Orders Mail - view your order online link

[relco]

Everything works fine, except for one thing.

When the customer receives their order confirmation,  the link to "view their order online" appears to be link to the administrator side of virtuemart.

So it gives this:
mydomain.com/administrator/index.php?option=com_virtuemart&view=orders&layout=details&order_number=0a72022&order_pass=p_919ba

instead of
mydomain.com/index.php?option=com_virtuemart&view=orders&layout=details&order_number=0a72022&order_pass=p_919ba

Anyone has a clue what the problem could be?

[siobhano]

I am having this problem too. Where email link brings customer right in to the back-end where he can see not just his own orders but everyone else's orders as well. Seems like a dangerous unintentional backdoor into administrator only area of VM.

Be grateful for any insight on how to fix this


Joomla 2.5, WM 2.08e

Thanks in advance

[siobhano]

OOOOOPS  .. I figured that the problem was user error  in my case .. I was using same password for admin as for my test shopper so of course when I hit the view orders link of course it showed all the orders so this is not a VM security issue at all  just user error on my part

Make sure your admin and test shopper passwords are not the same. Worked fine once I made the admin and test shopper passwords unique