Issues on vendor profile setup page

We're shifting our Forum based support to a more dedicated support system!

We'll be closing our Forum support from 10th June, 2020 and move to Email Support assistance.

  • If you are a WCFM premium add-ons user, contact us- here
  • Want to know more before buying our add-ons? Send Pre sale queries- here
  • If you are a WCFM free user, please open a support ticket at WordPress.org
  • For WCFM App related queries, reach us- here
From now the forum will be read-only!

Multi Vendor Marketplace Plugin | WCFM Marketplace Forums WCFM Issues on vendor profile setup page

Viewing 6 reply threads
  • Author
    Posts
    • April 26, 2019 at 4:53 pm #59577
      me
      Participant

      Hi,

      I have two things to report on the dashboard/profile page where vendors can set their name, email, password, etc.

      1.
      Huge security issue – Changing the password for vendors is implemented in a very sloppy and dangerous way: It doesn’t ask for old password, and it doesn’t ask for repeating the new password either. All you have to do is enter something once and boom – that’s your new password. At the very least it should be implemented like on the woocommerce /my-account/edit-account page, with three separate fields: 1.current password, 2.new password, 3.confirm new password. But ideally password change should also be a completely separate tab inside profile settings.

      2.
      The email verification field and “get code” button is always visible, even if I disable email verification in the admin settings.
      I would actually prefer to use email verification, but the way it is implemented is too unconventional and disrupts the registration process too much. I can’t expect people to keep staring at the reg form, waiting for an email with a code. I’d rather deal with spam accounts than lost customers, so I had to turn it off. But then the field should also disappear from profile settings. Also, do you have any plans to implement a regular old click-the-link-in-the-email method verification? It would be so much better.

      Thanks a lot!

    • April 27, 2019 at 10:14 am #59651
      WCFM Forum
      Keymaster

      Hi,

      Huge security issue – Changing the password for vendors is implemented in a very sloppy and dangerous way: It doesn’t ask for old password, and it doesn’t ask for repeating the new password either. All you have to do is enter something once and boom – that’s your new password. At the very least it should be implemented like on the woocommerce /my-account/edit-account page, with three separate fields: 1.current password, 2.new password, 3.confirm new password. But ideally password change should also be a completely separate tab inside profile settings.

      – Well, you may restrict password change from WCFM profile and only allow from WC MY Account.

      WCFM Dashboard is a restricted only for logged in users, then why should we ask again old password here?

      Hope you have already chnge password from wp-admin -> Users -> do you have ever have to insert re-password?

      Thank You

    • April 27, 2019 at 10:45 am #59655
      me
      Participant

      Look, I’m super grateful for these plugins and I understand you are very busy with all the other tasks.
      But I don’t understand why you are pushing back on such obvious issues. I’m trying to help you improve your product.

      why should we ask again old password here?

      This is industry standard design, I didn’t just invent it from thin air. Are you asking why is it the standard?
      Well, for example because otherwise anyone could change other people’s passwords on unattended laptops any time.
      But I repeat, this is a well established industry standard, people expect it, there is no reason to debate standards.

      from wp-admin -> Users -> do you have ever have to insert re-password?

      That is a back-end page, operated by the admin.
      I’m talking about the vendor settings page, operated by the users.
      I don’t even understand that comparison, it’s apples to oranges at best.

      Also, clicking a link in an email for verification is also an industry standard, that’s why I asked the other question about that.
      I think you should notify someone about these who understands the problem in a more holistic way.

      This is not for me, I could solve this on my end faster than typing this.
      I’ve already hidden a lot of broken features with gettext translation filters, css, and javascript.

      But I thought it’s your best interest to fix these for all your other customers as well. So I took the time to report it.
      If you are not interested, that’s fine for me as well. Although a bit surprising.

    • April 27, 2019 at 4:38 pm #59695
      WCFM Forum
      Keymaster

      Hi,

      You may add this to child theme’s functions.php to disable password update option from WCFM Profile –

      add_filter( 'wcfm_is_allow_update_password', '__return_false' );

      Thank You

    • May 3, 2019 at 8:24 pm #60545
      marcy
      Participant

      I am having the same problem – I can NOT get email verification turned off. It’s off in modules, but still shows for my vendors….

    • May 3, 2019 at 8:30 pm #60546
      marcy
      Participant

      It’s off, but this verification “get code” crap is still here — AND it won’t let me change the email address (which is correct elsewhere).

      Attachments:
      You must be logged in to view attached files.
    • May 5, 2019 at 3:30 pm #60706
      WCFM Forum
      Keymaster

      HI,

      Well, account email address not allowed to change.

      “Email Verification” setting only for Vendor Registration form.

      By default it’s always enable for vendor’s profile.

      If you really want to disable this then add this line to your child theme’s functions.php –

      add_filter( 'wcfm_is_allow_email_verification', '__return_false' );

      Thank You

      • August 19, 2019 at 7:01 pm #77363
        nict
        Participant

        Ah Thanks for the verification filter snippet. Needed it as well and it did the trick. It’s just a pity some of your customers are so damn rude to you. Thanks for all your hard work and support and making your plugins so great.

  • Author
    Posts
Viewing 6 reply threads
  • The topic ‘Issues on vendor profile setup page’ is closed to new replies.