Hi, maybe the problem has already been discussed. However I ask you, how is it possible that a user, without activating his account via link via email, can be logged in and continue until the conclusion of the order?
Another problem is users who provide domain data "* mail.ru", regularly excluded from settings on joomla, are not blocked.
Joomla 3.9.2
Virtuemart 3.4.2
Thank you
Lorenzo
From memory account activation is NOT considered by VM so effectively the user is immediately logged in when they submit their registration..
I think I wrote on here some time ago a hack to solve this
found it
http://forum.virtuemart.net/index.php?topic=140701.msg494971#msg494971
From the tests done this is confirmed:
If the visitor is in the shopping cart, without registering, click on "Buy now" is directed to the registration form.
Once registration has been completed, the user is immediately logged in!
thing that should not happen without the confirmation of the email. If you check the status of the user Joomla is blocked and not active.
Instead if you register from the "Joomla registration form" there are no problems.
is it possible that Joomla and virtuemart are not configured correctly?
no .. it works as it is coded... unless the core is recoded to check the activation status then the fix is as I describe in the post
It works as it has always worked in VirtueMart. The shopper is registered in VirtueMart so can complete their purchase. Later they can complete their Joomla registration if that is what your shop requires, and nothing has been done to prevent that all-important first sale. If you require shoppers to wait for an email and reply to it before spending their money they are very likely to go elsewhere.
You can, of course, change the logic, as described above. http://forum.virtuemart.net/index.php?topic=140701.msg494971#msg494971
I understand the logic but you have not thought about the problem of scammers.
Now a scammer has placed an order by registering with false data and false e-mails.
We find ourselves with many orders to be blocked. We must verify all the data entered to verify the true or false, when it would be sufficient to block it with the e-mail.
So, how should I do to avoid it.
The procedure described above is not very clear to me
I did it for another client with a core hack .. this is the fastest / cheapest option but means you have to re-instate the hack on each upgrade
otherwise u need a plugin built to do it..
But I really wonder about the logic of what you say.. I run many shops and it is extremely rare to get a "false" order because whats the point?
The goods are never sent until the money is firmly in the shop owners grasp .. if some idiot wants to pay for and then have sent to a false address that's up to them...
Yes, right but if they use stolen and cloned credit cards it's a problem for us.
We send the goods then the police contact us, the bank blocks the charges, we have to prove to whom we have sent, etc.
A real break of balls
"otherwise u need a plugin built to do it.."
You can suggest a plugin..
Thanks
GJC means, You have to build plugin yourself or custom order a plugin.
Jörgen @ Kreativ Fotografi