View Issue Details

IDProjectCategoryView StatusLast Update
0002701OXID eShop (all versions)1.05. Userspublic2012-03-27 14:55
Reporterdavidh 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionwon't fix 
Product Version4.4.8 revision 34028 
Target VersionFixed in Version 
Summary0002701: Same voucher can be used several times if user comes to shop "without registration"
DescriptionIf you purchase without registration the oxid of the user changes with every time you go from order step 2 to 3. Actual this is a not a problem but combined with vouchers you can redeem vouchers multiple times altought the voucher option "Valid with same Series, different Order" is set to no.

Need to implement:
1. New option for vouchers (per serie) - that this coupon can be used only by Registered Users. If this option is marked - Coupon should not be calculated in the basket for not loged in users. When not loged in user tries to include this coupon - Note should be displayed for him in basket that "Please login/register to use this coupon".
2. Prepare help text for this option with description written above. Also include the note "if option "only Registed users" is not checked - then not registered users would be able to buy with this voucher".

Ask for proper texts and translations.
Steps To Reproduce1. Create a new voucher series with some vouchers (same voucher code) and set "Valid with same Series, different Order" to no. A user should only be able a voucher of this series one time.

2. Purchase something without registration and use the voucher.

3. Close your browser or delete the cookies to get a new session.

4. Purchase a new item and you can use the voucher code again due to a new oxid on your user database record. With the new oxid the shop can't check if the voucher was already used.
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0001441 closed User and history data are deleted if he orders two times without registering 

Activities

dainius.bigelis

2011-04-06 16:07

reporter   ~0004327

Last edited: 2011-04-06 16:09

View 2 revisions

Reminder sent to: davidh

hi,

The case about creating new user accounts was already discussed in the bugtrack (0001441) and the dev-general list long time ago. Basicaly - we implemented such behavior as a security fix.
So this case is a feature, not an issue.
For details please check the discussions here:
http://article.gmane.org/gmane.comp.php.oxid.general/299
http://article.gmane.org/gmane.comp.php.oxid.general/445/match=deletingunregistereduser
and comments in bug entry 0001441.

Best regards,

dainius.bigelis

2011-04-06 16:12

reporter   ~0004328

Case with handling vouchers should be investigated in more details.

mindaugas.rimgaila

2012-03-27 14:55

reporter   ~0006096

To avoid this situation you should generate voucher code list, and dedicate one unique voucher code for one user. For the moment it's not possible to prevent anonymous (or several registered users) from reusing the same voucher.