Creating an Account with country not selectable

[Mikepo]

Someone, created an account using the country of Uzbekistan.  However, I have only one country available, UK, from the drop down list. So I was wondering how this is possible?

Also, the postcode entered into the account is invalid, as we have a script to check the format.  Again how is this possible?

Obviously, it can be done, so can it be prevented?

I checked the IP address, and using viewcounter, there were 5 records, starting from the home page to account success.php.  No more records were found.

Any advice or knowledge much appreciated.

Mike

 

[♥raiwa]

Do you offer PayPal express checkout in the shopping cart?

Then it's posible.

[ArtcoInc]

@raiwa

True. One of my shops sells only to the USA with flat rate shipping. I had to contact PayPal and have them flag that account to only allow USA addresses.

M

[Mikepo]

12 hours ago, raiwa said:

Do you offer PayPal express checkout in the shopping cart?

No, only PayPal Standard.

The history of the rouge customer was:

homepage -- create account - create account success

nothing was put in the cart.

So I'm not to sure how he managed to enter the country of Uzbekistan when UK is the only one available. And entering a postcode which isn't valid is also prevented by a script. But he managed to enter 154522.

Still a mystery.

[burt]

Does Uzbekistan exist as a country in your country list (in admin)?

[♥raiwa]

Like @burt pointed out, the question is if you have all other countries except UK deleted in the database.

If not, you must have modified the country menu coding in create_account.php and maybe you didn't do the same in the address_book_details.php and checkout_new_address.php modules. Same for the postcode check.

This would explain that the customer could have edited his address in his account or added a different shipping address during checkout.

[Mikepo]

1 hour ago, burt said:

Does Uzbekistan exist as a country in your country list (in admin)?

yes.

@burt I also have your country & state selector header_tag module installed.  This is active on the account create, update, and new address pages, and only allows UK to be selected.

So the question is, how does someone create an account with only the UK selectable?

The same applies to the postcode, only UK postcode format can be entered.

[burt]

They are browsing with (eg) Javascript turned off ?  

[burt]

19 minutes ago, burt said:

They are browsing with (eg) Javascript turned off ?  

A lot of people do.  I do.  I turn it on for certain websites that I use a lot.

I'm also not certain, but I think a number of readers (ie browsers for the blind etc) do not have .js capability. 
This was certainly the case some years back when I worked with a deaf/blind person but things may have changed since.

[Mikepo]

55 minutes ago, burt said:

They are browsing with (eg) Javascript turned off ?  

Thanks Gary, as I always have javascipt turned on, and I wouldn't necessarlity turn it off, I never thought about this.

With it off, accounts with any country and any postcode can be created.

The 'no Script message' module kicks in with it off, so at least the customer gets to know he should switch javascript on to get the site working as intended.