Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

SOLVED
Go to solution
‎06-01-2017 10:04 AM
‎06-01-2017 10:04 AM

SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

This issue is only presented when we ENABLE form key authentication.
Version used: 1.7.0.2, but looks like someone has posted that same issue occurs on 1.9.3 version too.

When Go to checkout, we are presented with 2 options: CHECKOUT AS A GUEST OR REGISTER Once click "Register", and fill-out the form along with password, you proceed through all steps and complete the order. Order gets placed, BUT customer never gets registered in Magento. It looks like Guest order form the back-end.

When I went back and Disabled form key authentication, and tried placing order while registering as a customer, it got placed without any problems and the customer got registered in the back-end.

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
‎06-01-2017 02:55 PM
‎06-01-2017 02:55 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

I am using Generic Magento checkout, no custom checkouts. I can fully go through checkout, if it were Form Key issue I am sure I would have problems. This is a problem in the logic of a code. Therefore it is a bug and it has been addressed already, you need to comment out three lines in the OnepageController.php. See below:

 public function saveMethodAction()
{
    if ($this->_expireAjax()) {
        return;
    }

    /*if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
        return;
    }*/


Original source:
https://magento.stackexchange.com/questions/177035/supee-9767-patch-ce-1-9-3-3-one-page-checkout-cus...

View solution in original post

Reply
9 REPLIES 9
‎06-01-2017 02:50 PM
‎06-01-2017 02:50 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

@onlinestore23You need to check forms in all the custom template files and put in the form key. If you are using the custom code for the form than you need to add the code in controller as well to check the valid form key.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
0 Kudos
Reply
‎06-01-2017 02:55 PM
‎06-01-2017 02:55 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

I am using Generic Magento checkout, no custom checkouts. I can fully go through checkout, if it were Form Key issue I am sure I would have problems. This is a problem in the logic of a code. Therefore it is a bug and it has been addressed already, you need to comment out three lines in the OnepageController.php. See below:

 public function saveMethodAction()
{
    if ($this->_expireAjax()) {
        return;
    }

    /*if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
        return;
    }*/


Original source:
https://magento.stackexchange.com/questions/177035/supee-9767-patch-ce-1-9-3-3-one-page-checkout-cus...

Reply
‎06-01-2017 03:03 PM
‎06-01-2017 03:03 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

Good to know that.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
0 Kudos
Reply
‎06-07-2017 02:12 AM
‎06-07-2017 02:12 AM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

This is unfortunately not a solution, but a risky workaround that removes the patch security effect itself...

 

I'm stuck with the same problem on custom checkout process with "autoregister".

Reply
‎06-07-2017 05:46 PM
‎06-07-2017 05:46 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

No, it isn't the correct answer.

The correct one or at least the better answer would be the one posted by Raphael at Digital Pianism. He added a form key variable to the guest & register checkout function. And this can be a good working temporary fix until we get an official patch from Magento.

 

Quoting his answer:

 

Ok here's the real bug fix I came up with.

Edit /skin/frontend/base/default/js/opcheckout.js and edit the setMethod() method by replacing:

setMethod: function(){
    if ($('login:guest') && $('login:guest').checked) {
        this.method = 'guest';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest'}}
        );
        Element.hide('register-customer-password');
        this.gotoSection('billing', true);
    }
    else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) {
        this.method = 'register';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register'}}
        );
        Element.show('register-customer-password');
        this.gotoSection('billing', true);
    }
    else{        alert(Translator.translate('Please choose to register or to checkout as a guest').stripTags());
        return false;
    }    document.body.fire('login:setMethod', {method : this.method});
},

With:

setMethod: function(){
    var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;
    if ($('login:guest') && $('login:guest').checked) {
        this.method = 'guest';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}
        );
        Element.hide('register-customer-password');
        this.gotoSection('billing', true);
    }
    else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) {
        this.method = 'register';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}
        );
        Element.show('register-customer-password');
        this.gotoSection('billing', true);
    }
    else{        alert(Translator.translate('Please choose to register or to checkout as a guest').stripTags());
        return false;
    }    document.body.fire('login:setMethod', {method : this.method});
},

That'll do it while we're waiting for the v2 of the patch

shareimprove this answer
Reply
‎06-08-2017 01:49 AM
‎06-08-2017 01:49 AM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

Hi, I already modified /skin/frontend/base/default/js/opcheckout.js according the exemple but it doesn't helped.

0 Kudos
Reply
‎06-20-2017 01:48 PM
‎06-20-2017 01:48 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

Raphael's fix doesn't work for me.  I think may be because there's no 'checkout-step-login' element in any of my templates.

 

var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;

 Where is that supposed to be?

Reply
‎06-27-2017 04:51 AM
‎06-27-2017 04:51 AM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

I´ve the same problem. No element found in JS, but in source code, i can see this input field. So i´ve disabled the "formkey validation"-setting in backend until a new patch will be released.

0 Kudos
Reply
‎06-27-2017 06:16 PM
‎06-27-2017 06:16 PM

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

@rhody wrote:

Raphael's fix doesn't work for me.  I think may be because there's no 'checkout-step-login' element in any of my templates.

 

var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;

 Where is that supposed to be?

The 'checkout-step-login' works with the default magento checkout. If you view source, this id is located between the <h2>Checkout Method</h2> and <h3>Checkout as a Guest or Register</h3> in a <div>.

 

There is that var formKey line to be added and then there is also a couple more lines to change:

1. Login: Guest

if ($('login:guest') && $('login:guest').checked) {
        this.method = 'guest';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}

 Add the form_key:formKey after parameters: {method: 'guest'

 

2. Login Register

else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) {
        this.method = 'register';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}

Also add the form_key:formKey after parameters: {method: 'register'

 

That's all I did and then refresh magento, browser, cloudflare cache, etc.

Reply