Jump to content



Photo
- - - - -

[Contribution] Admin Account with Access Level


  • Please log in to reply
298 replies to this topic

#161   partsace

partsace
  • Members
  • 61 posts
  • Real Name:Scott
  • Gender:Male
  • Location:Washington, USA

Posted 16 October 2003 - 21:44

My admin login.php page keeps reloading itself after putting in the correct username and PW. Has anyone had this problem and know who it fix it? I have made 3 differenct admin setions and it keeps doing it.

Thanks,

Scott
Ps. I know it is the correct UN & PW because I checked the database and it says that I have logged in 5 times.

Edited by partsace, 16 October 2003 - 21:44.


#162   thienthanhayquysu

thienthanhayquysu
  • Members
  • 5 posts
  • Real Name:Nguyen Dang Binh

Posted 17 October 2003 - 03:15

i'll getting your Admin Access Level 1.2 in osCommerce MS2...It work not okie in member groups. And this error:

Admin Members

Fatal error: Call to undefined function: tep_array_merge() in C:\FoxServ\www\admin\admin_members.php on line 350

How me fix it ???. Help me.
Thanks a lot

#163   osjunkie

osjunkie
  • Members
  • 226 posts
  • Real Name:Brad Thompson
  • Location:Winnipeg, Canada

Posted 19 October 2003 - 07:56

Hey Quick question,

I have MS2 and I have installed over 24 contributions to it and it works perfect, backed up every time I installed something. When looking at this contrib I knew it was a keeper for the very end.

Got it installed now, but I only have the features in Admin. I have turned on the other modules but none of the files are accessable because I don't have the proper permission level to access the features.

I have changed the files as to what the other files were changed in admin/includes/boxes but when I do that I can't even access the features in admin...basically what I am saying is...It's 3am and I am about to die. What is the proper concept for integration of non-core admin modules so they work with Account Access? If you had your bare bones system setup, how would you install a contrib into the backend using this package?

Thanks so much!
Brad
cruz AT shaw DOT CA

#164   HollyRidge

HollyRidge
  • Members
  • 8 posts
  • Real Name:John Bage

Posted 28 October 2003 - 01:18

How can we increase the timeout value in the admin section?

I see where this question has been asked several times throughout the forum but no replies to any of them. Anyway this is a very good mod but just need to figure this out because a lot of the time before we can finish typing up replies, etc to customers only to loose them when submiting due to login timing out.
**Please remember any coding I post is use at you own risk... We are not responsible for any damages, downtime, etc.**

#165   supergrizz

supergrizz
  • Members
  • 21 posts
  • Real Name:Dave

Posted 01 November 2003 - 02:03

I found the error in password forgotten tep_mail.
Please paste these line to admin/includes/languages/english/login.php

define('ADMIN_EMAIL_SUBJECT', 'OsC Admin Member');
define('ADMIN_EMAIL_TEXT', 'Hi %s,\n\n You can access the admin panel with the following password. Once you access the admin, please change your password! \n\n  Website : %s \n  Username: %s \n  Password: %s \n\n Thanks! \n %s \n This is an automated response, please do not reply!');
Regard's
zaenal


I pasted this in and it makes it so the password displays properly when new admin is created, but the forgotten password email doesn't work. It displays ADMIN_EMAIL_SUBJECT and ADMIN_EMAIL_TEXT. Anyone know the fix for this?

A little helpless,
DC

#166   clia

clia
  • Members
  • 3 posts
  • Real Name:Clia

Posted 19 November 2003 - 08:21

i installed version 2.3 but have problem now. access to every page under /admin/ will lead to http 404 (file not fund) error.

what is wrong? is it cauces by that i am using mydomain.com/stores/admin instead of original mydomain.com/catalog/admin?

thanks in advance for any help.

#167   moku

moku
  • Members
  • 25 posts
  • Real Name:Ghack
  • Location:Kanazawa, Japan

Posted 27 November 2003 - 23:44

How can we increase the timeout value in the admin section?

I'm not sure it's a good way to do it, but try this:

Replace in admin/includes/functions/sessions.php:

 if (STORE_SESSIONS == 'mysql') {
    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
      $SESS_LIFE = 1440;
    }

With:

 if (STORE_SESSIONS == 'mysql') {
#    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
#      $SESS_LIFE = 1440;
// 3600 is 1 hour, so 36000 is 10.
      $SESS_LIFE = 36000;
#    }

It works. There is time out after 10 hours of idle time (I tried with 10 secondes, but it must be equal with 36000)

#168   dlo001

dlo001
  • Members
  • 18 posts
  • Real Name:D Lo

Posted 04 January 2004 - 18:06

I have worked out most of the kinks of the Admin Mod.

I did make a quick change to separate out the forgotten password code:
define('ADMIN_FORGOTPSSWD_SUBJECT', 'Forgot Password');
define('ADMIN_FORGOTPSSWD_TEXT', 'Hi %s,' . "\n\n" . 'You can access the admin panel with the following password. Once you access the admin, please change your password!' . "\n\n" . 'Website : %s' . "\n" . 'Username: %s' . "\n" . 'Password: %s' . "\n\n" . 'Thanks!' . "\n" . '%s' . "\n\n" . 'This is an automated response, please do not reply!');

and used the constants in password_forgotten.php
       tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_FORGOTPSSWD_SUBJECT, sprintf(ADMIN_FORGOTPSSWD_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

HOWEVER:
For some reason now I cannot delete any of the admin accounts. It just displays "Delete Permission" with a "back" button and I cannot delete the specified user. Is this a file permissions thing? A site admin permissions thing? Please help

#169   dlo001

dlo001
  • Members
  • 18 posts
  • Real Name:D Lo

Posted 04 January 2004 - 18:43

It has to do with the code in admin_members.php

Line 433-442:
case 'del_member':
      $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_DELETE . '</b>');
      if ($mInfo->admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS) {
      $contents[] = array('align' => 'center', 'text' => '<br><a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $mInfo->admin_id) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a><br>&nbsp;');
      } else {
      $contents = array('form' => tep_draw_form('edit', FILENAME_ADMIN_MEMBERS, 'action=member_delete&page=' . $page . '&mID=' . $admin['admin_id'], 'post', 'enctype="multipart/form-data"'));
      $contents[] = array('text' => tep_draw_hidden_field('admin_id', $mInfo->admin_id));
      $contents[] = array('align' => 'center', 'text' =>  sprintf(TEXT_INFO_DELETE_INTRO, $mInfo->admin_firstname . ' ' . $mInfo->admin_lastname));
      $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $HTTP_GET_VARS['mID']) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
      }

the code
admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

seems counter intuitive as admin delete rights should be admin_groups_id==1 so i think this should be:

admin_groups_id != 1 || $mInfo->admin_email_address != STORE_OWNER_EMAIL_ADDRESS

Does this make since? I would like some feedback to make sure this is right

#170   dlo001

dlo001
  • Members
  • 18 posts
  • Real Name:D Lo

Posted 05 January 2004 - 02:34

The code:
admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

was the issue. I had change the email of the store owner on the production site from the development site. The email of the user site admin was still using the development site email address. These have to match or the site admin does not have the right permissions to delete other site admins. Bizarre. Any suggestions to make this more stable would be great.

#171   DesertDogs

DesertDogs
  • Members
  • 28 posts
  • Real Name:Matt Gee

Posted 18 January 2004 - 18:25

Hey Quick question,
What is the proper concept for integration of non-core admin modules so they work with Account Access? If you had your bare bones system setup, how would you install a contrib into the backend using this package?

I've got this same problem. Sorry for the entry. I want to be emailed if anyone replies to this and didn't see a "Monitor" option in the forum. This should do it.

#172   jloyzaga

jloyzaga
  • Members
  • 240 posts
  • Real Name:Joe Loyzaga

Posted 18 May 2004 - 12:49

trying to figure out how this works. Want to know where the code is that determines what is allowed in the admin area and how it gets the login id. Need to know this to make mods in my report that only allows orders to be displayed in the reports by the login id. I know what I'm doing - just can't find the code that does it.

What I want to do is to link the group to a vendor's login. Then I will create an id in the product to indicate which vendor supplies this product. When any order reports are requested by that vendor by logging into the admin area - he will only see the reports because thats what his group allows. But the reports will also look at his login (thats why I need to know how to do above) and get the vendor code and only select order/sales details valid for his products.

This gives me vendor reports that are available at call - I don't have to periodically run them and send them.

Can ayone help with the above?
Maybe the author of the contrib???

Joe

#173   Lavarock

Lavarock
  • Members
  • 58 posts
  • Real Name:Mark Shultise
  • Location:Captain Cook (Big Island) Hawaii

Posted 28 May 2004 - 19:35

I cannot find some specific information on this contribution and have not installed it yet.

Does this contribution just hide admin pages from people who are not configured to access them?

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

#174   241

241
  • Members
  • 6,181 posts
  • Real Name:Stephen Bissett
  • Location:Scotland

Posted 28 May 2004 - 19:45

I cannot find some specific information on this contribution and have not installed it yet.

Does this contribution just hide admin pages from people who are not configured to access them?

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

no if you try to access a page and your permission is not set then you will get bounced it is all controlled by status flags in the database.

If you try to go directly to a page then you will be bounced to the login.

It follows along these lines user id group id and there are checks if the encrypted password + user id + group id have any part wrong then no access is granted.
No longer giving free advice. Please place deposit in meter slot provided. [img]http://forums.oscommerce.com/style_images/1/folder_post_icons/icon1.gif[/img] Individual: [=] SME: [==] Corporation: [===]
If deposit does not fit one of the slots provided then you are asking too much! [img]http://forums.oscommerce.com/style_emoticons/default/tongue.gif[/img]


Support The Project
Documentation/Knowledgebase/Discussions
My Contributions

#175   Lavarock

Lavarock
  • Members
  • 58 posts
  • Real Name:Mark Shultise
  • Location:Captain Cook (Big Island) Hawaii

Posted 28 May 2004 - 22:52

Thanks, this sounds like what I want. I think I'll fresh install OSCommerce on a box and add the contribution and test it out.

Thanks for the information!

Mark

Edited by Lavarock, 28 May 2004 - 22:53.


#176   batyushki

batyushki
  • Members
  • 21 posts
  • Real Name:James

Posted 01 June 2004 - 18:57

This contribution works great, but I've found a bug relating to the functions/general.php file. After modifying this file for the contrib, line 19 redirects the user if the session is not registered. The problem I'm seeing is for forms that submit to their own page. On my Windows server if you use one of the Search boxes in Admin, you'll get redirected to login because the form isn't sending the osCAdminID in the URL.

I also see osCAdminID in the URL on every other page, which I didn't see on my Unix server. Any ideas why?

Can someone figure out this redirect bug?

#177   Charlee

Charlee
  • Members
  • 26 posts
  • Real Name:Charlee

Posted 02 June 2004 - 15:10

I am missing catalog.php and administrator.php, also I made a new account with very limited access but if I log in with that account I have full access there is no difference from the top admin account. Please Help

#178   Charlee

Charlee
  • Members
  • 26 posts
  • Real Name:Charlee

Posted 03 June 2004 - 15:59

Ok here is what I found, if I log on as guest I have no access but if I log on as sales_team I have full access even though that account has very limited access and still missing those files, any help would be great. by the was what is "store files" for?

#179   shutiri

shutiri
  • Members
  • 119 posts
  • Real Name:shutiri

Posted 07 June 2004 - 04:29

Hi. I'm getting this error:

Fatal error: Call to undefined function: tep_array_merge() in /home/musiccr/public_html/admin/admin_members.php on line 352


any ideas ?

thank you,
shutiri.

#180   shutiri

shutiri
  • Members
  • 119 posts
  • Real Name:shutiri

Posted 07 June 2004 - 06:06

solved.