VirtueMart 3.4.5 10045
There is a problem with the registration form. Required fields not considered mandatory. Also there is no star that indicates that they are mandatory.
Fields: Username, Displayed Name, Password, Confirm Password
Demo:
https://demo.virtuemart.net/account
Missing:
class="required " aria-required="true" required="required"
In this it seems happen if you access the form directly without adding something into the cart, because the 'Checkout as Guest' has been disabled in the demo. Apparently it still defaults to the 'Checkout as a Guest' form display. Normally, if you add something into the cart and choose to register, the 'required' asterisks are there, but those fields are shown without the asterisks (not required) if you choose 'Checkout as a Guest'.
I gave the demo site just for an example because I tested version 3.4.5 10045 and noticed the same thing with me.
I have allowed the purchase without registration. Version 3.4.2 does not have this problem.
That's why I think this is a bug. Because when a customer enters the site and wants to register, these fields are not required. He does not want to shop and does not want to add in a basket. Just register.
So far these fields have always been Required. Their status changed only when a "buy without registration" was selected when ordering.
Is this a bug or will it be so? Because if it stays that way, I have to think about changes before updating to the new official version when it comes out.
I'm using validation with jQuery. At the moment, the password field is not required when registering, and this is unacceptable.
I am testing VM3.4.5.10049 with VMBeez template. The shopper required fields are working just as they should, impossible to register without completing the fields.
I just checked and they work as normal with VM3.4.5.10045 too.
And do you mean that these fields are mandatory and you have a star for that?
There will still be problems with the OPC plugins. Because VirtuteMart gives information that they are not mandatory.
Only after pressing the registration button, the class changes from:
class="validate-password inputbox"
To:
class="required invalid"
Yes, you can not sign up without filling in these fields, but again, let's say, default is not mandatory at the beginning.
Is there any information what's changed to allow OPC developers to take action?
Quote
And do you mean that these fields are mandatory and you have a star for that?
Yes, exactly that.
All code revisions are documented in the repository. http://dev.virtuemart.net/projects/virtuemart/repository/revisions
Dear Kelvyn,
The only way these fields are mandatory and with a star on registration is:
- turn off the guest purchase option.
I suppose your settings are such. Because before I can write in the forum for a problem, I test all possible options: templates, overwriting, errors...
The password fields are only tested after clicking on the registration button.
So I gave a link to the demo site where you can make a purchase as a guest. And the fields are not mandatory initially.
I hope Max will pay attention to this topic.
The problem starts with Revision 10034:
http://dev.virtuemart.net/projects/virtuemart/repository/diff?utf8=%E2%9C%93&rev=10034&rev_to=10033
There are a few options to fix, but I do not know Max's goal.
For example, line 315 changes from:
$userFields = $userFieldsModel->getUserFieldsFor('cart',$type);
to:
$userFields = $userFieldsModel->getUserFieldsFor('edit',$type);
Or fix the problem by changing the "Small ugly hack" :)
in: \administrator\components\com_virtuemart\models\userfields.php
//Small ugly hack to make registering optional //do we still need that? YES ! notice by Max Milbers
if($register and $type == 'BT' and VmConfig::get('oncheckout_show_register',1) and !VmConfig::get('oncheckout_only_registered',1) and $layoutName!='edit'){
//vmdebug('Going to set core fields unrequired');
foreach($userFields as $field){
if(in_array($field->name,$corefields)){
if($field->required){
$field->register = 1;
}
$field->required = 0; // <-- THIS IS THE REASON OF A PROBLEM
$field->value = '';
$field->default = '';
}
}
}
Hmm, I think before it was wrong.
when the guest checkout is allowed, then the all the fields which are need for registration are NOT required. VM knows that only, when the user hit the registration.
Hi Max,
What about normal registration, not checkout? The user understands that the fields are mandatory only when he presses the button.
And more importantly:
Quote from: Milbo on May 15, 2019, 18:51:22 PM
VM knows that only, when the user hit the registration.
How does VirtueMart know this after pressing the button?
For security reasons, the information needs to be validated on the server and it is not happening now. If you turn off client validation (which anyone with basic JS knowledge can), then the server must be the one who says the data is missing.
Now website reports a problem with the missing "username" only due to core check in the Joomla! (that's too late because VirtueMart has to check the input itself), but the missing password will pass because Joomla! allows you to generate random password when the input password during registration is empty. Unfortunately, if you did not allow the sending of e-mail passwords in Joomla! Configuration, nobody will know the new generated password.
Similarly, the fact that the VM, despite this bug, checks the basic registration fields in JS (after clicking on the Register button) is practically just a coincidence, because the validation in the JS in the VM is independent of the settings of these fields in the VM.
Is not it more logical when the user decides to buy as a guest, then these fields to switch to non-required? And even disappear. Then confirm the order.
While on the user registration page they are always absolutely required.
One time you use the button "checkout as guest" the other time, you use the button "register and checkout". Then the system knows that.
and the validation is always also done on the server.
And once the user clicks on "register and checkout", the site tells him that there is a error because he did not fill in the fields. Which he does not know are mandatory because they are not marked with a star.
Don't you think it's a little confusing?
Again, you give an example of a purchase. I am asking for a normal registration, where these fields should always be mandatory.
https://demo.virtuemart.net/account
Should we use Joomla's registration form in this case? Or to exclude a buy as a guest?
In VirtuePlanet's One Page Checkout there is an option to choose first if you want Guest or Registered checkout.
After that you get the fields.
The core checkout is not perfect, but that can be surely done with a bit of JS and CSS.
So if you add two buttons on top for guest and register, one as default, you can display the necessary values and just show one button to go on.
So not "Order as Guest" or "Register" as the submit buttons, but showing one or the other according to the choice you made on top.
You can then also name both of them "Go to checkout" or "Buy", depending on your steps.
Regards
Stefan
Yes, I know this and added a code to the registration page. Because otherwise, users can register without a password.
But, as I have already written, the JS solution, in my opinion, is not a good solution.
You have set a password strength in Joomla configuration?
No I am not.
Actually the minimum password length in Joomla is 4 chars anyway, so there is no chance to register without a password.
That would throw an error.
The only thing you can do is order as a guest without registering and therefore no password.
Please allow me to disagree with you:
Missing password will pass because Joomla! allows you to generate random password when the input password during registration is empty.
Ok,
but then you actually have a password. So if you stop that via JS that should be fine.
If someone bypasses the JS "maliciously" that someone will have an unknown password.
If you don't know your Joomla password you can reset it anytime via the J login.
So I actually don't see more than an theoretical problem, that is also no security issue.
OK thank you.
This is your decision.