Eric,
No no I must have miscommunicated. I do not want to make the user provide a password when they order. If they reorder, I don't want them to have to login. I took the password away totally.
They provide an email and place the order. If they have ordered in the past, then just their email is sufficient.
If placing a second order, the system gives the error msg: (That email address is already registered.) If we don't require a password the user doesn't know their password to login which will cause them to request their password. The fear is that by this time we will have lost the sale.
Terry