Announcement

**SidFeyDesigns** · 05-05-23, 07:52 AM

Possible Customer Password Reset Bug:

The success/information message is being displayed rather than an error message when entering an email that does not exhist in the store for customer accounts.

This is happening on FPWD and the magnific popup form on LOGN (Suivant Theme).

I entered a goofy email "[email protected]" and made sure there is no account using it.

**Eric Foresman** · 05-05-23, 08:16 AM

Originally posted by SidFeyDesigns View Post

Possible Customer Password Reset Bug:

The success/information message is being displayed rather than an error message when entering an email that does not exhist in the store for customer accounts.

This is happening on FPWD and the magnific popup form on LOGN (Suivant Theme).

I entered a goofy email "[email protected]" and made sure there is no account using it.

Hi SidFeyDesigns

That is intentional and part of PCI-dss requirement #6.5.5

https://www.pcidssguide.com/pci-dss-requirement-6/

“A common example of improper error handling is user ID and password input. If an attacker receives the message, "incorrect password provided," that error message is telling them they've given a correct user ID. Now, they can focus on hacking the password. The PCI DSS recommends using generic language in your error messages so that no useful information is accidentally given to attackers. Instead of saying "Incorrect password provided," try giving the error message, "Data could not be verified."

Hope this helps

-Eric

**SidFeyDesigns** · 05-05-23, 08:21 AM

OKay, that actually makes a lot of sense. Thank you for sharing that info.

**William Davis** · 05-22-23, 12:31 PM

Address Validation Issues

We disabled the feature back in 2022/03 due to the following issues:

1. Three times wrong address was not not flagged, fortunately our fulfillment software caught it.
2. Twice shoppers were not able to place orders.

Refer to post:

Title: Any issues with Address Validation?
Link: https://www.miva.com/forums/forum/on...ion#post720252

Note: Two other merchants on the post disabled the feature due to other problems as well.

I do not believe Miva is aware that there might be an issue with this feature.

**Eric Foresman** · 05-22-23, 02:33 PM

Originally posted by William Davis View Post

Address Validation Issues

We disabled the feature back in 2022/03 due to the following issues:

1. Three times wrong address was not not flagged, fortunately our fulfillment software caught it.
2. Twice shoppers were not able to place orders.

Refer to post:

Title: Any issues with Address Validation?
Link: https://www.miva.com/forums/forum/on...ion#post720252

Note: Two other merchants on the post disabled the feature due to other problems as well.

I do not believe Miva is aware that there might be an issue with this feature.

Hi William

i just tried checking out at runtime with address verification turned on and was able to complete checkout both with selecting the "verified" version of the address and the "as entered" option.

do you happen to have the address the customer was using that caused that error?

as far as the first issue goes "1. Three times wrong address was not not flagged, fortunately our fulfillment software caught it."

I'm not sure there is anything we can do about that. if the address is so off that UPS and/or USPS don't return any "verified" versions of it we still allow the order to complete. we do this so that we don't get into a situation where the Customer Can't complete checkout. for that same reason we have the "Use As Entered" option. but because of that, it does allow a customer to enter a bad address and just bypass or skip the address verification.

-Eric

**William Davis** · 05-23-23, 01:29 PM

Originally posted by Eric Foresman View Post

Hi William

i just tried checking out at runtime with address verification turned on and was able to complete checkout both with selecting the "verified" version of the address and the "as entered" option.

do you happen to have the address the customer was using that caused that error?

as far as the first issue goes "1. Three times wrong address was not not flagged, fortunately our fulfillment software caught it."

I'm not sure there is anything we can do about that. if the address is so off that UPS and/or USPS don't return any "verified" versions of it we still allow the order to complete. we do this so that we don't get into a situation where the Customer Can't complete checkout. for that same reason we have the "Use As Entered" option. but because of that, it does allow a customer to enter a bad address and just bypass or skip the address verification.

-Eric

Eric, thank you for your quick reply. I don't recall as that happened some time ago. But I caught your other relating to the same issue, and will give it another go this week and report back here. Thanks again!

**SteveG** · 04-30-24, 02:21 PM

Managed Quotes and Basket Price Group Recalc.
Been trying this new feature which is great, however the Quotes seemingly can be overridden when a customer logs in, in this instance when the product variant price is zero. The Basket Price Group Recalc is designed to ensure price group members receive their pricing so wonder if that's the issue.

When entering an un priced variant product into the quote, assigning a quote price of $200, it reverts to zero when the customer logs into to pay for it. I experimented by giving the variant a $150 value to see if the price would change in that instance, and yes, same thing, the quote price changed to the variant price. So something seems not quite correct here.

**Eric Foresman** · 05-01-24, 04:44 AM

Originally posted by SteveG View Post

Managed Quotes and Basket Price Group Recalc.
Been trying this new feature which is great, however the Quotes seemingly can be overridden when a customer logs in, in this instance when the product variant price is zero. The Basket Price Group Recalc is designed to ensure price group members receive their pricing so wonder if that's the issue.

When entering an un priced variant product into the quote, assigning a quote price of $200, it reverts to zero when the customer logs into to pay for it. I experimented by giving the variant a $150 value to see if the price would change in that instance, and yes, same thing, the quote price changed to the variant price. So something seems not quite correct here.

Hi SteveG

i was unable to reproduce what you are seeing. can you provide some more detailed steps to reproduce and a break down of how you have your product, customer, and price group setup?

many thanks
-Eric

**SteveG** · 05-07-24, 05:36 PM

Originally posted by Eric Foresman View Post

Hi SteveG

i was unable to reproduce what you are seeing. can you provide some more detailed steps to reproduce and a break down of how you have your product, customer, and price group setup?

many thanks
-Eric

Hi Eric,

Sorry for the delay in responding and thanks for looking into this.

The quote has the Quote Exclusion Price Group applied to it, think this is set up automatically and is set up as coupon only. I did try changing it to Exclude For Same Basket and tested again, the item again return to zero pricing.

The customer I use to test has not price groups assigned.

The variant isn't assigned to a price group, however its master product is (20% discount legacy price group)

The price only changes once the customer logs in (I tested checking out without an account, and the quote pricing stayed as quoted)

Module - Basket Price Group Recalc.

Other than that I don't think there much more I can add.

Steps

Enter an un-priced product variant into the quote, assigning a quote price of $200,
Customer receives and converts quote to a basket
Upon logging in the price reverts to the variant products base price, in this case zero

Announcement

Miva Merchant 10.00.x Bug Reports

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment