Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I am able to get around the lifetime restriction by adding items to cart anonymously then logging in, then checking out. This is with requiring users to login before checking out.
Or if you are not requiring users to login before checkout, ubercart does not require login for existing account holders as discussed here: http://www.ubercart.org/forum/ideas_and_suggestions/8477/anonymous_check...
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | uc_restrict_qty-770660-lifetime-bypass.patch | 2.57 KB | recrit |
Comments
Comment #1
recrit commented[1] when anonymous checkout is not allowed and an anonymous user adds the restricted product to cart and then logs in as a user to proceed to checkout.
Bug:
this hole is created since the past order quantity count is only calculated on hook_add_to_cart_data -- when a product is added to the cart. If the product is in the cart already, it has bypassed this counting and the remaining qty allowed is whatever the past order count was when the product was initially added.
Fix:
The attached patch adds an additional call to uc_restrict_qty_count() in hook_cart_item() op = 'load' which is called anytime the cart gets loaded.
Caveats of Fix:
if adding to cart and quantity is allowed, this will result in 2 calls to uc_restrict_qty_count() instead of the original 1. A static cache could be added to uc_restrict_qty_count(); however, i sided on keeping this patch simple and avoid any unexpected issues from pulling stale data from uc_restrict_qty_count during the same request.
[2] anonymous checkout allowed and on checkout complete Ubercart assigns the order to a matching email address of a valid user that has already purchased the limited quantity.
Fix: Do not allow anonymous checkout if you are using this module with lifetime restrictions.
Comment #2
JGonzalez commentedSubscribing
Comment #3
data77 commentedFix [2] isn't really a fix, it's just avoiding the problem. I'm sure there are many sites that want to have anonymous checkout allowed AND use this module. I, for one, need this for a site where users can't register themselves, they only get registered when they buy a membership. In other words, if I don't allow anonymous checkout, users that want to buy a membership (and register) can never do so, because they need to be registered to checkout.
I know there are other ways of fixing this problem for my example, but it should also be possible to do a real fix for this and not avoiding the problem.
Comment #4
raulmuroc commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).