Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Administration & Configuration => Topic started by: glenanpl on November 12, 2016, 17:18:24 PM

Title: Everybody can add product in the frontend
Post by: glenanpl on November 12, 2016, 17:18:24 PM
Hi
With Joomla 3.6.4 and Virtuemart 3.0.18, everybody can add product in the frontend!
For Public, Guest and Registred ACL for "not allow".
In /components/com_virtuemart/views/virtuemart/tmpl, in file default.php, I add a # to not have the icon in the frontend
# echo $this->add_product_link;
But II like to know if there is another possibility
Regards
Title: Re: Everybody can add product in the frontend
Post by: Studio 42 on November 12, 2016, 17:22:02 PM
Was your website hacked before Joomla security fix ?
CHeck your perm settigns for Virtumart using YOURSITE/administrator/index.php?option=com_config&view=component&component=com_virtuemart, if all is right set.
Title: Re: Everybody can add product in the frontend
Post by: Milbo on November 12, 2016, 17:38:25 PM
to hide it, does not preven that someone may misuse it. We had that lately quite often and I think it is connected to the last joomla hack.
Title: Re: Everybody can add product in the frontend
Post by: glenanpl on December 24, 2016, 19:07:53 PM
OK!
is it possible to activate desactivate the frontoffice for everybody
regard
Title: Re: Everybody can add product in the frontend
Post by: AH on December 25, 2016, 10:01:11 AM
check if you have been hacked first

then decide on what you do next

deactivating front office is no use if you are hacked
Title: Re: Everybody can add product in the frontend
Post by: glenanpl on December 27, 2016, 22:08:24 PM
Hi,
My question is not "My site have been hack?"
But
How "disactivate VIRTUEMART Frontend acces?"
Regards

The second level question is : there is a backdoor (or more) in virtuemart?
Title: Re: Everybody can add product in the frontend
Post by: GJC Web Design on December 27, 2016, 22:44:43 PM
QuoteFor Public, Guest and Registred ACL for "not allow".

which u already have..  I have seen one other site like this and I can only assume it was a malicious setting by a hacker

Found the solution by carefully comparing the ACL setup between a fresh install and the problem one .. and it was only config
Title: Re: Everybody can add product in the frontend
Post by: Studio 42 on December 27, 2016, 23:39:11 PM
The simplest hack is to modify file JOOMLAROOTt\components\com_virtuemart\virtuemart.php :
Code Select
if ( shopFunctionsF::isFEmanager() ) {
to
Code Select
if ( 1===0 ) {
Title: Re: Everybody can add product in the frontend
Post by: glenanpl on December 28, 2016, 16:50:31 PM
Hi
I test the solution of Studio 42
Was it possible to change the parameter of isFEmanager() that is less brutal than 1===0 ;-)
For the ACL all is Not Allowed (inherent) for Public, Guest, Registred, Author, Redactot, Editor !
Regards
Title: Re: Everybody can add product in the frontend
Post by: Studio 42 on December 28, 2016, 18:27:33 PM
Quote from: glenanpl on December 24, 2016, 19:07:53 PM
OK!
is it possible to activate desactivate the frontoffice for everybody
regard
This is a safe way, if your site is hacked, this stop any front editing. So if you add .htpassword to admin, no hacker can acces your shop with a backdoor.
All aother way was explained by other but you said, you want completly disable front acces to VM.
Text only | Text with Images