.

Guest checkout exists to work around this problem, but it deprives your store of valuable customer data and prevents loyalty building. Magic Login offers a third way: account creation is so fast and simple that it's no longer a barrier. The customer gets a real account in seconds, without ever setting a password.

A trend adopted by industry leaders

The biggest platforms have already moved away from passwords as their primary login method. Shopify offers passwordless login natively. Amazon, Stripe, Slack, and Notion all use email verification codes. Google is pushing passkeys and one-click login. Magic Login brings this same modern experience to your PrestaShop store.

Features

Email code authentication

The customer enters only their email address. A 6-digit verification code is automatically sent via PrestaShop's native email system. Code entry is intuitive: six individual fields with automatic focus advancing to the next digit, full code paste support, and mobile auto-fill compatibility on iOS and Android thanks to the autocomplete="one-time-code" attribute. The code expires after 10 minutes (configurable) and the number of attempts is limited to prevent abuse.

One-click Google Login

Native integration with Google Identity Services, Google's latest authentication API. The customer clicks "Continue with Google", selects their account in the Google popup, and is instantly logged in. Their first name, last name, and email address are automatically retrieved from their Google account — no fields to fill in. Google token verification is performed server-side for maximum security.

Automatic login and registration detection

One email field for everything. The module automatically detects whether the customer already has an account or is new. No visible distinction between "Sign in" and "Register" — the experience is identical and seamless. The customer never has to wonder which form to use. This eliminates the common confusion between the two forms and significantly reduces drop-offs.

Fullscreen mobile-first interface

Forget the classic PrestaShop forms surrounded by the header, footer, and theme columns. Magic Login displays a dedicated login page with zero distractions. A clean, centered design, your store logo, and only the elements needed for authentication. The entire interface is designed mobile-first: large touch-friendly buttons, readable text, generous spacing. The experience is reminiscent of the Amazon checkout or Stripe authentication.

Smooth transitions with no page reload

All steps — email entry, code entry, profile completion — happen via AJAX with smooth CSS animations. No page reloads, no interruptions. The browser's back button works naturally between steps thanks to browser history management. Everything is built with jQuery for maximum compatibility with PrestaShop themes.

Smart checkout redirection

When a non-logged-in customer clicks "Place order" from their cart, they are automatically redirected to the Magic Login page with a contextual message: "Sign in to complete your order". After authentication, they are sent directly back to the checkout with their cart intact. PrestaShop then displays the "Addresses" step directly, since the customer is now logged in.

Progressive profile completion

New customers provide their first and last name only after verifying their email address. This reduces the number of visible fields at the initial step to just one — the email — and significantly decreases registration friction. Profile information is requested in a dedicated, clear, and quick step.

Guest checkout deactivation

Configurable option to automatically disable guest checkout when the module is active. With Magic Login, account creation takes less than 30 seconds — guest checkout becomes unnecessary. A clear warning message informs the merchant in the module configuration when this option is enabled.

Classic login available as an option

A discreet "Sign in with a password" link can be displayed at the bottom of the login page. This can be enabled or disabled in the module configuration. Customers who already have a password can still use it via the native PrestaShop form. A passwordless customer who wishes to set a password can do so at any time via PrestaShop's native "Forgot password" feature.

Store logo

Your store's native PrestaShop logo is automatically displayed at the top of the login page. If no logo is configured in PrestaShop, nothing is shown. The option can be enabled or disabled in the module configuration.

Mobile-optimized emails

Verification codes are sent via PrestaShop's native email system (Mail::send), ensuring compatibility with your existing SMTP configuration. The email template is intentionally minimalist: store logo, the code displayed large and bold with a central space for readability (e.g., 847 293), and an expiration message. The code is the first thing visible in the mobile notification, without needing to open the email.

Security

Verification code protection

Each 6-digit code is hashed in the database using the bcrypt algorithm via PHP's native password_hash() function. Codes expire after a configurable delay (10 minutes by default). The number of entry attempts is limited (3 by default). After exhausting attempts, the code is invalidated and the customer must request a new one. An hourly send counter per email address prevents abuse and spam.

Server-side Google verification

The Google authentication token is never accepted as-is from the customer's browser. It is systematically verified server-side with Google. The module checks that the token's "audience" field matches the configured Client ID, ensuring that no token issued for another application can be used.

CSRF protection

All AJAX calls between the browser and server are protected by a native PrestaShop CSRF token. This token is generated in the Smarty template and included in every request, preventing any cross-site request forgery attacks.

No modification to the native database

The module never touches the structure of the ps_customer table or any other native PrestaShop table. Each passwordless customer has a standard PrestaShop account with a strong random password they don't know and never need to know. All native PrestaShop features (orders, addresses, My Account page) continue to work normally.

Installation

1. Download the module from your WePresta customer area
2. In the PrestaShop back office, go to Modules > Module Manager
3. Click Install a module and select the ZIP file
4. The module is immediately functional with email code authentication
5. To enable Google Login, configure your Google Client ID (see Configuration section)

Configuration

General settings

The module is fully configured from the PrestaShop back office on the module configuration page. General options allow you to enable or disable the module, show or hide your store logo on the login page, choose whether the "Sign in with a password" link is visible, and disable guest checkout with a warning message explaining the consequences.

Google Login configuration

To enable Google Login, you need to create a project in the Google Cloud Console and obtain an OAuth Client ID. The process is free and takes about 5 minutes. Go to console.cloud.google.com, create a project, configure the OAuth consent screen, then create a "Web Application" credential with your store URL as the authorized JavaScript origin. Copy the resulting Client ID into the module configuration and enable the Google Login option.

Security settings

Security settings allow you to adjust the verification code expiration time (10 minutes by default), the maximum number of attempts per code (3 by default), the maximum number of code sends per email per hour (5 by default), and the countdown delay before allowing a code resend (30 seconds by default).

Compatibility

PrestaShop versions

Magic Login is compatible with PrestaShop 9.x. The module uses PrestaShop 9's Symfony architecture, YAML routes, and XLF translation system. A version compatible with PrestaShop 8.x will be available soon.

Themes

The module works with all PrestaShop themes because it uses its own login page with an independent layout. The Magic Login page design does not depend on your theme — it displays identically regardless of your store configuration.

Multi-store and multilingual

Magic Login natively supports PrestaShop's multi-store mode. Each store can have its own configuration: different Google Client ID, independent display options, specific security settings. The module is shipped with French and English translations. Additional translations can be added via PrestaShop's native translation system.

FAQ

Does the module modify the PrestaShop database?

No. Magic Login never modifies the structure of the ps_customer table or any other native PrestaShop table. The module creates its own tables to store verification codes and Google account links. Each customer created via Magic Login has a standard PrestaShop account, fully compatible with all native features.

What happens if I uninstall the module?

All customer accounts remain intact. Customers who registered via Magic Login have a real PrestaShop account with a (random) password. They can use PrestaShop's "Forgot password" feature at any time to set their own password and continue logging in normally.

Can an existing customer use Magic Login?

Yes. If a customer already has an account on your store, they can log in via Magic Login by simply entering their email. They will receive a verification code and be logged in without needing their password. Their account remains unchanged and they can still use their password if they prefer.

Can a customer log in via Google if they already have an account?

Yes. If the Google account email matches an existing account on your store, the module automatically links them. The customer can then log in interchangeably via email code, Google Login, or classic password.

Is Google Login free?

Yes. Using Google Identity Services is completely free. You simply need to create a project in the Google Cloud Console and obtain a Client ID, which takes about 5 minutes and requires no payment.

Does the module work with the PrestaShop checkout?

Yes. When a non-logged-in customer tries to access the checkout, they are automatically redirected to the Magic Login page. After authentication, they are sent back to the checkout with their cart intact. The guest checkout deactivation option ensures that all customers create an account.

Is the module compatible with my theme?

Yes. Magic Login uses its own login page with a layout independent from the theme. No theme template overrides are required. The module works identically on all PrestaShop themes.

How does the module handle security?

Verification codes are hashed in the database (bcrypt), expire after a configurable delay, and the number of attempts is limited. A rate limiting system prevents spam. All AJAX calls are protected by native PrestaShop CSRF tokens. Google tokens are verified server-side.

Support

For any questions or technical assistance, contact us via your WePresta customer area or by email. Our Switzerland-based team responds within 24 hours on business days.

Changelog

Version 1.0.0

• Login and registration via 6-digit email verification code
• Google Login via Google Identity Services
• Fullscreen mobile-first interface with AJAX transitions
• Automatic login/registration detection
• Smart checkout redirection
• Progressive profile completion (name after verification)
• Optional guest checkout deactivation
• Configurable native store logo
• Optional classic login
• Complete security system (bcrypt hash, expiration, rate limiting, CSRF)
• Multi-store and multilingual compatible (FR/EN)
• Verification emails optimized for mobile notifications