Author Topic: [BUG] [SOLVED] Terms of Service field not validated at all  (Read 19786 times)

razor7

  • Jr. Member
  • **
  • Posts: 366
    • MGSCreativa - Professional VM!
[BUG] [SOLVED] Terms of Service field not validated at all
« on: September 11, 2014, 00:47:08 am »
Hi, in my test server I have J! 2.5.24 and VM 2.6.10.

First, when registering using VM registration form, I can register without checking the "I agree to the Terms of Service" check box! is that correct?
I expected VM to validate that check and to cancel user registration if user didn't accepted Terms of Service

Second, I have checked Must agree to Terms of Service on EVERY ORDER? and Show Terms of Service on the cart/checkout? in VM configuration, despite having that options enabled, I still can buy things without checking the Terms of Service checkbox at checkout!


My test server is here https://it.mgscreativa.com.ar/j25vm2updt/index.php?option=com_virtuemart&view=user&layout=edit

Thanks!
MGS Creativa - VirtueMart Payment Plugin Experts
http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more!
http://www.mgscreativa.com/en/online-store

razor7

  • Jr. Member
  • **
  • Posts: 366
    • MGSCreativa - Professional VM!
Re: [BUG] Terms of Service field not validated at all
« Reply #1 on: September 13, 2014, 16:33:30 pm »
Hi, after a little debugging in the VM 2.6.10 code I found several bugs in the Terms Of Service mechanism.

First of all, I'm attaching a zip with patched files and a patch file to review the changes.

After analysing the TOS mechanism, I think no user may get registered without accepting TOS, because the agreed user field is set as a core field and can't be edited (ie: you can't set the required state for it). Until a config option like "Must agree to TOS at registration" gets implemented, agreed must be required! at registration.

So first, the "I agree to the Terms of Service" registration field should get a star indicating it's required!
administrator/components/com_virtuemart/models/userfields.php function getCoreFields line 233, agreed should be removed from the array.
Change from this
Code: [Select]
static function getCoreFields(){
return array( 'name','username', 'email', 'password', 'password2' , 'agreed','language');
}
to this...
Code: [Select]
static function getCoreFields(){
return array( 'name','username', 'email', 'password', 'password2', 'language');
}

And the agreed form field should be marked as required in its HTML code (form field should be evaluated for "required" mark)
administrator/components/com_virtuemart/models/userfields.php function getUserFieldsFilled line 873
Change from this
Code: [Select]
case 'agreed':
$_return['fields'][$_fld->name]['formcode'] = '<input type="checkbox" name="'
. $_prefix.$_fld->name . '" id="' . $_prefix.$_fld->name . '_field" value="1" '
. ($_return['fields'][$_fld->name]['value'] ? 'checked="checked"' : '') .'/>';
break;
to this...
Code: [Select]
case 'agreed':
$_return['fields'][$_fld->name]['formcode'] = '<input type="checkbox" name="'
. $_prefix.$_fld->name . '" id="' . $_prefix.$_fld->name . '_field" value="1" '
. ($_return['fields'][$_fld->name]['value'] ? 'checked="checked"' : '')
. ($_fld->required ? ' class="required"' : '') . ' />';
break;

Despite agreed form field being marked as required, it needs to get validated at saveData to check if no 'agreed' post variable is sent, that's the case of forced user registration using some kind of method to avoid the form javascript validation
components/com_virtuemart/controllers/user.php funciton saveData line 216
Add theese lines

Code: [Select]
if(empty($data['agreed'])) {
    $msg = JText::_('COM_VIRTUEMART_USER_FORM_BILLTO_TOS_NO');
    vmInfo($msg);
    return $this->redirect(JRoute::_('index.php?option=com_virtuemart&view=user&task=editaddresscheckout&addrtype=BT',$this->useXHTML,$this->useSSL), $msg);
}

At checkout, the config option "Must agree to Terms of Service on EVERY ORDER?" is not taken into account. Also, if you disable that option, the Agree to TOS check input is still displayed in the view and thats's not right. For that to work properly, theese are the changes that need to be done
administrator/components/com_virtuemart/models/userfields.php function getUserfield line 187 name parameter overrided because of bad logic (IE: agreed gets allways "required" = 0)
Change from this
Code: [Select]
if (empty($this->_data)) {
$this->_data = $this->getTable('userfields');
if($name !==0){
$this->_data->load($id, $name);
}
$this->_data->load($id);
}
To this...
Code: [Select]
if (empty($this->_data)) {
$this->_data = $this->getTable('userfields');
if($name !==0){
$this->_data->load($id, $name);
} else {
    $this->_data->load($id);
}
}

Config Parameter agree_to_tos_onorder (Must agree to Terms of Service on EVERY ORDER?) should be evaluated here, because if it's turned on in config by VM administrator, it doesn't matter if the user agreed to TOS, he must agree on every order because of that VM config setting.
components/com_virtuemart/helpers/cart.php function saveAddressInCart line 1255
Change from this
Code: [Select]
if(!empty($data['agreed'])){
$this->tosAccepted = $data['agreed'];
}
To this...
Code: [Select]
if(!empty($data['agreed']) && !VmConfig::get('agree_to_tos_onorder',0)){
$this->tosAccepted = $data['agreed'];
}

Terms Of Service Checkbox should be visible in cart only if "Must agree to Terms of Service on EVERY ORDER?" is checked in VM configuration. For this to happen, the string COM_VIRTUEMART_CART_TOS_READ_AND_ACCEPTED should be splitted into two strings just in case the VM administrator wants to show TOS at cart and not require TOS agreement on every order. Theese are the new strings that should be placed in language/en-GB/en-GB.com_virtuemart.ini
COM_VIRTUEMART_CART_TOS_READ="Click here to read terms of service"
COM_VIRTUEMART_CART_TOS_ACCEPT="and check the box to accept them"
The cart view should be changed too
components/com_virtuemart/views/cart/tmpl/default.php arround line 182
Change from this
Code: [Select]
if ($userFieldsModel->getIfRequired ('agreed')) {
if (!class_exists ('VmHtml')) {
require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'html.php');
}
echo VmHtml::checkbox ('tosAccepted', $this->cart->tosAccepted, 1, 0, 'class="terms-of-service"');

if (VmConfig::get ('oncheckout_show_legal_info', 1)) {
?>
<div class="terms-of-service">

<label for="tosAccepted">
<a href="<?php JRoute::('index.php?option=com_virtuemart&view=vendor&layout=tos&virtuemart_vendor_id=1'FALSE?>" class="terms-of-service" id="terms-of-service" rel="facebox"
  target="_blank">
<span class="vmicon vm2-termsofservice-icon"></span>
<?php echo JText::('COM_VIRTUEMART_CART_TOS_READ_AND_ACCEPTED'); ?>
</a>
</label>

<div id="full-tos">
<h2><?php echo JText::('COM_VIRTUEMART_CART_TOS'); ?></h2>
<?php echo $this->cart->vendor->vendor_terms_of_service?>
</div>

</div>
<?php
}
}
To this...
Code: [Select]
            if(VmConfig::get('agree_to_tos_onorder',0)) {
    if ($userFieldsModel->getIfRequired ('agreed')) {
    if (!class_exists ('VmHtml')) {
    require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'html.php');
    }
    echo VmHtml::checkbox ('tosAccepted', $this->cart->tosAccepted, 1, 0, 'class="terms-of-service"');
    }
}
if (VmConfig::get ('oncheckout_show_legal_info', 1)) {
?>
<div class="terms-of-service">

<label for="tosAccepted">
<a href="<?php JRoute::('index.php?option=com_virtuemart&view=vendor&layout=tos&virtuemart_vendor_id=1'FALSE?>" class="terms-of-service" id="terms-of-service" rel="facebox"
  target="_blank">
<span class="vmicon vm2-termsofservice-icon"></span>
<?php 
                            $tosText 
VmConfig::get('agree_to_tos_onorder',0) ? JText::_('COM_VIRTUEMART_CART_TOS_READ').' '.JText::_('COM_VIRTUEMART_CART_TOS_ACCEPT') : JText::_('COM_VIRTUEMART_CART_TOS_READ');
echo $tosText?>

</a>
</label>

<div id="full-tos">
<h2><?php echo JText::('COM_VIRTUEMART_CART_TOS'); ?></h2>
<?php echo $this->cart->vendor->vendor_terms_of_service?>
</div>

</div>
<?php
}

Well, that's all, hope it gets implemented ASAP.

Best regards!



[attachment cleanup by admin]
MGS Creativa - VirtueMart Payment Plugin Experts
http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more!
http://www.mgscreativa.com/en/online-store

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3510
  • VirtueMart Version: 3.8.9
Re: [BUG] Terms of Service field not validated at all
« Reply #2 on: September 13, 2014, 18:42:52 pm »
Have you put this into the SVN?

For  consideration and inclusion in next release?
Regards
A

Joomla 3.9.27
php 7.4

slammy

  • Jr. Member
  • **
  • Posts: 169
  • vm supporter member
  • VirtueMart Version: vm 3.0.x and jml 3.4.5
Re: [BUG] Terms of Service field not validated at all
« Reply #3 on: September 13, 2014, 21:20:56 pm »
thank you! Did test your patch and it´s working! Nice work! The only thing I noticed is that COM_VIRTUEMART_CART_TOS_READ_AND_ACCEPTED is now displayed in english language in my cart-view allthough I have COM_VIRTUEMART_CART_TOS_READ_AND_ACCEPTED in my german language file ...

razor7

  • Jr. Member
  • **
  • Posts: 366
    • MGSCreativa - Professional VM!
Re: [BUG] Terms of Service field not validated at all
« Reply #4 on: September 14, 2014, 01:41:39 am »
Have you put this into the SVN?

For  consideration and inclusion in next release?

Hi Huston!, no, I don't have SVN commits access rights. It would be great that VM source get's switched to GitHub by the way!

PS: Can you tell Milbo about this patch?, I sent him a PM, but just in case...
MGS Creativa - VirtueMart Payment Plugin Experts
http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more!
http://www.mgscreativa.com/en/online-store

razor7

  • Jr. Member
  • **
  • Posts: 366
    • MGSCreativa - Professional VM!
Re: [BUG] Terms of Service field not validated at all
« Reply #5 on: September 14, 2014, 01:44:52 am »
thank you! Did test your patch and it´s working! Nice work! The only thing I noticed is that COM_VIRTUEMART_CART_TOS_READ_AND_ACCEPTED is now displayed in english language in my cart-view allthough I have COM_VIRTUEMART_CART_TOS_READ_AND_ACCEPTED in my german language file ...

You're welcome!

Regarding the lang string, you may double check your modified view for wrong strings and your lang files. Remember that for this patch to work, two new strings are added, to split the old string containing the TOS string.
MGS Creativa - VirtueMart Payment Plugin Experts
http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more!
http://www.mgscreativa.com/en/online-store

slammy

  • Jr. Member
  • **
  • Posts: 169
  • vm supporter member
  • VirtueMart Version: vm 3.0.x and jml 3.4.5
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #6 on: September 14, 2014, 11:00:13 am »
Quote
Regarding the lang string, you may double check your modified view for wrong strings and your lang files. Remember that for this patch to work, two new strings are added, to split the old string containing the TOS string.

ah ok, adding the two strings in my language file and it works perfect now - sry I did overread the info in your tutorial, big thx for your fix!!!

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10530
  • VM4.0.7 Eagle Owl
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #7 on: September 15, 2014, 20:53:48 pm »
It is a nice fix, but the whole logic got overhauled for vm3 and I wont change it for vm2, because it was all the time that quirky way.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3510
  • VirtueMart Version: 3.8.9
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #8 on: September 15, 2014, 20:59:17 pm »
Ok so if using VM2 we need to consider applying this patch ourselves.

Regards
A

Joomla 3.9.27
php 7.4

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10530
  • VM4.0.7 Eagle Owl
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #9 on: September 15, 2014, 21:13:55 pm »
My problem is only, if it changes the behaviour for already running stores. Vm2.6 must be absolutly backward compatible!
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

AH

  • Global Moderator
  • Sr. Member
  • *
  • Posts: 3510
  • VirtueMart Version: 3.8.9
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #10 on: September 15, 2014, 23:02:52 pm »
Milbo

I understand the need to retain backward compatibility

I will have to test this to see what happens in my test version and if it is anything like the report below

Quote
First, when registering using VM registration form, I can register without checking the "I agree to the Terms of Service" check box! is that correct?
I expected VM to validate that check and to cancel user registration if user didn't accepted Terms of Service

Second, I have checked Must agree to Terms of Service on EVERY ORDER? and Show Terms of Service on the cart/checkout? in VM configuration, despite having that options enabled, I still can buy things without checking the Terms of Service checkbox at checkout!

I have bigger issue with the Joomla bind user loophole in VM1.5.26 and VM 1.1.9  so it will take me a few days to get to it.
Regards
A

Joomla 3.9.27
php 7.4

nkamp

  • Jr. Member
  • **
  • Posts: 67
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #11 on: October 03, 2014, 20:42:06 pm »
Hello,

I have added this changes as well. One time just copying the files over the existing files. And one time I made changes all by my self manually in the files. But it still doesn't work.

Even the TOS link is not working at the checkout. When I click on the link of TOS, at my checkout, then it returns to the home page. I have also tried the OPC of linelabox, but the same issue.
I don't know why it is not working.

I use joomla 2.5.25 with vm 2.6.10.

Nico

Shazam0527

  • Beginner
  • *
  • Posts: 9
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #12 on: October 03, 2014, 21:35:25 pm »
I hope this doesn't come across as stupid but how to Patch this?  Do I use the Upload Package file portion in the Extensions Manager?  When I do that it says it's missing the XML.  How do I patch as I'm having the same issue.  (Sorry I am relatively new to Virtuemart and Joomla)

Thanks in advance,

Jonathan

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 10691
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 3.8.8
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #13 on: October 03, 2014, 21:48:08 pm »
just d/L the the file
unzip
in it you will see the files you need to over write on your server

the patch is only for the devs on the SVN

use with caution
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Shazam0527

  • Beginner
  • *
  • Posts: 9
Re: [BUG] [SOLVED] Terms of Service field not validated at all
« Reply #14 on: October 03, 2014, 22:00:24 pm »
Well crud, yeah that didn't work.  Is there a fix to this issue?  It's utterly dire that they are required to Agree to the TOS for this client.  Without it, this setup is useless.  :(  And I am a HUGE fan of VM :(