Jump to content


  • Content count

  • Joined

  • Last visited

1 Follower

Profile Information

  1. I've installed v 2.3 of this contribution on a new install of MS2. Got everything to work OK. I am now trying to add SSL functionality and can make all of the Admin screens work in secure mode as follows: define('HTTP_SERVER', 'https://mysecureserver/mywebspace'); I have a small problem with catalog images but I think I have found the answer elsewhere. I just don't want to run the whole of Admin in SSL mode. I found this contribution: http://forums.oscommerce.com/index.php?showtopic=103024 which enables you to define which of your admin pages should be SSL (e.g. Customer, Orders etc) and which NONSSL (e.g. catagories, products, etc) Again I can get this to work perfectly on a virgin install. Wouldn't it be great if I could combine the two contributions! Secure login, defineable user permissions and secure viewing of confidential customer details. Unfortunately I can't get the two to work together. When I do put them together I login via SSL - not what I expected but great. I can browse all the NONSSL pages ok - in NONSSL mode - just what I want. If I try to access any pages defined as SSL, e.g customers, I get .... the login screen - not what I want at all. Has anyone tried this and got it to work? I suspect it's got something to do with the function which checks user permissions each time a page is requested but I don't know enough (anything!) about PHP to attempt a solution. I've posted a similar epistle here: http://forums.oscommerce.com/index.php?showtopic=103024 - post 18 Thought if I worked it from both ends I would have more chance of a result. Thanks in anticipation.
  2. I got EZ Secure Order to work as it should with ms2 'Out of the box'. I have been trying to get this to work with this contribution:- Administration Access Levels Acounts 2 I have added the following to admin/includes.config.php define('HTTPS_SERVER', 'https://my_secure_server'); define('ENABLE_SSL', 'true'); and the following to admin/includes/functions/html if ($connection == 'NONSSL' && ($page != FILENAME_CUSTOMERS) ){ and elseif ($connection =='SSL' || ($page ==FILENAME_CUSTOMERS) ) { as per the instructions in the contribution. The result I am getting is that when I go to www.mywebsite.co.uk/admin it takes me to the login screen as expected via the ssl server ie https:// which is not what I expected. Once I login I can browse the admin pages non SSL ie http:// as I would expect. When I try to acess the 'Customer' areas I would hope to access via https:// however what does happen is that I arrive back at the login page. What I am trying to achieve is https:// access to the login screen (so that username and password are protected), http:// access to most of the admin pages since these are not necessarily confidential but https:// access to protect customer datails on the 'customer', 'order' etc pages. Has anyone achieved this? Alan
  3. EXCEPT THAT IT DOESN'T QUITE! My host provides SSL on a secure server with a shared certificate. The https server is https://secure.myhost.co.uk/www.mydomain.co.uk The http server is http://www.mydomain.co.uk The catalog/includes/configure.php file has the secure and non secure servers defined as follows: define('HTTP_SERVER', 'http://www.mydomain.net'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://secure.myhost.co.uk/www.mydomain.net'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? If I leave the admin/includes/configure.php file as per the install procedure everything works as it should both in the catalog and in the admin. SSL works as and when intended within the catalog BUT none of the admin screens are secure although they all function correctly. If I then amend the admin/includes/configure.php as per my previous post quoted at the top then the admin screens are all secure and function correctly but only the images stored within the admin directories are shown. Those images which are stored in the catalog directories appear as broken links. The catalog continues to function correctly with all images shown. Can anyone help me with this? I have been installing and re-installing, configuring and re-configuring but I just cannot find the answer. Just to be totally accurate I don't have a catalog directory. All the catalog files and folders sit within the root directory with the admin folder and files one level up ie public_html/admin/ Thanks in anticipation Alan
  4. Marg, I have had the same problem as yourself. I know that Zaenal posted a reply to this but I think he missunderstood your problem. My problem is that I DO have a secure server but all my admin functions are accessed http:// rather than https:// I think that was your problem too. Here is the fix: Open the file admin/incudes/confgure.php and at the top replace define('HTTP_SERVER', 'http://www.yourserver.com'); with define('HTTP_SERVER', 'https://www.yoursecureserver.com'; That did the trick for me! I'm not sure why I've had to change this manually. Perhaps I did not configure this correctly during the install process or perhaps the install/configuration scripts don't configure the admin for https:// I'll pay a bit more attention to this the next time I install from scratch. Anyway I hope this helps
  5. Hi, First of all congratulations to Zaenal for an excellent contribution. In my opinion this is worthy of incorporation into the core of OSCommerce. It seems crazy to me that the 'Out of the Box' version of the core product does not come with, at the very least, password protection of the Admin Panel and with the complexity of features and functions within OSC I believe it is also essential to limit users only to those areas within scope of their responsibilities and, more importantly, their competances. This contribution not only fits the bill with regard to fulfilling the above but does so in a manner which maintains the look, feel and quality of the core product. I'm not competant to comment on whether the actual code conforms to the standards and conventions of the core product but my vote would be for inclusion of this functionality within the next milestone release. I have integrated v1.2 into a new install of OSC2.2ms1. I have had no problems with the install. Careful reading of the installation instructions and of this thread along with a methodical approach and a little time had everything up and running first go. Vis-a-vis my comments above regarding integration with the core product, once I got everything up and running I packaged the combined files together, added the content of the admin_tabel.sql file to the oscommerce.sql file in the Install directory, put the lot on the server and ran the Install script and Hey Presto! I had a brand new installation of OSC2.2ms1 complete with Admin Account with Access Level v1.2 in a matter of minutes. By the way I have very little PHP knowledge and absolutely no SQL so this really HAD to be easy! The only bugs I have found relate to the emails which are forwarded to Admin Members when they are first added as Admin Members, when they change their password e.g. on their first login, or when they forget their password. Some of these bugs and fixes have been mentioned elsewhere in this thread but some relate to problems in v 1.1 which have been partially fixed in v1.2. My comments here relate only to v1.2. Firstly, not a bug but an omission in the readme.txt There are two logins set up as part of the initial install. Without knowing about these you won't be able to gain access to the Admin Panel. I know that an early post in this thread details these but they should also be mentioned in the readme.txt. For completeness I have included them here. email: admin@localhost password: admin and email: test@localhost password: admin At last I get down to the bugs! BUG 1 When you first login using one or other of the above you are advised to change your login details. When you do this, and after any subsequent change of password, you will receive a confirmation email. The problem is that this email has the subject 'ADMIN_EMAIL_SUBJECT' and the content text is 'ADMIN_EMAIL_TEXT'. The reason for this lies within the file admin/includes/languages/english/admin_account.php which should contain the definitions for the email subject and text but doesn't. I added the following to the bottom of the script - before '?>' at line 51: define('ADMIN_EMAIL_SUBJECT', 'Password Change'); define('ADMIN_EMAIL_TEXT', 'Hi %s,' . "nn" . 'You have successfully changed your password' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . "nn" . 'Please do not write your password down or share it with anyone.' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!'); This works with the email now containing the required subject and content. There is one problem 'though. There is no signature on this email and I can't understand why. If anyone can help me out with this it would be much appreciated. Bug 2 When you click on 'Password Forgotten?' on the login screen you are sent an email containing a new system generated password, or at least you should. What actually happens is that you get an email with the subject 'ADMIN_EMAIL_SUBJECT' and the content text is 'ADMIN_EMAIL_TEXT' as above. The fix for this was posted by Onimusha Watanabe for which my thanks. And indeed it does. There was a similar bug in v1.1 with the email forwarded to new Admin Members where the email subject and content was not defined in admin/include/languages/english/login.php but this is fixed in v1.2 With the above small bug fixes this contribution works as it should. I do have some comments/queries about the 'File Access' functionality but I think they should be the subject of a separate post. Keep up the good work! I for one very much appreciate it.