News:

Looking for documentation? Take a look on our wiki

Main Menu

Order detail premission

Started by Ohanys, November 10, 2017, 12:53:10 PM

Previous topic - Next topic

Ohanys

Hi,

I have big security problem.

If I login to my account, I can see orders history. I can click on orders and I can see detail. Url:

xxx.xx/order?order_number=1000

But If I rewrite url to any random exist order number, I can see it too! I can see all orders that was create without registration - THIS IS PROBLEM, I see users informations. If order created registered and loged user, access is denied - CORRECT.

Can you help me, how set order history? Every user must see only his orders.

Thank you very much.

AH

Regards
A

Joomla 4.4.5
php 8.1

Ohanys

Joomla 3.8.2, VirtueMart 3.0.18

Ventsi Genchev

Every user sees only his orders, but the administrator can see everyone. I do not see what a problem that can be.
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English