Set order status via URL - possible?

[Adwans]

Hello!
I tried:

Code: [Select]

protected function checkConditions ($cart, $method, $cart_prices) {
$amount = $this->getCartAmount($cart_prices);
if($amount < 999999999) { return false;}

}
function plgVmOnShowOrderBEPayment ($virtuemart_order_id, $virtuemart_payment_id) {
return false;
} with no success. Maybe is there any function in charge of BE paymentmethod editing? However, it is called from another view and task.
Or plugin is "listening" and waiting for some parameters?

maybe by amount or detect if FE/admin or look for a url var etc .. depends how your using this

I use this that way:

Code: [Select]

index.php?option=com_virtuemart&view=vmplg&task=pluginresponsereceived&pm=6&on=HERE-ORDER-NUMBER&os=C as for Confirmed
add some parameter? or pm=6 is wrong?
NOTE: I can see that plugin obeys this:

Code: [Select]

if (strstr($view,'paymentmethod')) ... //editing payments
else if (strstr($view,'vmplg') ) // plugin working
{
What should I put after ($view,'paymentmethod')) ?

[Adwans]

OK, I got it  SOLVED
Thanks Rupostel! for creating this and @GJC for mention: Great plugin that saves you a lot of (free) time:
https://www.rupostel.com/utilities-for-joomla/extensions/fatal-catcher-plugin
This plugin has allowed to find the bug, one faulty $require.
Now set order status via URL plugin works fine, sends emails to me, and also doesnt interfere with any edit admin page 
If you ever have any WSOD, use this plugin.

[GJC Web Design]

https://www.rupostel.com/utilities-for-joomla/extensions/fatal-catcher-plugin

can only agree -- some servers are almost impossible to access logging and this is the 1st tool to use in this case - thanks Stan

[gba]

Check for security?
Doesn't function getOrderIdByOrderPass() already check security??

Does it or does it not? 

Kind regards,
Gerald

[cybersholt]

Just wanted to say thanks, the info here helped create something similar that changes the order status to shipped & includes some tracking info as a comment.

[Adwans]

Check for security?
Doesn't function getOrderIdByOrderPass() already check security??

Does it or does it not? 
Kind regards,
Gerald

Hi Gerald, I wonder the same. Maybe Milbo say sth less .. enigmatic?.
My ideas since now:
1. checking of logged in user *not guest ?
look:
http://forum.virtuemart.net/index.php?topic=129339.msg445160#msg445160
2. checking if logged-in user is the person which had created specific order in question?
Any further ideas?
 

[Milbo]

for example

Code: [Select]

if(!vmAccess::manager('core') ){
$msg = 'Forget IT';
$this->setRedirect('index.php?option=com_virtuemart', $msg);
}
Redirects any non Superadmin. Or use only vmAcess::manager(), checks for managers ('core.admin', 'core.manage', 'vm.manage'), which is usually the standard. You can also check for a certain right. The rights to check orders would be 'orders' => vmAccess::manager('orders') and only for order status change it is 'orders.status'. You can even check for more than one right and chain it or use it as or.

I just notice the right order.status is atm only used in the controllers, so it is not checked in your case.

It automatically checks also for Background admin rights. ;-) Makes fun