logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

2 Pages12>
Options
Go to last post Go to first unread
charles25686713  
#1 Posted : Thursday, June 22, 2023 11:36:35 AM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Hi, I was alerted to a curious anomaly today in AC9.

A user placed an order, and you can clearly see his email address is "email A" on his user record. "email A" is all you can see anywhere on his user record on the admin side.

His order email was sent to "email B", of which you can't find anywhere on his user record.

I looked in the DB, and found "email B" in the address record for his account. The email field on the address record isn't visible, editable, or otherwise accessible in any way that I could find on the back end admin screens, including on the address tab.

For now I'll fix the email address on the address record to match his user record, for this user only.

Thanks,
Charles

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

shaharyar  
#2 Posted : Monday, June 26, 2023 9:13:04 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
On placing an order, an Email is sent to the email address entered in the billing address while placing an order i-e BillToEmail field.

Quote:
The email field on the address record isn't visible, editable, or otherwise accessible in any way that I could find on the back end admin screens, including on the address tab.


To see this email address go to the View Order screen - Summary Tab - and click Edit Address button.
charles25686713  
#3 Posted : Monday, June 26, 2023 10:02:30 AM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Hi, thanks for the reply.

This doesn't change the fact that the address can't be viewed or edited anywhere on the user profile?
shaharyar  
#4 Posted : Monday, June 26, 2023 10:05:20 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Quote:
This doesn't change the fact that the address can't be viewed or edited anywhere on the user profile?


Yes, you are right. It can't be viewed or edited on the user profile.

Thanks for pointing this out!
Katie S  
#5 Posted : Tuesday, July 18, 2023 10:44:05 AM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 471

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
Regarding the email address. I just want to provide some clarification.

1) The billing address can have a different email address than the user record. It is also known as the order email address and can only be changed via the order.

2) The user record can have its own email address, and this is typically also the login username. This can only be changed from the user's profile. It can be different from the user's billing email address.

The behaviors are the same as in Gold.
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
charles25686713  
#6 Posted : Tuesday, July 18, 2023 11:00:23 AM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: Katie S Go to Quoted Post
Regarding the email address. I just want to provide some clarification.

1) The billing address can have a different email address than the user record. It is also known as the order email address and can only be changed via the order.

2) The user record can have its own email address, and this is typically also the login username. This can only be changed from the user's profile. It can be different from the user's billing email address.

The behaviors are the same as in Gold.


Hi, thanks for opining.

Please clarify where exactly in the UI, either at the user level or admin, that the email address is visible.

I do not see it on the user level profile or anywhere on the admin side.

Which is why I posted ... this field seems to exist, is used, but isn't visible or editable anywhere.
Katie S  
#7 Posted : Friday, July 21, 2023 10:06:47 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 471

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
There is an EDIT ADDRESS button just below the billing address displayed on the Order Summary page.

The user's email can be changed from the User's Account. This is the EDIT USER page, first tab "Account Profile" just under the username field.
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
charles25686713  
#8 Posted : Monday, July 24, 2023 3:44:16 PM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: Katie S Go to Quoted Post
There is an EDIT ADDRESS button just below the billing address displayed on the Order Summary page.

The user's email can be changed from the User's Account. This is the EDIT USER page, first tab "Account Profile" just under the username field.


Hi, this is still a bit non intuitive and not right?

The first point - edit address on the order - only changes it on the order record for that order. Which really isn't helpful, as the emails associated with the order have already gone out? Although I guess if the order was "in process" it could help. It does not affect the user's billing account record.

The second point - edit user - appears to edit the user's email on both the user record (ac_users) as well as the user's default billing record (ac_addresses). This is useful, however it'd be better still if the billing address tab showed the email address on the billing side, and provided a way to update it?

I'm unclear how/why the email on ac_addresses would get out of sync with the ac_users record, or why the software would allow it? The user can't view or update the email account on ac_addresses through the user profile. It DOES appear on checkout, which is the only place I see where the user could somehow change it to be different from the value on ac_users. At the point the admin can see the email on the billing is different from user's email, but can see no way to permanently change it? Furthermore, the user can only change it next time he purchases something?

Am I overlooking something here?

Charles

ray22901031  
#9 Posted : Monday, July 24, 2023 4:45:38 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Quote:
The first point - edit address on the order - only changes it on the order record for that order. Which really isn't helpful, as the emails associated with the order have already gone out? Although I guess if the order was "in process" it could help. It does not affect the user's billing account record.


This is the default functionality for accounting programs and many other programs that deal with orders. Think of what you are asking. You have 100 orders that went to a specific customer to one address, and all of a sudden, on a new order, he/she decides to change it to a different address, that change could trickle through the previous 99 orders if the customer's address and order address had a one-to-one link.

This is not good in the event of an audit, a chargeback, or any type of audit trail.

The procedure being implemented by AbelCommerce is the proper one. Taking QuickBooks as an example, after you enter a bill, the address gets copied to the account, if you change it at the bill level, it will then prompt you with a dialogue box that says would you like this change to be reflected at the vendor level, for this or future bills. This can be implemented, as long as previous invoices and previous orders maintain their original addresses that were correct for that time frame.

The procedure above could be implemented in AbleCommerce.

Since your e-mail was not specific as to the detailed functionality to be able to edit information on the order and have it reflect back to the customer database, I needed to bring up the quick book example.

But, you need to be meticulous when you edit a previous order that will now have an entirely different address to be able that the older orders maintain the proper information.
charles25686713  
#10 Posted : Monday, July 24, 2023 4:58:59 PM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: ray22901031 Go to Quoted Post
Quote:
The first point - edit address on the order - only changes it on the order record for that order. Which really isn't helpful, as the emails associated with the order have already gone out? Although I guess if the order was "in process" it could help. It does not affect the user's billing account record.


This is the default functionality for accounting programs and many other programs that deal with orders. Think of what you are asking. You have 100 orders that went to a specific customer to one address, and all of a sudden, on a new order, he/she decides to change it to a different address, that change could trickle through the previous 99 orders if the customer's address and order address had a one-to-one link.

This is not good in the event of an audit, a chargeback, or any type of audit trail.

The procedure being implemented by AbelCommerce is the proper one. Taking QuickBooks as an example, after you enter a bill, the address gets copied to the account, if you change it at the bill level, it will then prompt you with a dialogue box that says would you like this change to be reflected at the vendor level, for this or future bills. This can be implemented, as long as previous invoices and previous orders maintain their original addresses that were correct for that time frame.

The procedure above could be implemented in AbleCommerce.

Since your e-mail was not specific as to the detailed functionality to be able to edit information on the order and have it reflect back to the customer database, I needed to bring up the quick book example.

But, you need to be meticulous when you edit a previous order that will now have an entirely different address to be able that the older orders maintain the proper information.


Hi Ray, I agree with you. Please note I'm not asking for this "first point" functionality to be changed. I was just pointing it doesn't address the issue.

There should be a way to see and edit the billing email address on the user, both for admins and the user. Just like editing the street address!

Right now, the user can only change it when checking out, and the admin can only change it indirectly by changing the email address on the profile. Wouldn't it be rather ridiculous to only be able to change the street address this way??
ray22901031  
#11 Posted : Monday, July 24, 2023 5:11:33 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Hello Charles,

There is an underlying problem here that has to do with the security implementation in AbleCommerce. Only two files are responsible for this, one that deals with what the user sees and one that deals with what the user does, they are both interconnected.

The concern is you have people who know how to modify these files and may want to keep order takers separated from the user database. If you allow a user, even in my scenario from QuickBooks, you would then have to go beyond these two files and start to manipulate functions.

It would be difficult for an administrator to limit the ability of an order taker and the customer database from just these two files.

The security function, per user, is something that lacks in AbleCommerce, and it's pretty difficult to address, probably one of the reasons it hasn't been touched.

Yes, I understand what you're saying, to have the information you're looking for just a click away and, in many ways being able to modify that information, but it's where the problems come in.

I hope this helps.
-Ray
charles25686713  
#12 Posted : Monday, July 24, 2023 6:28:42 PM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: ray22901031 Go to Quoted Post
Hello Charles,

There is an underlying problem here that has to do with the security implementation in AbleCommerce. Only two files are responsible for this, one that deals with what the user sees and one that deals with what the user does, they are both interconnected.

The concern is you have people who know how to modify these files and may want to keep order takers separated from the user database. If you allow a user, even in my scenario from QuickBooks, you would then have to go beyond these two files and start to manipulate functions.

It would be difficult for an administrator to limit the ability of an order taker and the customer database from just these two files.

The security function, per user, is something that lacks in AbleCommerce, and it's pretty difficult to address, probably one of the reasons it hasn't been touched.

Yes, I understand what you're saying, to have the information you're looking for just a click away and, in many ways being able to modify that information, but it's where the problems come in.

I hope this helps.
-Ray


Hi, sorry, I don't agree.

Pretend it's a phone # we're talking about instead.

"How do I change the phone # on my account?"
"You have to put something in your basket and mostly checkout."
"What?"
"Trust me. You don't have to finish the purchase, just get past the billing part stage."
"Can you change it for me?"
"No, I can change everything else, but not that."
Katie S  
#13 Posted : Monday, July 24, 2023 6:48:06 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 471

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
Quote:
"How do I change the phone # on my account?"


You can change the phone and email for your account by logging in to the Members area and editing your profile.

/Members/MyAccountProfile page

Thanks for your support!

Katie
Secure eCommerce Software and Hosting
charles25686713  
#14 Posted : Monday, July 24, 2023 7:47:18 PM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: Katie S Go to Quoted Post
Quote:
"How do I change the phone # on my account?"


You can change the phone and email for your account by logging in to the Members area and editing your profile.

/Members/MyAccountProfile page



Hi, /Members/MyAccountProfile does not exist?

Do you mean MyCredentials?

Changing the email there does indeed change the email address on the address record.

However, my point still stands: there's no where you or an admin can see the email address on the address record, yet users are able to change it to get out of sync with the profile during checkout.

Phone # is not on MyCredentials. It's on the /EditMyAddress page. But the email address is not, and it should be!


P.S.

In my test environment I have a working 32 character password. /MyCredentials would not let me change anything indicating the password could only be a max of 30 characters. I had to use the admin page to change my password to a 30 character password before I could use /MyCredentials to update. Seems there's an invalid edit on /MyCredentials?
ray22901031  
#15 Posted : Tuesday, July 25, 2023 12:04:25 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Some of us, including myself, need to keep modules separated. This is why we modify these two files, so my order takers are restricted in the admin area.

I believe before 9.0.4, there was a minor glitch that led people in orders, to find their way into the customer module to make changes, but that was rectified in the newer version once I brought it up to their attention.

It appears that the separation of modules it's what's interfering with what you're trying to do, but from an owner, an accountant, and a person who has gone through multiple audits, I must restrict access to certain areas.

If I decide to restrict access to the customer module, I cannot have someone using the order module able to manipulate information on the customer module. I understand what you're trying to say about being able to view the information in the order module and try to make changes.

AbleCommerce is in a difficult situation trying to supply a product that's an all-in-one fit for all people. And yes, the ability to have better security and enable to apply user rights on a granule level would go a long way. You can look at numerous other shopping carts and the developer can add to it.

Assuming we're still talking about the admin section, it would be a disaster to have one-to-one links from orders to customers directly, one change can mess up multiple orders. The standard practice, it's the more common one that lets you take the customer information from the user profile and copy it over to the order information. But at that point, it's order information for that particular order.

Unless I'm missing something, and I probably am, entangling the two in relational links creates a lot more problems.

I have just gone through the back end, and I can modify every piece of information at the order level. I think many of us are being confused here; a step-by-step snapshot with pictures I believe we'll go a long way.


charles25686713  
#16 Posted : Tuesday, July 25, 2023 10:04:58 AM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: ray22901031 Go to Quoted Post
Some of us, including myself, need to keep modules separated. This is why we modify these two files, so my order takers are restricted in the admin area.

I believe before 9.0.4, there was a minor glitch that led people in orders, to find their way into the customer module to make changes, but that was rectified in the newer version once I brought it up to their attention.

It appears that the separation of modules it's what's interfering with what you're trying to do, but from an owner, an accountant, and a person who has gone through multiple audits, I must restrict access to certain areas.

If I decide to restrict access to the customer module, I cannot have someone using the order module able to manipulate information on the customer module. I understand what you're trying to say about being able to view the information in the order module and try to make changes.

AbleCommerce is in a difficult situation trying to supply a product that's an all-in-one fit for all people. And yes, the ability to have better security and enable to apply user rights on a granule level would go a long way. You can look at numerous other shopping carts and the developer can add to it.

Assuming we're still talking about the admin section, it would be a disaster to have one-to-one links from orders to customers directly, one change can mess up multiple orders. The standard practice, it's the more common one that lets you take the customer information from the user profile and copy it over to the order information. But at that point, it's order information for that particular order.

Unless I'm missing something, and I probably am, entangling the two in relational links creates a lot more problems.

I have just gone through the back end, and I can modify every piece of information at the order level. I think many of us are being confused here; a step-by-step snapshot with pictures I believe we'll go a long way.


Hi, I understand all that.

However I don't see how it relates to not being able to SEE or CHANGE the "billing address" email for a user (without changing it somewhere else and indirectly changing it on the billing address)? To me and my staff, it's as ludicrous as not being able to SEE or CHANGE the phone number for a user.

charles25686713  
#17 Posted : Tuesday, July 25, 2023 10:36:27 AM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
I apologize if I'm not being clear.

I am trying to state that if ANY field on a billing address record is visible and editable, ALL fields on the billing address record should be visible and editable.

For both admins and users!
ray22901031  
#18 Posted : Tuesday, July 25, 2023 11:39:40 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
As I specified at the end of my e-mail, all fields on the billing address on the admin side are visible and can easily be modified. We have yet to upgrade to version 9.0.8, so we are still on version 9.0.7.

I hope this helps.
-Ray
charles25686713  
#19 Posted : Tuesday, July 25, 2023 12:26:46 PM(UTC)
charles25686713

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 7/1/2022(UTC)
Posts: 71

Thanks: 5 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: ray22901031 Go to Quoted Post
As I specified at the end of my e-mail, all fields on the billing address on the admin side are visible and can easily be modified. We have yet to upgrade to version 9.0.8, so we are still on version 9.0.7.

I hope this helps.
-Ray


Hi Ray, unless this changed from 9.0.7 to 9.0.8, this simply is not true.

The email field on the address record is not visible to the user or the admin.

I'm sure you know this, but to be 100% clear:

There are two tables with the email address:

1 - ac_users. This the field on the user profile, accessible and changeable by the user on /Members/MyCredentials (the left Profile menu option). This field is also visible and changeable by the admin on /Admin/User/EditUser/usernumber on the Account tab. Confusingly, updating this value on either of these screens ALSO updates the email address on the default billing address.

2 - ac_addresses. This field is NOT on the Address Book from the user's side in /Members/EditMyAddress?addressId=number. Nor is it on the admin side for Billing address on /Admin/User/EditUser/number on the Addresses tab.

There's only one place that I know of that the ac_addresses email field is displayed and changeable: during checkout, the billing info is shown and editable, and the email address appears here, and can be changed. You don't have to actually complete the order; just change the email during checkout, and the field on ac_addresses is updated and is now different from the email field on ac_users.

At this point no one can see the email on billing is different from email on profile, except the user during checkout OR on the billing address field on placed orders. Which, at I mentioned before, is already too late.

We discovered this because we had two users that had done this, and were asking why they weren't getting emails. We looked, and the user profile email address was quite correct. We eventually found the email is different on the order billing address, even though we can't see or edit that address anywhere!

And who would guess that updating the profile record (leaving the email address untouched) would then "fix" the email address on the billing record in ac_addresses!





ray22901031  
#20 Posted : Tuesday, July 25, 2023 2:21:33 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
A snapshot, please, to ensure we're both talking about the same thing would go a long way.

Thanks
Users browsing this topic
Guest
2 Pages12>
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.