Everything works fine, except for one thing.
When the customer receives their order confirmation, the link to "view their order online" appears to be link to the administrator side of virtuemart.
So it gives this:
mydomain.com/administrator/index.php?option=com_virtuemart&view=orders&layout=details&order_number=0a72022&order_pass=p_919ba
instead of
mydomain.com/index.php?option=com_virtuemart&view=orders&layout=details&order_number=0a72022&order_pass=p_919ba
Anyone has a clue what the problem could be?
I am having this problem too. Where email link brings customer right in to the back-end where he can see not just his own orders but everyone else's orders as well. Seems like a dangerous unintentional backdoor into administrator only area of VM.
Be grateful for any insight on how to fix this
Joomla 2.5, WM 2.08e
Thanks in advance
OOOOOPS .. I figured that the problem was user error in my case .. I was using same password for admin as for my test shopper so of course when I hit the view orders link of course it showed all the orders so this is not a VM security issue at all just user error on my part
Make sure your admin and test shopper passwords are not the same. Worked fine once I made the admin and test shopper passwords unique