View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006028||OXID eShop (all versions)||1.03. Basket, checkout process||public||2015-01-22 11:02||2017-06-26 23:26|
|Product Version||4.9.2 / 5.2.2|
|Target Version||Fixed in Version|
|Summary||0006028: Can't change email-address if there is a guest user with the same email-address|
|Description||Related to 0006026.|
Lets say there is a registered user "[email protected]" and a not registered guest user "[email protected]" in the oxuser-database-table.
And if the registered user wants to change his email-address to "[email protected]", the shop won't give an error nor save the new email-address.
The reason is, that the table-col "oxuser.oxusername" is unique. So there can't be two entries with the same email-address/oxusername.
See "Additional Information" for possible solution.
|Steps To Reproduce||1. Open new account with email [email protected] – it is a registered user;|
2. Purchase product without registration and use email [email protected] for guest user;
3. In the DB are added entries for both users;
4. Login to shop with registered user [email protected];
5. Go to Account /Billing_and_shipping settings-> Click on the button "CHANGE";
6. In the email field try to change email address from [email protected] to [email protected] and then submit your changes;
7. In the billing address form is saved new address, but in the DB user field in the table "oxuser" is not updated.
|Additional Information||Possible solution:|
Delete guest user first before saving the registered user's data with the same email-address.
oxuser->checkIfEmailExists() - line 1758:
// password is not set - allow to override
$blExists = false;
// Add this line:
$oDb->execute('delete from oxuser where oxpassword = "" AND oxusername = ' . $oDb->quote($sEmail));
|Tags||No tags attached.|
|PHP Version||Not defined|
|Database Version||Not defined|
related to 0001441 0003091 0002701 0005741
it all boils down to the same conceptual question of keeping the data or not.
||maybe also related to 0004924|
@FibreFox: It is not related with bug 0004924 because test case is very different.
0004924 the problem is that user cant change mail address in step 2 of the checkout process.
In this issue the case is that user can change email address in the form "Account /Billing_and_shipping settings", but email address is not updated in DB
||But it goes down to the same data-model :) using mail-address as primary-key is the point, which makes this bug existing, enabling "from-inside-attacks" and openes the door for user-enumeration.|
||Hi, I would say that's 2 different issues. In 0004924 is a usability issue and in this one I see saving to DB issue.|
I got the same problem, too.
Does any hotfix exist to this ticket?