Change Email address > Re-verify email

  • Posts: 43
  • Thank you received: 2
10 years 8 months ago #147374

-- HikaShop version -- : 2.3.0
-- Joomla version -- : 3.2.2

In Hikashop, user can change they email address by editing their user profile , however, I found there is no security check for user email address by auto deactivating account and send email verification email. This is a security problem for us ~ user can change to any email address WITHOUT verification check.

Is there any way trigger this event when user changing their email? (maybe a wishlist for Hikashop) .. or anywhere I can disable user to change their own email address via hikashop? Any View configuration? Or I need to goto the respective .php file to remove those parts?

Please advise. thanks

Last edit: 10 years 8 months ago by drmad.

Please Log in or Create an account to join the conversation.

  • Posts: 26158
  • Thank you received: 4028
  • MODERATOR
10 years 8 months ago #147376

Hi,

You can use the trigger "onBeforeUserUpdate" to check the user email before his modification.
www.hikashop.com/support/support/documen...l#onBeforeUserUpdate

At this moment, you can accept the modification or reject it (setting the $do to false).
You can also edit the $element before the save, so you can restore the previous email of the user and let the rest of the process continue (but without allowing the modification of the email).

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 43
  • Thank you received: 2
10 years 8 months ago #147430

Hi Jerome,

Thanks. I think we will go for the easiest way - to avoid user to modify his/her own email address. Would you give me some guide for a quick modification to Hika's file? (like, ignoring user's modification)

Please Log in or Create an account to join the conversation.

  • Posts: 26158
  • Thank you received: 4028
  • MODERATOR
10 years 8 months ago #147517

Hi,

Well, modification of HikaShop core files is not recommended because you won't be able to update HikaShop without loosing your modification.
That's why I was talking about a little custom plugin.

In the plugin, with the trigger I gave you in my previous post. You can simply load the HikaShop user details and replace the user_email with the "old" user_email.
From that point, you will be able to improve the plugin ; make some tests on the "new" user_email, display a warning/error message, etc.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

Time to create page: 0.058 seconds
Powered by Kunena Forum