A client supplies wholesale only with an existing list of accounts. He doesn't want any casual browser to create a profile and purchase etc, so I removed the "Register" from the front of the site and also removed the link to register.php from the checkout process. They are now sent back to the contact us page to request an account application.
An issue has arisen where a retail customer has somehow bypassed the changes I have in place, and placed an order. I've been through the site a dozen different ways and cannot get pass the "Contact us for an account application". So the only thing I could think of is that this customer knows their way around and just went directly to the
www.domain.com/register.php page and created a profile. The weird thing is though is that the cart only sent out an email to the client with the order, not with new profile created message also.
If I simply rename or delete register.php to prevent this happening in future, it means that an existing account holder cannot modify their details either. Does anyone have a better option to prevent people (even clever ones) from registering?
Thanks
beetlejuice