Announcement

Collapse
No announcement yet.

v14.0.3 Login can be bypassed by clicking product links

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    v14.0.3 Login can be bypassed by clicking product links

    Hi all,

    I'm sure there must be a similar thread regarding this issue, but cannot find it. I apologise in advance if I have duplicated.

    We are a 'trade only' business in the wholesale sector and only allow customers with login accounts to view our products. The problem we have is that all of the product links within our store takes you directly to that particular product page - without having to log in - thus making the login process a tad useless! We have already received a number of complaints from our trade customers, understandably, as this opens our site to their curious retail customers - providing the trade prices.

    Does anyone know of any work-around to this problem? It seems to be a bug that has filtered through from an earlier version of Actinic, as I recall the same problem existing in versions 9 and 11.

    Many thanks.

    #2
    I have not used accounts since the early days but thought that account holders could see their own seperate prices

    Regarding the main site could you not just hide all the prices so unless logged in the main site just shows the products without price
    Chris Ashdown

    Comment


      #3
      Hi Chris,

      Many thanks for your post.

      Hiding the prices of the simple products would work fine, but this does not work for products with component prices (according to the help manual) and most of our products have components.

      Comment


        #4
        Maybe disable the "Best Sellers" and "New Jewelry" features so that the products don't show ? - clicking on the sections in your mega menu brings up the login request, so they are hidden there.
        www.devotedly-discus.co.uk

        Comment


          #5
          The Best Sellers and New Products links contain links like:
          Code:
          <a href="<actinic:variable name="SearchCGIURL" />?PRODREF=<actinic:variable name="ProductID" />&amp;NOLOGIN=1<actinic:block if="%3cactinic%3avariable%20name%3d%22IsHostMode%22%20%2f%3e" >&amp;SHOP=<actinic:variable name="ShopID" /></actinic:block>"><actinic:variable encoding="actinic" name="ProductName" /></a>
          And the bit &amp;NOLOGIN=1 bypasses the mandatory login. It's hard-coded by SellerDeck so is causing your problem. Try removing that bit of code from the layouts involved (note that there will be more than one ocurrence per layout).

          I see that other layouts put this in a BlockIf so it only appears if IsLoginPageSuppressed is set:
          Code:
          <actinic:block if="%3cactinic%3avariable%20name%3d%22IsLoginPageSuppressed%22%20%2f%3e">&amp;NOLOGIN=1</actinic:block>
          Norman - www.drillpine.biz
          Edinburgh, U K / Bitez, Turkey

          Comment


            #6
            Hi Norman,

            Many thanks for your reply.

            I recently received an email, from Sellerdeck's technical department, which has now fixed the problem. The fix is just what you have outlined and I had overlooked the NOLOGIN bypass. Whoops! Thanks again.

            Comment

            Working...
            X