Search box by-passes Account login access?

jaddey · **Joined:** Tue Mar 17, 2009 12:37 pm **Posts:** 4

If a customer does a search for a product that is not viewable in the Guest Preview area then they can by-pass the Account login and access information that is normally seen after a login. Surely this is a security issue. Is there any way around it? It is possible to show the search only on selected pages? Any advice would be grateful. Thanks in advance. Jaddey

PS: This was a problem with 6.2 B2B and appears to still be a problem in 6.3!
(The site is for a wholesale business).

CRE Loaded Expert · **Posted:** Wed Mar 18, 2009 8:29 pm

I don't think it is a creloaded issue but your template..

have you tried this in a default template?
the logic is there to only search products that are in the retail/guest unless logged in

jaddey · **Joined:** Tue Mar 17, 2009 12:37 pm **Posts:** 4

Thank you for your reply. As far as I know it is a customised template based on the original B2B. The search goes to all the products on the web site but omits the prices. Shown as a zero. The description and images can be seen, plus any extra items from the related products which can then lead to other exclusive items. However, the user cannot navigate to other areas from the menu bar as previously with 6.2 - this is now restricted with 6.3.

I may have to design separate pages just for the Guest preview away from the catalogue altogether to remove this. But I was wondering if it was possible to remove the search just for the preview within the CRELoaded software.

I am testing the search facility as I am updating the site - the search has to cater for logical items the user may expect to find, but then there is always the possibility of a search for something they may wish to find that is not available in the preview - and it is human nature to run a search for that desired item irrespective. I am testing it for all possibilities.

CRE Loaded Expert · **Posted:** Wed Mar 18, 2009 9:59 pm

the logic is already in a default template to show only products assigned to retail/guest/group user account

if your template is not doing that, then you need to work out those issues with the template

switch to one of the default b2b template to see if the issue remains.. if not, then you know its within the templates pages/files

jaddey · **Joined:** Tue Mar 17, 2009 12:37 pm **Posts:** 4

Thanks, Jason, for your feedback. I will try to work around it with the template files.

CRE Loaded Expert · **Posted:** Wed Mar 18, 2009 11:15 pm

if it is on the search pages only

replace your templates/your template name/content/advanced***.tpl.php with the default files located in

templates/content/

jaddey · **Joined:** Tue Mar 17, 2009 12:37 pm **Posts:** 4

Thanks again, for pointing me to the directory. I am grateful. I will let you if it works, cheers.

Jaddey

supportjason · **Joined:** Thu Jul 09, 2009 8:02 pm **Posts:** 11

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

cheapo · **Posted:** Tue Jul 14, 2009 9:16 pm

supportjason wrote:

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

Ummmm.... What the heck are you talking about? Free trail for what? Are you going to provide an answer to this problem or not? If yes, just post the thing.

CRE Loaded Expert · **Posted:** Tue Jul 14, 2009 10:18 pm

he is a spammer trying to promote their new site.. with 100% unrelated links

Loaded Commerce Community

Search box by-passes Account login access?

Who is online

Main Menu

Login

Forums Latest Activity

Top Listing