Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Admin Account with Access Level


Parikesit

Recommended Posts

  • Replies 297
  • Created
  • Last Reply

Top Posters In This Topic

I found a way just after I posted.

 

Change the email in the database to your email, then go to the admin page and use the password forgotten link. Enter the firstname and the email from your database. Check your email and you should have a new randomly generated password.

Edited by iucvivivi
Link to comment
Share on other sites

Hi,

 

I have installed the package as per your README instructions, but when I go to the Admin I get the following message;

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in C:\Program Files\Apache Group\Apache2\htdocs\oscommerce\catalog\admin\index.php on line 24

 

Can you help?

 

Many thanks,

 

Steven

Link to comment
Share on other sites

Hi,

 

I have installed the package as per your README instructions, but when I go to the Admin I get the following message;

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in C:\Program Files\Apache Group\Apache2\htdocs\oscommerce\catalog\admin\index.php on line 24

 

Can you help?

 

Many thanks,

 

Steven

:(

 

I got the same error ......

Edited by wong1234
Link to comment
Share on other sites

Here's the error message that I'm getting... Someone please help...

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/nothinfa/public_html/shop/admin/index.php on line 17

Link to comment
Share on other sites

Hello, I installed your Admin panel. I got to the dialog box to log in but the password in the database is encrypted. How do I log into the admin at this point? I tried resetting the password and I just got the following in my email:

 

ADMIN_EMAIL_TEXT

 

Can you help me? What do I need to do?

Link to comment
Share on other sites

Hey Quick question,

 

I have MS2 and I have installed over 24 contributions to it and it works perfect, backed up every time I installed something. When looking at this contrib I knew it was a keeper for the very end.

 

Got it installed now, but I only have the features in Admin. I have turned on the other modules but none of the files are accessable because I don't have the proper permission level to access the features.

 

I have changed the files as to what the other files were changed in admin/includes/boxes but when I do that I can't even access the features in admin...basically what I am saying is...It's 3am and I am about to die. What is the proper concept for integration of non-core admin modules so they work with Account Access? If you had your bare bones system setup, how would you install a contrib into the backend using this package?

 

Thanks so much!

Brad

cruz AT shaw DOT CA

Link to comment
Share on other sites

  • 2 weeks later...

How can we increase the timeout value in the admin section?

 

I see where this question has been asked several times throughout the forum but no replies to any of them. Anyway this is a very good mod but just need to figure this out because a lot of the time before we can finish typing up replies, etc to customers only to loose them when submiting due to login timing out.

**Please remember any coding I post is use at you own risk... We are not responsible for any damages, downtime, etc.**

Link to comment
Share on other sites

I found the error in password forgotten tep_mail.

Please paste these line to admin/includes/languages/english/login.php

 

define('ADMIN_EMAIL_SUBJECT', 'OsC Admin Member');
define('ADMIN_EMAIL_TEXT', 'Hi %s,\n\n You can access the admin panel with the following password. Once you access the admin, please change your password! \n\n ?Website : %s \n ?Username: %s \n ?Password: %s \n\n Thanks! \n %s \n This is an automated response, please do not reply!');

Regard's

zaenal

 

I pasted this in and it makes it so the password displays properly when new admin is created, but the forgotten password email doesn't work. It displays ADMIN_EMAIL_SUBJECT and ADMIN_EMAIL_TEXT. Anyone know the fix for this?

 

A little helpless,

DC

Link to comment
Share on other sites

  • 3 weeks later...

i installed version 2.3 but have problem now. access to every page under /admin/ will lead to http 404 (file not fund) error.

 

what is wrong? is it cauces by that i am using mydomain.com/stores/admin instead of original mydomain.com/catalog/admin?

 

thanks in advance for any help.

Link to comment
Share on other sites

  • 2 weeks later...
How can we increase the timeout value in the admin section?

I'm not sure it's a good way to do it, but try this:

 

Replace in admin/includes/functions/sessions.php:

 

  if (STORE_SESSIONS == 'mysql') {
   if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
     $SESS_LIFE = 1440;
   }

 

With:

 

  if (STORE_SESSIONS == 'mysql') {
#    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
#      $SESS_LIFE = 1440;
// 3600 is 1 hour, so 36000 is 10.
     $SESS_LIFE = 36000;
#    }

 

It works. There is time out after 10 hours of idle time (I tried with 10 secondes, but it must be equal with 36000)

Link to comment
Share on other sites

  • 1 month later...

I have worked out most of the kinks of the Admin Mod.

 

I did make a quick change to separate out the forgotten password code:

define('ADMIN_FORGOTPSSWD_SUBJECT', 'Forgot Password');
define('ADMIN_FORGOTPSSWD_TEXT', 'Hi %s,' . "\n\n" . 'You can access the admin panel with the following password. Once you access the admin, please change your password!' . "\n\n" . 'Website : %s' . "\n" . 'Username: %s' . "\n" . 'Password: %s' . "\n\n" . 'Thanks!' . "\n" . '%s' . "\n\n" . 'This is an automated response, please do not reply!');

 

and used the constants in password_forgotten.php

        tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_FORGOTPSSWD_SUBJECT, sprintf(ADMIN_FORGOTPSSWD_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

HOWEVER:

For some reason now I cannot delete any of the admin accounts. It just displays "Delete Permission" with a "back" button and I cannot delete the specified user. Is this a file permissions thing? A site admin permissions thing? Please help

Link to comment
Share on other sites

It has to do with the code in admin_members.php

 

Line 433-442:

case 'del_member':
     $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_DELETE . '</b>');
     if ($mInfo->admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS) {
     $contents[] = array('align' => 'center', 'text' => '<br><a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $mInfo->admin_id) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a><br> ');
     } else {
     $contents = array('form' => tep_draw_form('edit', FILENAME_ADMIN_MEMBERS, 'action=member_delete&page=' . $page . '&mID=' . $admin['admin_id'], 'post', 'enctype="multipart/form-data"'));
     $contents[] = array('text' => tep_draw_hidden_field('admin_id', $mInfo->admin_id));
     $contents[] = array('align' => 'center', 'text' =>  sprintf(TEXT_INFO_DELETE_INTRO, $mInfo->admin_firstname . ' ' . $mInfo->admin_lastname));
     $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $HTTP_GET_VARS['mID']) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
     }

 

the code

admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

 

seems counter intuitive as admin delete rights should be admin_groups_id==1 so i think this should be:

 

admin_groups_id != 1 || $mInfo->admin_email_address != STORE_OWNER_EMAIL_ADDRESS

 

Does this make since? I would like some feedback to make sure this is right

Link to comment
Share on other sites

The code:

admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

 

was the issue. I had change the email of the store owner on the production site from the development site. The email of the user site admin was still using the development site email address. These have to match or the site admin does not have the right permissions to delete other site admins. Bizarre. Any suggestions to make this more stable would be great.

Link to comment
Share on other sites

  • 2 weeks later...
Hey Quick question,

What is the proper concept for integration of non-core admin modules so they work with Account Access? If you had your bare bones system setup, how would you install a contrib into the backend using this package?

I've got this same problem. Sorry for the entry. I want to be emailed if anyone replies to this and didn't see a "Monitor" option in the forum. This should do it.

Link to comment
Share on other sites

  • 3 months later...

trying to figure out how this works. Want to know where the code is that determines what is allowed in the admin area and how it gets the login id. Need to know this to make mods in my report that only allows orders to be displayed in the reports by the login id. I know what I'm doing - just can't find the code that does it.

 

What I want to do is to link the group to a vendor's login. Then I will create an id in the product to indicate which vendor supplies this product. When any order reports are requested by that vendor by logging into the admin area - he will only see the reports because thats what his group allows. But the reports will also look at his login (thats why I need to know how to do above) and get the vendor code and only select order/sales details valid for his products.

 

This gives me vendor reports that are available at call - I don't have to periodically run them and send them.

 

Can ayone help with the above?

Maybe the author of the contrib???

 

Joe

Link to comment
Share on other sites

  • 2 weeks later...

I cannot find some specific information on this contribution and have not installed it yet.

 

Does this contribution just hide admin pages from people who are not configured to access them?

 

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

 

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

Link to comment
Share on other sites

I cannot find some specific information on this contribution and have not installed it yet.

 

Does this contribution just hide admin pages from people who are not configured to access them?

 

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

 

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

no if you try to access a page and your permission is not set then you will get bounced it is all controlled by status flags in the database.

 

If you try to go directly to a page then you will be bounced to the login.

 

It follows along these lines user id group id and there are checks if the encrypted password + user id + group id have any part wrong then no access is granted.

No longer giving free advice. Please place deposit in meter slot provided.  Individual: [=] SME: [==] Corporation: [===]
If deposit does not fit one of the slots provided then you are asking too much! :P

Is your Osc dated try Phoenix  raising oscommerce from the ashes.

Link to comment
Share on other sites

Thanks, this sounds like what I want. I think I'll fresh install OSCommerce on a box and add the contribution and test it out.

 

Thanks for the information!

 

Mark

Edited by Lavarock
Link to comment
Share on other sites

This contribution works great, but I've found a bug relating to the functions/general.php file. After modifying this file for the contrib, line 19 redirects the user if the session is not registered. The problem I'm seeing is for forms that submit to their own page. On my Windows server if you use one of the Search boxes in Admin, you'll get redirected to login because the form isn't sending the osCAdminID in the URL.

 

I also see osCAdminID in the URL on every other page, which I didn't see on my Unix server. Any ideas why?

 

Can someone figure out this redirect bug?

Link to comment
Share on other sites

I am missing catalog.php and administrator.php, also I made a new account with very limited access but if I log in with that account I have full access there is no difference from the top admin account. Please Help

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...