News:

Support the VirtueMart project and become a member

Main Menu

Error in registration form

Started by yobokkie, October 08, 2015, 16:11:11 PM

Previous topic - Next topic

yobokkie

I'm not sure if this has been covered elsewhere but I cannot find it through searching so perhaps my search is not targeting the right words.
My VM version is the latest 3.0.10. The issue is with the registration form. I don't know if it's specific to the site, but I can't see any javascript errors being logged.
Basically when registering, if the username is already in existence then it resets the entire form every time. Which is understandably annoying for clients who now have to reenter the information onto the form.
Additionally, if they choose a username and there's an error in the rest of the data not picked up by the JS validation, it still creates the joomla account and so the same username cannot be used. Is there any way around that?

I will dig into the code to see if I can figure it out, but I thought I would ask here first in case this was a known issue and someone else had a solution already.

lindapowers

#1
Hello, you are completely right.

I posted it one week ago http://forum.virtuemart.net/index.php?topic=131600.msg454028#msg454028 but no one replied.

I tested even with a clean installation and beez template and happened the same.
I hope your or someone else with knowledge can give us a bit of light about this little bug.

An ajax username check their would be more than welcome if not at least no reset for the rest of the form.

There is a backend setting in joomla 3.4.4 for the recaptcha which shows in default joomla register if chosen, this would be nice to have too in that page not to mention the more than welcome ajax username.

Regards

yobokkie

As it seems to be something no one else has covered, I'll post what i've done here. It's not ideal as it has a database query in the view but by putting it in the view file I could at least keep it in the template override and so it won't get overwritten by updates in the future.
I overrode the user/edit.php view into my template html/com_virtuemart folder and on line 25 (inside the php tags) I added the following script declaration:

$document = JFactory::getDocument ();
$document->addScriptDeclaration ("
jQuery(document).ready(function($) {
jQuery('#username_field').blur(function(event){if (jQuery(this).val().length > 0){
var ajax = '".JURI::base( true ) ."/index.php?option=com_virtuemart&view=user&tmpl=component&un='+jQuery(this).val();
jQuery.get( ajax, function( data ) {
if (data == 'false'){
alert ('This username is already in use');
$( '#username_field').focus();
}

});
}});
});
");


I used jQuery because my template was already relying on this so it was there, but it could be converted to mootools as well no doubt.

Then In line 96 (before my changes, 116 after my changes) I add the following code just before the line :  echo $this->loadTemplate ( 'shopper' );

if (JRequest::getVar( 'un', '', 'get', 'cmd' )){
$username = JRequest::getVar( 'un', '', 'get', 'cmd' );
ob_clean();
flush();
$db =& JFactory::getDBO();
$query = 'SELECT id FROM #__users'
. ' WHERE username = '.$db->Quote( $username );
$db->setQuery( $query );
$result=$db->loadObject();
if ($result) {     
  echo 'false';
} else {
   echo 'true';
}
die();
}


So basically it uses the same page for the AJAX validation as well, which is not ideal but I liked that the code was all on one place so I can remember what changed in the future. If you wanted to do it properly, you could create a simple component that only has the function to check the username, and you could then point the AJAX to use that instead.
It notifies via an ALERT box, but you could also get fancier with a span next to the username that show writing instead. Anyhow this mostly solved my problem, so I thought I'd share in case it helps anyone else.

Milbo

if you would use now vRequest and the our js handler, we can implement it.

I do not really understand your second part. An ajax should be enough.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

I just rechecked.

In my case the only error is that it does you redirect to the cart, but all the entered data is there. The js to prevent the use of the name makes sense, but has also security disadvantages.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

lindapowers

#5
Quote from: Milbo on October 14, 2015, 12:00:55 PM
I just rechecked.

In my case the only error is that it does you redirect to the cart, but all the entered data is there. The js to prevent the use of the name makes sense, but has also security disadvantages.

Hi Max

I just tested in your demo website http://demo.virtuemart.net/account/edit

Please enter required data and write "demo" as username.

You will see how all fields get reset with message "Save failed with the following error: User name in use"


Regards

Milbo

yepp, but the data is in the cart already, so when you go back to store again, most data is already there.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

lindapowers

Quote from: Milbo on October 14, 2015, 19:18:00 PM
http://dev.virtuemart.net/attachments/download/974/com_virtuemart.3.0.11_extract_first.zip

Thanks, downloaded and tested but this concrete error remains, I noticed the demo is updated too so I tried there:

Used "demo" as username here: http://demo.virtuemart.net/account/edit

Filled all required data and click register:

"Save failed with the following error: User name in use" and all fields reset.


Regards

Milbo

it is not an error. It really makes sense to keep the common sense. A missing feature is NOT an error.

Sooo and checking a name is already taken IS a feature. Else you could say that joomla has the same error, but you are not writing in their forum. and I did not update the demo.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

lindapowers

#10
Quote from: Milbo on October 15, 2015, 08:49:07 AM
it is not an error. It really makes sense to keep the common sense. A missing feature is NOT an error.

Sooo and checking a name is already taken IS a feature. Else you could say that joomla has the same error, but you are not writing in their forum. and I did not update the demo.

The backend of the demo shows VirtueMart 3.0.11.

Ok lets change the term "error" for "missing feature".
No, Joomla does not have the same error missing feature cause the Joomla register does NOT reset all fields if username is taken. Again easily checked here too http://demo.virtuemart.net/component/users/?view=registration


If you find normal behaviour that entering an already taken username resets all fields of the register I surrender honestly.

Milbo

The userfields are not reset. I wrote already, you are just redirected to the cart, when you open the address you see your data. I only changed that when the store function returns an error, that you stay on the page. and there are maybe 50 versions of vm3.0.11. For RCs it is always important to check the svn version.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

yobokkie

Quote from: Milbo on October 14, 2015, 12:00:55 PM
I just rechecked.

In my case the only error is that it does you redirect to the cart, but all the entered data is there. The js to prevent the use of the name makes sense, but has also security disadvantages.

Thank you for taking time to look into this. As you can imagine it was very frustrating for clients who would select a name and enter the information only to have it seemingly disappear.

The second part of my code was just the php to actually check the username, I presumed there was some function to do this somewhere already, but I couldn't find anything about this in the Joomla codex. I presume this is a joomla problem as this username comes from the joomla side of the registration process. The AJAX request I used just referred to the registration page and then I added the PHP there in the template file (to avoid overwrites) to do a check on the database. So if the url contained a GET value for username, it would do the query, and then print out true or false and die. Do you have a URL that could be used in the AJAX in place of this? I'd obviously prefer not to have database queries on the template files.

For now I will stick to what I've done as this store doesn't allow access to the cart until the user is registered, so when it attempts to redirect it will be met with a request to log in, which they can't do until they have registered and an admin has activated their account.
The page that this is relating to is the VM registration page: (http://demo.virtuemart.net/account/edit on your demo)

With the security, are you referring to the fact that a bot could use this to discover usernames on the system? Or is there something else risky about this? What I'll do is add a check maybe to limit the number of taken username requests on the page to 5 per day. As with many things it's a trade off between what is secure and what is convenient I guess. Shopowner wants it a certain way and explaining why the way it was already is better just sounds like you don't know how to do it exactly as they want.

Thanks again for looking into it, and thanks for virtuemart. This is my first time using VM 3 and a lot of things are really improved, this shop was originally on 1.5 and a lot of the things that I added for them on that site many years ago are now part of the core.

Milbo

Quote from: yobokkie on October 15, 2015, 10:16:11 AM
With the security, are you referring to the fact that a bot could use this to discover usernames on the system? Or is there something else risky about this? What I'll do is add a check maybe to limit the number of taken username requests on the page to 5 per day.
Exactly, if we do it so fast and convenient by ajax, we need some check and it display an hint of free names. So if a user is not taking a free name with 5 times or so, we need to take some action.

Your stuff should work perfectly with my changes. Actually there is another mistery. The user data is directly stored in the cart, always. There is no break, no return, just filtering. So the data should be in the cart and when you open the edit address again, the fields should be prefilled. So I wonder if you are not using some 3rd party software.
I just changed the redirect. If something is broken, it will now keep the page and the data should remain.

Quote from: yobokkie on October 15, 2015, 10:16:11 AM
Thanks again for looking into it, and thanks for virtuemart. This is my first time using VM 3 and a lot of things are really improved, this shop was originally on 1.5 and a lot of the things that I added for them on that site many years ago are now part of the core.
Nice to hear that :-)
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

yobokkie

Thank you very much for this. I'll update the software on the site and hopefully it will be sufficient if the data is still there, that it doesn't matter if the username is taken. The main issue was not with the fact that it gave an error on a taken username, only that the entered data disappeared. An Ajax username check would be convenient, but only if it can be properly secured. That would be more of a joomla convenience than a virtuemart one though.
Thanks again.