Author Topic: User is automatically logged in after registration without clicking activation  (Read 4002 times)

JestaBlunt

  • Beginner
  • *
  • Posts: 35
  • Skype Name: donjestablunt
hi,

when a user registers at checkout, he is logged in automatically without even has to click the activation link. what can cause this behaviour?

VM: 3.0.10
Joomla: 3.4.5

JestaBlunt

  • Beginner
  • *
  • Posts: 35
  • Skype Name: donjestablunt
also, the activation link then is not usable...but the account is not activated

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 10120
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 3.6.8
there is absolutely no case to use activation!  unless you want to loose customers

Think about it.. what is it?

If I'm a spammer I activate..  if my email address is wrong I never get the email.. so the point is?
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10094
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
In j2.5 there is a function "activate" in /components/com_users/controller/registration.php

just remove

Code: [Select]
if ($user->get('id')) {
$this->setRedirect('index.php');
return true;
}
and it should work
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

innato

  • Jr. Member
  • **
  • Posts: 52
  • Newby to this forum
  • VirtueMart Version: VM 3 on Joomla! 3
there is absolutely no case to use activation!  unless you want to loose customers

Think about it.. what is it?

If I'm a spammer I activate..  if my email address is wrong I never get the email.. so the point is?

Using VM3.0.18 on J3.6.2 with PHP 5.6.26.
I agree that activation of a VM-originating account is not what you want (you'll indeed lose customers).
BUT fact is also that...
1. Customer is receiving an activation email and when he/she tries to activate the account, Joomla! throws an error: "Registration failed: Verification code not found."
2. As a consequence, the account will never be activated. Upon return to the webshop, this customer cannot log in, because the account has not been activated and he/she sees the Joomla! message "Login denied! Your account has either been blocked or you have not activated it yet."
3. Another consequence of not being able to activate the account, is that I am using an account management plug-in that deletes accounts that have not been activated within X days (an anti-spam measure). Therefore the account will get removed automatically and customer will not be able to use it upon return to my webshop. But he/she wasn't able to use it anyway (see 2).

This is poor integration by VM with Joomla! core.
Maybe registration through VM should automatically activate the account and of course not send an activation email?
Regards
Rob

VM3.2.6 (enhanced) on J3.8.8 and PHP 7.1 or 7.2

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10094
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
That would just mean to ignore the config set in joomla. The right method is just to use the proper option. It is an old topic, cant find it atm, but someone wrote a nice hack, removed just one line in joomla and it works.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

innato

  • Jr. Member
  • **
  • Posts: 52
  • Newby to this forum
  • VirtueMart Version: VM 3 on Joomla! 3
...someone wrote a nice hack, removed just one line in joomla and it works.
Thanks Max. Needless to say that I don't want to hack the Joomla! core for reasons well known to all of us.
Do you think that it will be complicated to let VM properly register the user, i.e. "the Joomla! way", but then with skipping the activation?
Regards
Rob

VM3.2.6 (enhanced) on J3.8.8 and PHP 7.1 or 7.2

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 10120
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 3.6.8
Confused by this whole post

Why use activation?

If u don't then the user is fully and correctly registered and passed to the cart
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10094
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Thanks Max. Needless to say that I don't want to hack the Joomla! core for reasons well known to all of us.
No, it is just a but and they refuse to fix it, that is the problem.

Do you think that it will be complicated to let VM properly register the user, i.e. "the Joomla! way", but then with skipping the activation?
The problem is that we USE the joomla way. All of this is solved when we do WP version and do our own user registration.

Here is the main thread about this topic https://forum.virtuemart.net/index.php?topic=99755.0

and here is the solution for joomla http://forum.virtuemart.de/allgemeine-fragen-157/registrierungslink-funktioniert-ueber-registrieren-kasse-begeben-2673/

The problem is that joomla uses this
Code: [Select]
SELECT 'id' FROM 'MEINDBPREFIX_users' WHERE 'activation' = ' xxxx ' AND
'block' = 1 AND 'lastvisitDate' = '0000-00-00 00:00:00'

and this 'lastvisitDate' = '0000-00-00 00:00:00 destroys the activation. I did not understand yet, why they have it. From my point of view, it is just wrong, thats it. But as you can see, they do not change it since years
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

innato

  • Jr. Member
  • **
  • Posts: 52
  • Newby to this forum
  • VirtueMart Version: VM 3 on Joomla! 3
Confused by this whole post
Why use activation?
If u don't then the user is fully and correctly registered and passed to the cart
I appologise GJC. Why would you register an account with VM? To view your orders/invoices at a later stage or to skip entering your data with a next order, I suppose. The point is that if you register in the VM checkout process, you can indeed complete the current order, but as soon as you log out, you can't log into your account again because Joomla! denies access (Account not activated and not enabled. Using the activation link does not work).
Regards
Rob

VM3.2.6 (enhanced) on J3.8.8 and PHP 7.1 or 7.2

innato

  • Jr. Member
  • **
  • Posts: 52
  • Newby to this forum
  • VirtueMart Version: VM 3 on Joomla! 3
The problem is that we USE the joomla way. All of this is solved when we do WP version and do our own user registration.
Here is the main thread about this topic https://forum.virtuemart.net/index.php?topic=99755.0
and here is the solution for joomla http://forum.virtuemart.de/allgemeine-fragen-157/registrierungslink-funktioniert-ueber-registrieren-kasse-begeben-2673/
Thnks again Max, this is useful info. I will study it. Should I find something helpful, I will report back.
One final stupid question... what is WP? WordPress?
Regards
Rob

VM3.2.6 (enhanced) on J3.8.8 and PHP 7.1 or 7.2

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 10120
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 3.6.8
Quote
I appologise GJC. Why would you register an account with VM? To view your orders/invoices at a later stage or to skip entering your data with a next order, I suppose. The point is that if you register in the VM checkout process, you can indeed complete the current order, but as soon as you log out, you can't log into your account again because Joomla! denies access (Account not activated and not enabled. Using the activation link does not work).

The majority of the shops I build and run ask for registration..
And they all are successfully registered and can log in and out when they want

that's not the point .. the point is why ask for activation?.. This would IMHO loose u 50% of the clients right there...

switch it off.. it achieves nothing
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

innato

  • Jr. Member
  • **
  • Posts: 52
  • Newby to this forum
  • VirtueMart Version: VM 3 on Joomla! 3
The problem is that joomla uses this
Code: [Select]
SELECT 'id' FROM 'MEINDBPREFIX_users' WHERE 'activation' = ' xxxx ' AND
'block' = 1 AND 'lastvisitDate' = '0000-00-00 00:00:00'

and this 'lastvisitDate' = '0000-00-00 00:00:00 destroys the activation. I did not understand yet, why they have it. From my point of view, it is just wrong, thats it. But as you can see, they do not change it since years

Hi Max. The zero lastvisitDate makes perfect sense from a Joomla perspective. If a user has registered but not yet activated his account, he has not yet been able to visit the website as a registered user, hence the zero lastvisitDate.
VM on the other hand, logs you in immediately after registration (which I agree is the right thing to do) and then lets Joomla ask for activation (and this is illogical, unnecessary and undesirable). If you log out after having been logged in by VM, the Joomla lastvisitDate is set from zero to the actual date, which is standard Joomla procedure. And this is the reason why the emailed activation link is not working, because Joomla activation requires the lastvisitDate to be zero (security measure).

I disagree that it is a Joomla issue. The website is a 'Joomla house' and VM needs to play it by the Joomla rules, not vice versa. That - of course - is my opinion, and you are free to disagree with that.
Again, it is illogical and contradictory by VM to immediately log in a user and next let Joomla ask for activation.

GJC suggested to completely disable the activation in the Joomla config. This fixes the issue, but in my case leads to many bogus registrations through the Joomla interface by non-existing email addresses, even if a captcha is used. Also you are then fixing a VM problem by adapting Joomla.

I have solved it as follows, based on VM3.0.18:
File \administrator\components\com_virtuemart\models\user.php

Starting line 386 reads the following 3 lines
Code: [Select]
if ($useractivation == '1' or $useractivation == '2') {
   $doUserActivation=true;
}

I have commented out the second line so that the code now reads
Code: [Select]
if ($useractivation == '1' or $useractivation == '2') {
//   $doUserActivation=true;
}

The doUserActivation flag now always remains false and activation is skipped for registrations through VM. An email containing the log-in details is still sent to user.

I admit that it would be better practice to cut out all code that runs when the flag is true, but I leave that up to you to decide. For me this does the trick.
Finally, please don't send me to prison for changing the VM code... ;)
Regards
Rob

VM3.2.6 (enhanced) on J3.8.8 and PHP 7.1 or 7.2

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10094
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
lol, the ironie is so funny.

The problem is that joomla uses this
Code: [Select]
SELECT 'id' FROM 'MEINDBPREFIX_users' WHERE 'activation' = ' xxxx ' AND
'block' = 1 AND 'lastvisitDate' = '0000-00-00 00:00:00'

and this 'lastvisitDate' = '0000-00-00 00:00:00 destroys the activation. I did not understand yet, why they have it. From my point of view, it is just wrong, thats it. But as you can see, they do not change it since years

Hi Max. The zero lastvisitDate makes perfect sense from a Joomla perspective. If a user has registered but not yet activated his account, he has not yet been able to visit the website as a registered user, hence the zero lastvisitDate.
and why makes this sense? "'activation' = ' xxxx ' AND 'block' = 1 " is completly enough. Ask the other way. Why it makes sense to block the activation, if a user was already logged in? I dont see any sense there.

VM on the other hand, logs you in immediately after registration (which I agree is the right thing to do) and then lets Joomla ask for activation (and this is illogical, unnecessary and undesirable). If you log out after having been logged in by VM, the Joomla lastvisitDate is set from zero to the actual date, which is standard Joomla procedure. And this is the reason why the emailed activation link is not working, because Joomla activation requires the lastvisitDate to be zero (security measure).
Yes, we know that. It is not illogical to let joomla ask for registration.

I disagree that it is a Joomla issue. The website is a 'Joomla house' and VM needs to play it by the Joomla rules, not vice versa. That - of course - is my opinion, and you are free to disagree with that.
Yeh and you ignore the rules by writing an hack, which ignores the joomla setting.

Again, it is illogical and contradictory by VM to immediately log in a user and next let Joomla ask for activation.
The other way is to block the checkout or let the user checkout as guest, both makes it even worse. Another idea is to store the userid and the user checks out as guest, but the userid is known and stored with the order. But this can again create problems with discount rules or other things, which check if you are logged in or not.

It is similar to the handbreak in the car. There exists the idea to automatically release the break, when you use the gas pedal. But in my country, most cars do not automatically release the handbreak. It is considered as wrong handling.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 4437
  • Joomla & Virtuemart developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3
I think that all 2 are wrong.
If Virtuemart add a Joomla user account and this need confirmation mail, it should not login the user in Joomla.
The checkout and account creation are 2 thinks and if someone want to block guest then auto creating account simply permit a guest to do an order without validating the email address.
So the right solution is to create the user entry in the DB, send the confirrmation mail and not more in this case.
If you want follow the full right rules, if confirmation mail is needed and user creation, then no user should have the possibility to do a cart, before account mail confirmation .