Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Admin Account with Access Level


Parikesit

Recommended Posts

there is one bug that i found.

if we login for the 1st time,the system would ask us to change our password.so,after we changed the password, the system will send an email that supposedly containing our new password/changed password.but, somehow when i open the email,it only contains a website address,username and some predetermined text.but, the password is blank or in other words,the system are not sending the password together.so, i do check at admin/admin_account.php and found out this

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

that is around line54.plese look carefully at the $hiddenPassword variable as it is suppose to hold the new password.but in this case, there is no other variables that definining the $hiddenPassword.therefore, since the password should not be encrypted(to be send to us on the email) i take the variable

$HTTP_POST_VARS['admin_password']

which i found around line 46 in $sql_data_array variable.and then..it works!!.. :lol:

onimusha watanabe

Link to comment
Share on other sites

  • Replies 297
  • Created
  • Last Reply

Top Posters In This Topic

I have installes osc2.2_ms1 fresh and admin access. After loading the .sql file via phpmyadmin and copying all the files in. I get an error when entering the admin site..

 

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in /var/www/sals/admin/index.php on line 24

 

Any suggestions?

 

I get the same problem. Any suggestions people!?

Link to comment
Share on other sites

First, I LOVE this contribution, thanks! I was wondering how to change the address that the emails say they are coming from (mine is showing something like [email protected]) to the email address set in the store configuration?

 

When you're on a shared server, the return address isn't even the same as your store domain. I know you're not supposed to reply anyway but I'd prefer for the return address to be the one I set for the store.

 

Thanks.

Stretchr

"It's a small world...

But I wouldn't want to paint it!"

Stephen Wright

Link to comment
Share on other sites

  • 2 weeks later...
I have installes osc2.2_ms1 fresh and admin access. After loading the .sql file via phpmyadmin and copying all the files in. I get an error when entering the admin site..

 

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in /var/www/sals/admin/index.php on line 24

 

Any suggestions?

 

I had the same problem too but I figured it out... other than the fact that we need more moderators... another reason that no one answered your question is because the answer is in the README file...

 

You have to actually make some edits/hacks to existing files... the README file "section D" tells you what files to change... and what files to take the changes from...

 

latez!

Link to comment
Share on other sites

Since I haven't gotten an answer, I'll try this post again. Can someone tell me how to change the From field for emails that are sent out by the system when this hack is installed? Instead of using the setting specified in admin, it's using root@

 

I've looked everywhere I can think of so if someone out there can point me in the right direction, I'd appreciate it.

 

Cheers,

"It's a small world...

But I wouldn't want to paint it!"

Stephen Wright

Link to comment
Share on other sites

i followed the readme file exactly imported the sql tabels via phpmyadmin: all ok

 

edited all the .php files in the Admin folder as described.

 

now when I go to the admin folder I get ?

 

 

Fatal error: Call to undefined function: tep_admin_check_login() in /home/www/mywebsite.com/wwwroot/catalog/admin/index.php on line 14

 

 

and line 14 is:

 

 

<?php

/*

 $Id: index.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

 

 require('includes/application_top.php');

 :arrow: tep_admin_check_login(basename($PHP_SELF));

 

 

what did I miss here ?

 

Is nobody going to answer? this IS a support forum isnt it?

 

I have the exact same error after installing Admin Acces plugin.

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/public_html/shop/index.php on line 24

 

Please help iwith possible solutions

Link to comment
Share on other sites

 

Fatal error: Call to undefined function: tep_admin_check_login() in /home/www/mywebsite.com/wwwroot/catalog/admin/index.php on line 14

 

 

and line 14 is:

 

 

<?php

/*

 $Id: index.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

 

 require('includes/application_top.php');

 :arrow: tep_admin_check_login(basename($PHP_SELF));

 

 

what did I miss here ?

 

Is nobody going to answer? this IS a support forum isnt it?

 

I have the exact same error after installing Admin Acces plugin.

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/public_html/shop/index.php on line 24

 

Please help iwith possible solutions

 

Hi,

--To make sure, please use the last version (1.2)!

 

In the last version, the function tep_admin_check_login() .

 

To make this work, you have to call this function after all other function. In other words, you have to put the function calling in the last line of application_top.php, before end tag (?>).

 

// check login  

 if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) { 

   tep_admin_check_login(); 

 }

Link to comment
Share on other sites

Hi Stretchr,

 

The email setting in this contribution use the same way with other OSC email handling, like checkout email and sign up new member. The function of email sending is tep_mail. I still don't understand why the sender come from [email protected].

 

Anyway, maybe in your OSC version there are different configuration of STORE_OWNER. Please take a look another email function on your OSC.

 

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

Regards

Zaenal

 

First, I LOVE this contribution, thanks! I was wondering how to change the address that the emails say they are coming from (mine is showing something like [email protected]) to the email address set in the store configuration?

 

When you're on a shared server, the return address isn't even the same as your store domain. I know you're not supposed to reply anyway but I'd prefer for the return address to be the one I set for the store.

 

Thanks.

Stretchr

Link to comment
Share on other sites

 

Fatal error: Call to undefined function: tep_admin_check_login() in /home/www/mywebsite.com/wwwroot/catalog/admin/index.php on line 14

 

 

and line 14 is:

 

 

<?php

/*

 $Id: index.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

 

 require('includes/application_top.php');

 :arrow: tep_admin_check_login(basename($PHP_SELF));

 

 

what did I miss here ?

 

Is nobody going to answer? this IS a support forum isnt it?

 

I have the exact same error after installing Admin Acces plugin.

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/public_html/shop/index.php on line 24

 

Please help iwith possible solutions

 

Hi,

--To make sure, please use the last version (1.2)!

 

In the last version, the function tep_admin_check_login() .

 

To make this work, you have to call this function after all other function. In other words, you have to put the function calling in the last line of application_top.php, before end tag (?>).

 

// check login  

 if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) { 

   tep_admin_check_login(); 

 }

 

I just installed version 1.2

Function tep_admin_check_login wasn't in application_top.php. It was in general.php. I moved it myself, so it looks like this:

 

// MSGCHG Admin Account -------------------------------

//Check login and file access

function tep_admin_check_login() {

global $PHP_SELF, $login_groups_id;

if (!tep_session_is_registered('login_id')) {

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

} else {

$filename = basename( $PHP_SELF );

if ($filename != FILENAME_DEFAULT && $filename != FILENAME_FORBIDEN && $filename != FILENAME_LOGOFF && $filename != FILENAME_ADMIN_ACCOUNT && $filename != FILENAME_POPUP_IMAGE && $filename != 'packingslip.php' && $filename != 'invoice.php') {

$db_file_query = tep_db_query("select admin_files_name from " . TABLE_ADMIN_FILES . " where FIND_IN_SET( '" . $login_groups_id . "', admin_groups_id) and admin_files_name = '" . $filename . "'");

if (!tep_db_num_rows($db_file_query)) {

tep_redirect(tep_href_link(FILENAME_FORBIDEN));

}

}

}

}

 

// check login

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) {

tep_admin_check_login();

}

//End Admin Account---------------------------------------

?>

 

Now, I'm getting the error message:

Fatal error: Call to undefined function: tep_redirect() in /.../catalog/admin/includes/application_top.php on line 286

 

Do I need to move tep_redirect() from general.php into application_top.php as well? Don't other things depend on finding it in general.php? I suppose I could copy it instead of moving it?

 

What am I missing here?

 

Thanks,

-Matt

Link to comment
Share on other sites

Got it!

 

application_top_php said:

// ADD the following line to AFTER: // define our general functions used application-wide

// require(DIR_WS_FUNCTIONS . 'general.php');

// require(DIR_WS_FUNCTIONS . 'html_output.php');

//------------------------------------------------

// include the password crypto functions

require(DIR_WS_FUNCTIONS . 'password_funcs.php');

//------------------------------------------------

 

Which I took to mean "Comment Out:"

require(DIR_WS_FUNCTIONS . 'general.php');

// require(DIR_WS_FUNCTIONS . 'html_output.php');

Link to comment
Share on other sites

Now, I'm getting the error message:

Fatal error: Call to undefined function: tep_redirect() in /.../catalog/admin/includes/application_top.php on line 286

 

Do I need to move tep_redirect() from general.php into application_top.php as well?  Don't other things depend on finding it in general.php?  I suppose I could copy it instead of moving it?

 

What am I missing here?

 

Thanks,

-Matt

 

 

Nop, nop...

To make this contribution suitable with OSC structure and development, I put all functions in includes/general.php. So, let function tep_admin_check_login() stayed in that file.

 

You can CALL this function from includes/application_top.php or from any other files.

 

zaenal

Link to comment
Share on other sites

Pardon to use a translating program.

 

I have installed without error admin account and when trying to consent to the panel of administration of my store he/she appears me a new blue screen requesting me e-mail and password. I have used both that are mentioned in the forum but I cannot enter in the store. I don't have way to pass to the panel because it doesn't accept me none of the e-mail or password.

That I can make to solve this?

Thank you

Link to comment
Share on other sites

I hope I can be understood:

 

I have been able to enter in the control panel using admin@localhost and test@localhost, not you because he/she gave me before error.

Now they appear me new problems:

 

1. Registration a new user with his name and mail, but the password cannot register it neither he gives me option any so that it was sent to the mail address.

 

2. To try to enter with the name and the new user's e-mail I make click it has more than enough password forgotten and it happens the following thing:

 

2.a he/she sends me 2 e-mail: one with the password and another with ADMIN_EMAIL_TEXT

2.b. If again I pulse on password alone forgotten again he/she sends me an e-mail with ADMIN_EMAIL_TEXT and without any password.

 

I don't have way to create a new user so that he/she can enter in the control panel. :(

Link to comment
Share on other sites

2.a he/she sends me 2 e-mail: one with the password and another with ADMIN_EMAIL_TEXT

2.b. If again I pulse on password alone forgotten again he/she sends me an e-mail with ADMIN_EMAIL_TEXT and without any password.

 

This is the bug of version 1.2. You can find the answer by searching previous thread in this forum.

 

+++

About your problems, you say that you have sucsefully login the ADMIN. Do you have change any password?

 

 

zaenal

Link to comment
Share on other sites

I got the Admin Account contribution installed properly and working. Yesss!!!

 

1) But one of the contributions I added previously "disapeared." Any idea how to get it back? It was the review approval functionality:

http://www.oscommerce.com/community/contri...tions,76/page,8

It changed/added the following:

/catalog/reviews.php

/catalog/product_reviews.php

/catalog/includes/boxes/reviews.php

/catalog/includes/languages/English/product_reviews_write.php

/catalog/admin/reviews.php

/catalog/admin/includes/languages/English/reviews.php

 

I need to add some functionality to OSC for a client, which I can submit as a contribution if there is any interest (email if so).

[specifically (and off topic here, just FYI), we need to add an account rep interface and put the account rep's ID into the record of any customers the account rep signs up -- so that the rep will continue receiving commissions even if the customer goes directly to the website for future purchases.]

The Admin Account interface should work perfectly for this; my question is

2) How can I add our account rep functionality so that this new module will show up in Define Groups (probably under Modules) so that I can assign permission to the proper user group?

 

3) Under File Access, Store Files the pulldown box always contains only the same two choices (english.php and footer.php). How is this supposed to work?

 

And my final question (and I suspect these are all interrelated):

4) Also, when I look under Customers in File Access, I see customers.php and orders.php, which correspond to the choices under the Customers menu, but when I look under Modules in File Access, I don't see any files corresponding to Payment, Shipping, Order Total, all I see is modules.php. Is this how it's supposed to work?

 

Thanks,

-Matt

Link to comment
Share on other sites

I got the Admin Account contribution installed properly and working. Yesss!!!

 

1) But one of the contributions I added previously "disapeared." Any idea how to get it back? It was the review approval functionality:

 

Thanks,

-Matt

 

You can add the folder (left menu) and the files trough admin panel. Go to administration menu, and click File Access. Here you can find ability to add/remove left-menus and files.

 

zaenal

Link to comment
Share on other sites

I am trying to discover reason when I make click it has more than enough password forgotten he/she sends me alone an e-mail with ADMIN_EMAIL_TEXT, but any password.

Lament not to know enough English but if some was so kind of indicating me what changes I should carry out so that when pressing password forgotten he/she sent me in password he/she would thank it to him.

Link to comment
Share on other sites

You can add the folder (left menu) and the files trough admin panel. Go to administration menu, and click File Access. Here you can find ability to add/remove left-menus and files.

 

Not sure how to add/remove the files. (See question 3 of my post:)

3) Under File Access, Store Files the pulldown box always contains only the same two choices (english.php and footer.php). How is this supposed to work?

 

I suspect it has something to do with the database. I'm trying:

INSERT INTO admin_files VALUES (43, ?sales_rep.php', 1, 0, '1,18');

(This is to do with question 2 of my post)

Here's my guess at a data dictionary for that table:

admin_files_id int(11) NOT NULL auto_increment,

admin_files_name varchar(64) NOT NULL default '',

admin_files_is_boxes tinyint(5) NOT NULL default '0', 1 if this is a box

admin_files_to_boxes int(11) NOT NULL default '0', ID# of the box this file goes under. 0 if this entry is a box itself

admin_groups_id set('1','2') NOT NULL default '1', This set apparently allows values other than 1 and 2. What does this field mean? The groups that are allowed to use this file/box I imagine.

 

But should I be doing this from the database? And why are the only files I can choose from the pulldown under File Access, Store Files english.php and footer.php?

 

Thanks,

-Matt

Link to comment
Share on other sites

I have already been able to solve the problem that was presented with the shipment when pulsing on password forgotten of an e-mail without password. The solution was in a post of onimusha. :D

However now I have a new problem :( :

When receiving the mail with the new password he/she appears me as address of the page:

http://www.domain.com/shop/admin

 

When pulsing on that address he/she appears me a popup requesting me the old oscommerce password when I installed the store for the first time without "Admin account with level", after writing user's name and password finally appears me the page where I am requested e-mail and password of "admin account with level", he/she would need that appears the address:

http://www.domain.com/shop/admin/index.php

 

If appears that second address the error it would not be made of requesting me the old password of oscommerce.

Thank you

Link to comment
Share on other sites

3) Under File Access, Store Files the pulldown box always contains only the same two choices (english.php and footer.php). How is this supposed to work?

 

And my final question (and I suspect these are all interrelated):

4) Also, when I look under Customers in File Access, I see customers.php and orders.php, which correspond to the choices under the Customers menu, but when I look under Modules in File Access, I don't see any files corresponding to Payment, Shipping, Order Total, all I see is modules.php. Is this how it's supposed to work?

 

Thanks,

-Matt

 

3) The script automatically check:

 

4) Each have only one file. Like configuration menu, it's use one file.

 

 

zaenal

Link to comment
Share on other sites

Pardon to be insistent but I believe that not you very well the following thing:

Will the password and user's name that I had in oscommerce always request it to me when he/she tries to consent to the control panel?

I supposed that starting from installing admin account he/she don't request it again but rather they would begin to be used the new passwords and user's names.

I already see that it is independent that it is written:

http://www.domain.com/shop/admin

http://www.domain.com/shop/admin/index.php

In both cases he/she requests me old user's name and their password.

Please alone I want to know if I am in an error or it is the normal thing:

First he/she appears me a popup requesting me user's name and password oscommerce natives and later those of " admin account ". Is this the normal thing or does something work bad?

Thank you

Link to comment
Share on other sites

Pardon to be insistent but I believe that not you very well the following thing:

Will the password and user's name that I had in oscommerce always request it to me when he/she tries to consent to the control panel?

I supposed that starting from installing admin account he/she don't request it again but rather they would begin to be used the new passwords and user's names.

I already see that it is independent that it is written:

http://www.domain.com/shop/admin

http://www.domain.com/shop/admin/index.php

In both cases he/she requests me old user's name and their password.

Please alone I want to know if I am in an error or it is the normal thing:

First he/she appears me a popup requesting me user's name and password oscommerce natives and later those of " admin account ". Is this the normal thing or does something work bad?

Thank you

 

My English not so well, I apologize for that.

I think I don't really understand your question. Can you explain it again?

 

Anyway...

You say that the login password appears twice: first, by "password oscommerce native", and second by "admin account". IF the first (native password) provided by something like .httaccess or .httpassword, it's good things because it make double protection for your Admin area.

 

 

zaenal

Link to comment
Share on other sites

This is a more generic PHP question:

 

When the new account email gets sent (on either yahoo or macmail, probably all), the text appears all on one line despite the n's interspersed in the code. Is another control character needed to ensure a proper linefeed/carriage return?

 

define('ADMIN_EMAIL_TEXT', 'Hi %s,' . "nn" . 'You can access the Administration Interface with the following password. Once you access the Administration Interface, please change your password!' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

 

Here's what I get:

Hi Joe, You can access the admin panel with the following password. Once you access the admin, please change your password! Website : http://www.xxxxxxxxx/ Username: xxxxxxx Password: xxxxxx Thanks! xxxxxx Corporation This is an automated response, please do not reply!

 

Thanks,

 

-Matt

Link to comment
Share on other sites

You could try a 'rn' (DOS, or a Mac 'r'). Officially, mail servers are supposed to use the 'rn'. If you are sending your emails in HTML, you would want a <br> (HTML ignores EOLs).

 

Hth,

Matt

Link to comment
Share on other sites

I only get the error when I receive email of a login failure, so I think the problem is here:

// Send the Email to Store Owner

 if (EMAIL_ADMIN_LOGIN_ERROR == 'true') {

   tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_FAIL_TEXT_SUBJECT, sprintf(EMAIL_FAIL_BODY, date("m/d/Y G:i:s"), getenv('REMOTE_ADDR'), getenv('HTTP_USER_AGENT'), getenv('HTTP_REFERER'),$att_email, $att_pass ), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');

 }

I don't see where it ever uses the EMAIL_FROM field? Could it be because there is no From entry the mail server is putting in the default "root" address? If so, where would I add the EMAIL_FROM to this code?

Thanks

Hi Stretchr,

 

The email setting in this contribution use the same way with other OSC email handling, like checkout email and sign up new member. The function of email sending is tep_mail. I still don't understand why the sender come from [email protected].

"It's a small world...

But I wouldn't want to paint it!"

Stephen Wright

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...