when i approve a new payment, if the email of the registration is the same of a user already present in joomla, the system upgrade and create the membership to this user .
also if i fill the form without login as a member...
it s ok this operation... because the email is the same and joomla can not create 2 user with the same email

so...i would like to have an email control similar to username with the alert: email already exist , please insert another email.
it s possible to have this ?
Anyone can help me? thanks
the team support say that i must to edit this file....

components/com_rsmembership/views/subscribe/tmpl/default.php

I see this as a major security issue. I theory, one could change all the information stored in custom fields of a subscriber without knowing the subscribers user name, rather simply by knowing their email address!

I too will require a solution to this issue and have submitted a support ticket. Hopefully RSJoomla will address this security issue and supply a reasonable solution quickly.

If YOU have found a solution, would you be willing to share it here?

Kind Regards

Seth

This is not a security issue as the information will be changed only after the payment is made. So, if somebody would want to change your custom information (again, not a security issue, nothing related to email/username/password), they'd have to pay for your membership.

Octavian_

Understood - however, in my case, a free student subscription is offered. Thus it's easy for someone who happens to know an email of a current user, to create a new free student subscription for that user, therefore changing all of the personal information stored.

Additionally, this can cause confusion for an existing member. Example:
An existing member forgets that they are an existing member. They purchase a new membership using a NEW username, a NEW password, but an old email. Once the subscription is created, the custom field data is updated, however, the username and password are not changed. If that user then tries to log in using their NEW username and NEW password, the system says they don't exist. Thus the problem.

When I say Security issue I do NOT mean to say that the information is not secure in that it could be stolen or used maliciously, only that, like in the free subscription scenario, information could be changed causing an issue for the user and my client.

Can you think of any solutions? Is there a way that the email could be checked like the username is against the Joomla User database?

Kind Regards,

.:Seth

Ok - a thought:

Could I create a custom email field that would check the email against the jos_users DB and then I could create a validation message that says the email is already is use? Maybe using the code:

function unique($param, $extra=null)
{
if(!RSFormProValidations::email($param,null))
return false;
$db = JFactory::getDBO();
$param = $db->getEscaped($param);
$db->setQuery("SELECT `id` FROM #__users WHERE `email`='".$param."'");
$db->query();
$invalid = $db->getNumRows();
if ($invalid)
return false;
return true;
}

I don't see anywhere in the RSMembership custom filed area that will allow me to place any code though.

Respectfully,

Seth

thanks seth33

thanks for your reply!
i'm not an expert of php code...
so..there's a solution?
best regards