cancel
Showing results for 
Search instead for 
Did you mean: 

SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

SOLVED

SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

This issue is only presented when we ENABLE form key authentication.
Version used: 1.7.0.2, but looks like someone has posted that same issue occurs on 1.9.3 version too.

When Go to checkout, we are presented with 2 options: CHECKOUT AS A GUEST OR REGISTER Once click "Register", and fill-out the form along with password, you proceed through all steps and complete the order. Order gets placed, BUT customer never gets registered in Magento. It looks like Guest order form the back-end.

When I went back and Disabled form key authentication, and tried placing order while registering as a customer, it got placed without any problems and the customer got registered in the back-end.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

I am using Generic Magento checkout, no custom checkouts. I can fully go through checkout, if it were Form Key issue I am sure I would have problems. This is a problem in the logic of a code. Therefore it is a bug and it has been addressed already, you need to comment out three lines in the OnepageController.php. See below:

 public function saveMethodAction()
{
    if ($this->_expireAjax()) {
        return;
    }

    /*if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
        return;
    }*/


Original source:
https://magento.stackexchange.com/questions/177035/supee-9767-patch-ce-1-9-3-3-one-page-checkout-cus...

View solution in original post

9 REPLIES 9

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

@onlinestore23You need to check forms in all the custom template files and put in the form key. If you are using the custom code for the form than you need to add the code in controller as well to check the valid form key.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

I am using Generic Magento checkout, no custom checkouts. I can fully go through checkout, if it were Form Key issue I am sure I would have problems. This is a problem in the logic of a code. Therefore it is a bug and it has been addressed already, you need to comment out three lines in the OnepageController.php. See below:

 public function saveMethodAction()
{
    if ($this->_expireAjax()) {
        return;
    }

    /*if ($this->isFormkeyValidationOnCheckoutEnabled() && !$this->_validateFormKey()) {
        return;
    }*/


Original source:
https://magento.stackexchange.com/questions/177035/supee-9767-patch-ce-1-9-3-3-one-page-checkout-cus...

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

Good to know that.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

This is unfortunately not a solution, but a risky workaround that removes the patch security effect itself...

 

I'm stuck with the same problem on custom checkout process with "autoregister".

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

No, it isn't the correct answer.

The correct one or at least the better answer would be the one posted by Raphael at Digital Pianism. He added a form key variable to the guest & register checkout function. And this can be a good working temporary fix until we get an official patch from Magento.

 

Quoting his answer:

 

Ok here's the real bug fix I came up with.

Edit /skin/frontend/base/default/js/opcheckout.js and edit the setMethod() method by replacing:

setMethod: function(){
    if ($('login:guest') && $('login:guest').checked) {
        this.method = 'guest';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest'}}
        );
        Element.hide('register-customer-password');
        this.gotoSection('billing', true);
    }
    else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) {
        this.method = 'register';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register'}}
        );
        Element.show('register-customer-password');
        this.gotoSection('billing', true);
    }
    else{        alert(Translator.translate('Please choose to register or to checkout as a guest').stripTags());
        return false;
    }    document.body.fire('login:setMethod', {method : this.method});
},

With:

setMethod: function(){
    var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;
    if ($('login:guest') && $('login:guest').checked) {
        this.method = 'guest';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}
        );
        Element.hide('register-customer-password');
        this.gotoSection('billing', true);
    }
    else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) {
        this.method = 'register';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}
        );
        Element.show('register-customer-password');
        this.gotoSection('billing', true);
    }
    else{        alert(Translator.translate('Please choose to register or to checkout as a guest').stripTags());
        return false;
    }    document.body.fire('login:setMethod', {method : this.method});
},

That'll do it while we're waiting for the v2 of the patch

shareimprove this answer

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

Hi, I already modified /skin/frontend/base/default/js/opcheckout.js according the exemple but it doesn't helped.

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

Raphael's fix doesn't work for me.  I think may be because there's no 'checkout-step-login' element in any of my templates.

 

var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;

 Where is that supposed to be?

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.

I´ve the same problem. No element found in JS, but in source code, i can see this input field. So i´ve disabled the "formkey validation"-setting in backend until a new patch will be released.

Re: SUPEE 9767- Customer Registration Fails when using generic Magento 5-step checkout.


@rhody wrote:

Raphael's fix doesn't work for me.  I think may be because there's no 'checkout-step-login' element in any of my templates.

 

var formKey = $('checkout-step-login').select('[name=form_key]')[0].value;

 Where is that supposed to be?


The 'checkout-step-login' works with the default magento checkout. If you view source, this id is located between the <h2>Checkout Method</h2> and <h3>Checkout as a Guest or Register</h3> in a <div>.

 

There is that var formKey line to be added and then there is also a couple more lines to change:

1. Login: Guest

if ($('login:guest') && $('login:guest').checked) {
        this.method = 'guest';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'guest', form_key:formKey}}

 Add the form_key:formKey after parameters: {method: 'guest'

 

2. Login Register

else if($('login:register') && ($('login:register').checked || $('login:register').type == 'hidden')) {
        this.method = 'register';
        new Ajax.Request(
            this.saveMethodUrl,
            {method: 'post', onFailure: this.ajaxFailure.bind(this), parameters: {method:'register', form_key:formKey}}

Also add the form_key:formKey after parameters: {method: 'register'

 

That's all I did and then refresh magento, browser, cloudflare cache, etc.