298 replies to this topic

[partsace]

My admin login.php page keeps reloading itself after putting in the correct username and PW.  Has anyone had this problem and know who it fix it?  I have made 3 differenct admin setions and it keeps doing it.

Thanks,

Scott
Ps. I know it is the correct UN & PW because I checked the database and it says that I have logged in 5 times.

Edited by partsace, 16 October 2003 - 09:44 PM.

[thienthanhayquysu]

i'll getting your Admin Access Level 1.2 in osCommerce MS2...It work not okie in member groups. And this error:

Admin Members  

Fatal error: Call to undefined function: tep_array_merge() in C:\FoxServ\www\admin\admin_members.php on line 350

How me fix it ???. Help me.
Thanks a lot

[osjunkie]

Hey Quick question,

I have MS2 and I have installed over 24 contributions to it and it works perfect, backed up every time I installed something. When looking at this contrib I knew it was a keeper for the very end.

Got it installed now, but I only have the features in Admin. I have turned on the other modules but none of the  files are accessable because I don't have the proper permission level to access the features.

I have changed the files as to what the other files were changed in admin/includes/boxes but when I do that I can't even access the features in admin...basically what I am saying is...It's 3am and I am about to die. What is the proper concept for integration of non-core admin modules so they work with Account Access?  If you had your bare bones system setup, how would you install a contrib into the backend using this package?

Thanks so much!
Brad
cruz AT shaw DOT CA

[HollyRidge]

How can we increase the timeout value in the admin section?

I see where this question has been asked several times throughout the forum but no replies to any of them. Anyway this is a very good mod but just need to figure this out because a lot of the time before we can finish typing up replies, etc to customers only to loose them when submiting due to login timing out.

[supergrizz]

Quote

I found the error in password forgotten tep_mail.
Please paste these line to admin/includes/languages/english/login.php

define('ADMIN_EMAIL_SUBJECT', 'OsC Admin Member');
define('ADMIN_EMAIL_TEXT', 'Hi %s,\n\n You can access the admin panel with the following password. Once you access the admin, please change your password! \n\n  Website : %s \n  Username: %s \n  Password: %s \n\n Thanks! \n %s \n This is an automated response, please do not reply!');

Regard's
zaenal

I pasted this in and it makes it so the password displays properly when new admin is created, but the forgotten password email doesn't work. It displays ADMIN_EMAIL_SUBJECT and ADMIN_EMAIL_TEXT. Anyone know the fix for this?

A little helpless,
DC

[clia]

i installed version 2.3 but have problem now. access to every page under /admin/ will lead to http 404 (file not fund) error.

what is wrong? is it cauces by that i am using mydomain.com/stores/admin instead of original mydomain.com/catalog/admin?

thanks in advance for any help.

[moku]

HollyRidge, on Oct 28 2003, 03:18 AM, said:

How can we increase the timeout value in the admin section?

I'm not sure it's a good way to do it, but try this:

Replace in admin/includes/functions/sessions.php:

  if (STORE_SESSIONS == 'mysql') {
    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
      $SESS_LIFE = 1440;
    }

With:

  if (STORE_SESSIONS == 'mysql') {
#    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
#      $SESS_LIFE = 1440;
// 3600 is 1 hour, so 36000 is 10.
      $SESS_LIFE = 36000;
#    }

It works. There is time out after 10 hours of idle time (I tried with 10 secondes, but it must be equal with 36000)

[dlo001]

I have worked out most of the kinks of the Admin Mod.

I did make a quick change to separate out the forgotten password code:

define('ADMIN_FORGOTPSSWD_SUBJECT', 'Forgot Password');
define('ADMIN_FORGOTPSSWD_TEXT', 'Hi %s,' . "\n\n" . 'You can access the admin panel with the following password. Once you access the admin, please change your password!' . "\n\n" . 'Website : %s' . "\n" . 'Username: %s' . "\n" . 'Password: %s' . "\n\n" . 'Thanks!' . "\n" . '%s' . "\n\n" . 'This is an automated response, please do not reply!');

and used the constants in password_forgotten.php

        tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_FORGOTPSSWD_SUBJECT, sprintf(ADMIN_FORGOTPSSWD_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

HOWEVER:
For some reason now I cannot delete any of the admin accounts. It just displays "Delete Permission" with a "back" button and I cannot delete the specified user. Is this a file permissions thing? A site admin permissions thing? Please help

[dlo001]

It has to do with the code in admin_members.php

Line 433-442:

case 'del_member':
      $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_DELETE . '</b>');
      if ($mInfo->admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS) {
      $contents[] = array('align' => 'center', 'text' => '<br><a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $mInfo->admin_id) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a><br>&nbsp;');
      } else {
      $contents = array('form' => tep_draw_form('edit', FILENAME_ADMIN_MEMBERS, 'action=member_delete&page=' . $page . '&mID=' . $admin['admin_id'], 'post', 'enctype="multipart/form-data"'));
      $contents[] = array('text' => tep_draw_hidden_field('admin_id', $mInfo->admin_id));
      $contents[] = array('align' => 'center', 'text' =>  sprintf(TEXT_INFO_DELETE_INTRO, $mInfo->admin_firstname . ' ' . $mInfo->admin_lastname));
      $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $HTTP_GET_VARS['mID']) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
      }

the code

admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

seems counter intuitive as admin delete rights should be admin_groups_id==1 so i think this should be:

admin_groups_id != 1 || $mInfo->admin_email_address != STORE_OWNER_EMAIL_ADDRESS

Does this make since? I would like some feedback to make sure this is right

[dlo001]

The code:

admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

was the issue. I had change the email of the store owner on the production site from the development site. The email of the user site admin was still using the development site email address. These have to match or the site admin does not have the right permissions to delete other site admins. Bizarre. Any suggestions to make this more stable would be great.

[DesertDogs]

osjunkie, on Oct 19 2003, 03:56 PM, said:

Hey Quick question,
What is the proper concept for integration of non-core admin modules so they work with Account Access?  If you had your bare bones system setup, how would you install a contrib into the backend using this package?

I've got this same problem.  Sorry for the entry.  I want to be emailed if anyone replies to this and didn't see a "Monitor" option in the forum. This should do it.

[jloyzaga]

trying to figure out how this works. Want to know where the code is that determines what is allowed in the admin area and how it gets the login id. Need to know this to make mods in my report that only allows orders to be displayed in the reports by the login id. I know what I'm doing  - just can't find the code that does it.

What I want to do is to link the group to a vendor's login. Then I will create an id in the product to indicate which vendor supplies this product. When any order reports are requested by that vendor by logging into the admin area - he will only see the reports because thats what his group allows. But the reports will also look at his login (thats why I need to know how to do above) and get the vendor code and only select order/sales details valid for his products.

This gives me vendor reports that are available at call - I don't have to periodically run them and send them.

Can ayone help with the above?
Maybe the author of the contrib???

Joe

[Lavarock]

I cannot find some specific information on this contribution and have not installed it yet.

Does this contribution just hide admin pages from people who are not configured to access them?

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

[241]

Lavarock, on May 28 2004, 08:35 PM, said:

I cannot find some specific information on this contribution and have not installed it yet.

Does this contribution just hide admin pages from people who are not configured to access them?

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

no if you try to access a page and your permission is not set then you will get bounced it is all controlled by status flags in the database.

If you try to go directly to a page then you will be bounced to the login.

It follows along these lines user id group id and there are checks if the encrypted password + user id + group id have any part wrong then no access is granted.

[Lavarock]

Thanks, this sounds like what I want. I think I'll fresh install OSCommerce on a box and add the contribution and test it out.

Thanks for the information!

Mark

Edited by Lavarock, 28 May 2004 - 10:53 PM.

[batyushki]

This contribution works great, but I've found a bug relating to the functions/general.php file. After modifying this file for the contrib, line 19 redirects the user if the session is not registered. The problem I'm seeing is for forms that submit to their own page. On my Windows server if you use one of the Search boxes in Admin, you'll get redirected to login because the form isn't sending the osCAdminID in the URL.

I also see osCAdminID in the URL on every other page, which I didn't see on my Unix server. Any ideas why?

Can someone figure out this redirect bug?

[Charlee]

I am missing catalog.php and administrator.php, also I made a new account with very limited access but if I log in with that account I have full access there is no difference from the top admin account. Please Help

[Charlee]

Ok here is what I found, if I log on as guest I have no access but if I log on as sales_team I have full access even though that account has very limited access and still missing those files, any help would be great. by the was what is "store files" for?

[shutiri]

Hi.  I'm getting this error:

Quote

Fatal error: Call to undefined function: tep_array_merge() in /home/musiccr/public_html/admin/admin_members.php on line 352

any ideas ?

thank you,
shutiri.

[shutiri]

solved.