News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Everybody can add product in the frontend

Started by glenanpl, November 12, 2016, 17:18:24 PM

Previous topic - Next topic

glenanpl

Hi
With Joomla 3.6.4 and Virtuemart 3.0.18, everybody can add product in the frontend!
For Public, Guest and Registred ACL for "not allow".
In /components/com_virtuemart/views/virtuemart/tmpl, in file default.php, I add a # to not have the icon in the frontend
# echo $this->add_product_link;
But II like to know if there is another possibility
Regards

Studio 42

Was your website hacked before Joomla security fix ?
CHeck your perm settigns for Virtumart using YOURSITE/administrator/index.php?option=com_config&view=component&component=com_virtuemart, if all is right set.
Free XML sitemap generator [url="http://shop.st42.fr/en/catalog/products/virtuemart-2-sitemap.htm"]http://shop.st42.fr/en/catalog/products/virtuemart-2-sitemap.htm[/url]  , Free Unused Image cleaner [url="http://shop.st42.fr/en/products/virtuemart-media-folder-clear.htm"]http://shop.st42.fr/en/products/virtuemart-media-folder-clear.htm[/url]
Language Switch in product & category [url="http://shop.st42.fr/en/categories-tools/multi-language-for-virtuemart.htm"]http://shop.st42.fr/en/categories-tools/multi-language-for-virtuemart.htm[/url]
More extentions [url="http://shop.st42.fr/en/"]http://shop.st42.fr/en/[/url]

Milbo

to hide it, does not preven that someone may misuse it. We had that lately quite often and I think it is connected to the last joomla hack.
Should I fix your bug, please support the VirtueMart project and become a [url=http://extensions.virtuemart.net/support/virtuemart-supporter-membership-detail]member[/url]
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

glenanpl

OK!
is it possible to activate desactivate the frontoffice for everybody
regard

AH

check if you have been hacked first

then decide on what you do next

deactivating front office is no use if you are hacked
Regards
A

Joomla 3.10.11
php 8.0

glenanpl

Hi,
My question is not "My site have been hack?"
But
How "disactivate VIRTUEMART Frontend acces?"
Regards

The second level question is : there is a backdoor (or more) in virtuemart?

GJC Web Design

QuoteFor Public, Guest and Registred ACL for "not allow".

which u already have..  I have seen one other site like this and I can only assume it was a malicious setting by a hacker

Found the solution by carefully comparing the ACL setup between a fresh install and the problem one .. and it was only config
GJC Web Design
VirtueMart and Joomla Developers - php developers [url="https://www.gjcwebdesign.com"]https://www.gjcwebdesign.com[/url]
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
[url="https://extensions.joomla.org/profile/profile/details/67210"]https://extensions.joomla.org/profile/profile/details/67210[/url]
Contact for any VirtueMart or Joomla development & customisation

Studio 42

The simplest hack is to modify file JOOMLAROOTt\components\com_virtuemart\virtuemart.php :
if ( shopFunctionsF::isFEmanager() ) {
to
if ( 1===0 ) {
Free XML sitemap generator [url="http://shop.st42.fr/en/catalog/products/virtuemart-2-sitemap.htm"]http://shop.st42.fr/en/catalog/products/virtuemart-2-sitemap.htm[/url]  , Free Unused Image cleaner [url="http://shop.st42.fr/en/products/virtuemart-media-folder-clear.htm"]http://shop.st42.fr/en/products/virtuemart-media-folder-clear.htm[/url]
Language Switch in product & category [url="http://shop.st42.fr/en/categories-tools/multi-language-for-virtuemart.htm"]http://shop.st42.fr/en/categories-tools/multi-language-for-virtuemart.htm[/url]
More extentions [url="http://shop.st42.fr/en/"]http://shop.st42.fr/en/[/url]

glenanpl

Hi
I test the solution of Studio 42
Was it possible to change the parameter of isFEmanager() that is less brutal than 1===0 ;-)
For the ACL all is Not Allowed (inherent) for Public, Guest, Registred, Author, Redactot, Editor !
Regards

Studio 42

Quote from: glenanpl on December 24, 2016, 19:07:53 PM
OK!
is it possible to activate desactivate the frontoffice for everybody
regard
This is a safe way, if your site is hacked, this stop any front editing. So if you add .htpassword to admin, no hacker can acces your shop with a backdoor.
All aother way was explained by other but you said, you want completly disable front acces to VM.
Free XML sitemap generator [url="http://shop.st42.fr/en/catalog/products/virtuemart-2-sitemap.htm"]http://shop.st42.fr/en/catalog/products/virtuemart-2-sitemap.htm[/url]  , Free Unused Image cleaner [url="http://shop.st42.fr/en/products/virtuemart-media-folder-clear.htm"]http://shop.st42.fr/en/products/virtuemart-media-folder-clear.htm[/url]
Language Switch in product & category [url="http://shop.st42.fr/en/categories-tools/multi-language-for-virtuemart.htm"]http://shop.st42.fr/en/categories-tools/multi-language-for-virtuemart.htm[/url]
More extentions [url="http://shop.st42.fr/en/"]http://shop.st42.fr/en/[/url]