Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Admin Account with Access Level


Parikesit

Recommended Posts

Ok here is what I found, if I log on as guest I have no access but if I log on as sales_team I have full access even though that account has very limited access and still missing those files, any help would be great. by the was what is "store files" for?

Link to comment
Share on other sites

  • Replies 297
  • Created
  • Last Reply

Top Posters In This Topic

I am missing catalog.php and administrator.php, also I made a new account with very limited access but if I log in with that account I have full access there is no difference from the top admin account. Please Help

anyone?

Link to comment
Share on other sites

What do you mean that you are "missing" the files?

 

My version of "Multi_Admin_With_Levels", the README.TXT file starts with "02/29/2004 //added by Mett"

 

It was in a directory called "changed files". These are files that it seems were not new and which you might have to modify your current file with text from these files.

 

Here is an example of what I think happens when deciding to display CATEGORIES, you configure whether someone can access CATEGORIES.

 

In Admin's copy of catalog.php, they changed:

 

'<a href="' . tep_href_link(FILENAME_CATEGORIES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS . '</a><br>' .

 

to:

 

tep_admin_files_boxes(FILENAME_CATEGORIES, BOX_CATALOG_CATEGORIES_PRODUCTS) .

 

So what happens is that when it comes time to offer CATEGORIES as a selection in the box on the Admins configuration screen (left side of Admin's pages) this function "tep_admin_files_boxes" decides whether to allow that selection to show up.

 

Thus, if allowed to access CATEGORIES, display a link to CATEGORIES that they can click on.

 

If your restricted Admin can see all items, then either you did not replace the text in the files (such as catalog.php), or you allowed this user to access this command by not turning off a checkbox in the Admin configuration.

 

My guess? You extracted the files and copied them into your Admin directories. If you have a directory called "changed files" then you did not open and replace text from the original file with changes from the "changed files" text.

 

A copy of my catalog.php which works is:

 

<?php

/*

$Id: catalog.php,v 1.21 2003/07/09 01:18:53 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

?>

<!-- catalog //-->

<tr>

<td>

<?php

$heading = array();

$contents = array();

 

$heading[] = array('text' => BOX_HEADING_CATALOG,

'link' => tep_href_link(FILENAME_CATEGORIES, 'selected_box=catalog'));

 

if ($selected_box == 'catalog') {

$contents[] = array('text' =>

//Admin begin

// '<a href="' . tep_href_link(FILENAME_CATEGORIES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS_ATTRIBUTES . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_MANUFACTURERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_MANUFACTURERS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_REVIEWS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_REVIEWS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_SPECIALS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_SPECIALS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_PRODUCTS_EXPECTED, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_PRODUCTS_EXPECTED . '</a>');

tep_admin_files_boxes(FILENAME_CATEGORIES, BOX_CATALOG_CATEGORIES_PRODUCTS) .

tep_admin_files_boxes(FILENAME_PRODUCTS_ATTRIBUTES, BOX_CATALOG_CATEGORIES_PRODUCTS_ATTRIBUTES) .

tep_admin_files_boxes(FILENAME_MANUFACTURERS, BOX_CATALOG_MANUFACTURERS) .

tep_admin_files_boxes(FILENAME_REVIEWS, BOX_CATALOG_REVIEWS) .

tep_admin_files_boxes(FILENAME_SPECIALS, BOX_CATALOG_SPECIALS) .

tep_admin_files_boxes(FILENAME_PRODUCTS_EXPECTED, BOX_CATALOG_PRODUCTS_EXPECTED));

//Admin end

}

 

$box = new box;

echo $box->menuBox($heading, $contents);

?>

</td>

</tr>

<!-- catalog_eof //-->

 

I will go back and remove the original lines:

 

// '<a href="' . tep_href_link(FILENAME_CATEGORIES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS_ATTRIBUTES . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_MANUFACTURERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_MANUFACTURERS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_REVIEWS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_REVIEWS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_SPECIALS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_SPECIALS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_PRODUCTS_EXPECTED, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_PRODUCTS_EXPECTED . '</a>');

 

before going into production

Link to comment
Share on other sites

Hi folks,

 

I downloaded and installed the Multi Admin Contib and it?s a great help to me.

 

 

I?m just setting up the store and I want to give access to select friends and foes so that they can share the mullah. J

 

I just have one doubt. How do I allocate passwords to new Admin? I mean I create a new Member, but I don?t see any place where I can allocate a password.

 

But, when I try to test login with that Admin password, it asks me for a password and I notice it creates one in the DB also.

 

Right now I?ve created an alternate Login using the Guest admin, but what happens when I need to allocate more admin?

 

Would appreciate any help in this regard

 

Cheers and keep the party alive??

--- DontheCat ---

 

Obviously the truth is what's so

Not so obviously, it's also so what.

Link to comment
Share on other sites

OOps about the previous qusery ! I got the solution.

 

This is one great contrib.

 

Keep the party alive......

--- DontheCat ---

 

Obviously the truth is what's so

Not so obviously, it's also so what.

Link to comment
Share on other sites

Hi again.

 

Is there is a way to "skip" the admin/index.php file or at least its content: when a person with certain admin privileges gets in the admin tool, the fist page they see is a "full" possibilities menu... most of these are "dead" options. when they click on one of these options, they get to the admin tool with the

No Right Permission Access // Please contact your Web Administrator to request  more access or if you found any problem.

 

dialog. Is there a way to show just the options they could use on the index.php ??

 

thank you.

shutiri.

Link to comment
Share on other sites

Exactly. It would be gr8 if the person with restricted priveleges are not presented with all the options. They are sure to get confused.

 

Ideally, most of my sub-admin are given rights to the Catalog Box, which I presume will be the same for most users.

 

Can they directly go to the Admin without the opening screen?

 

Cheers

--- DontheCat ---

 

Obviously the truth is what's so

Not so obviously, it's also so what.

Link to comment
Share on other sites

You simply have to change in the file admin/login.php

          tep_redirect(tep_href_link(FILENAME_DEFAULT));

With something like this

          //tep_redirect(tep_href_link(FILENAME_DEFAULT));
         tep_redirect(tep_href_link(FILENAME_CATEGORIES));

 

Where you'll change "FILENAME_CATEGORIES" by the constant name of where you want to take your admins. (cf. the file admin/includes/filenames.php)

 

 

And if you have time, you can not so hardly tweak the admin/index.php file for showing only the authorized areas. Testing can be done by using the code in admin/includes/functions/general.php, the function named "tep_admin_check_login()".

But I have no time... ^_^;

 

HTH

--

moku

Link to comment
Share on other sites

Lavarock,

1st thanks for the help. In index.php it showes "Administrator

Members, File Access" on the bottom left, now if you are loged in as admin it takes you to administrator.php which I don't have and if your loged in with a limited account it takes you to catalog.php. I copied your text into notepad and saved it as catalog.php and uploaded it to the folder but get error "Fatal error: Call to undefined function: tep_href_link() in /home/willow/public_html/admin/catalog.php on line 21" I could have put it in the wrong place though or misunderstood what you were saying.

<br>

when I installed the mod I put all the admin files in the admin folder and then with the changed files I overwrote whatever I had with the new files and made changes to the files I was told to. I have an account for sales and they have very limited access but for some reason it will let them into everything even if it is locked down. I'm unclear what to do from here, I will try again tomorrow to overwright all the files and see what happens, any insite or ideas would be most welcome.

Thnaks,

Charlee

Link to comment
Share on other sites

I don't know if this could be of any help to anyone, but hey, at least it's here.

 

If you want to directly go to a page of your admin directory and are not yet identified, then you are redirected to login.php and have to say again where you want to go after being autenthificated. Here is a little patch for remembering where you wanted to go and taking you there.

 

admin/includes/functions/general.php

Modify the tep_admin_check_login() function like this:

Before:

  if (!tep_session_is_registered('login_id')) {
   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 } else {

After:

  if (!tep_session_is_registered('login_id')) {
   $redir = urlencode("http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
   tep_redirect(tep_href_link(FILENAME_LOGIN, 'redir=' . $redir, 'SSL'));
 } else {

 

admin/login.php

Around line 50, modify like this:

Before:

          tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));
       } else {
         tep_redirect(tep_href_link(FILENAME_DEFAULT));
       }

After:

          tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));
       } else {
         $redir = urldecode($HTTP_POST_VARS['redir']);
         tep_redirect("$redir");
       }

 

And around line 100, modify like this:

Before:

          <tr bgcolor="#080381">
           <td colspan="2" align="center" valign="middle">
                         <?php echo tep_draw_form('login', 'login.php?action=process'); ?>
                           <table width="280" border="0" cellspacing="0" cellpadding="2">
                             <tr>

After:

          <tr bgcolor="#080381">
           <td colspan="2" align="center" valign="middle">
                         <?php echo tep_draw_form('login', 'login.php?action=process'); ?>
                           <?php
                           if ($HTTP_GET_VARS['redir']) {
                             $redir = urlencode($HTTP_GET_VARS['redir']);
                             echo '<input type="hidden" name="redir" value="' . $redir . '">';
                           }
                           ?>
                           <table width="280" border="0" cellspacing="0" cellpadding="2">
                             <tr>

 

If someone see a better way to know the $redir contents (if https and not http, etc.), please say it.

 

Hope this will help.

 

(sorry for my english...)

Link to comment
Share on other sites

I am finding a minor problem.

 

When you login as an administrator you end up at /admin/index.php

 

There are two new categories:

 

MY ACCOUNT and ADMINISTRATOR

 

When I click on the header ADMINISTRATOR, the page tries to access a path of administrator.php?selected_box=administrator you can see this in the status line in most browsers.

 

ADMINISTRATOR.PHP does not exist in the /admin directory. There IS a needed file in the /includes/boxes directory, so once you get to a screen, you can use the box in the upper right to go to other pages. The admin directory file is certainly missing from my downloaded ZIP file.

 

A quick fix I guess is to edit admin/index.php and change ADMINISTRATOR.PHP to ADMIN_ACCOUNT in the two places

 

OR

 

on the server, you could copy /admin/admin_account.php to create a new files called /admin/administrator.php

 

I am not sure what the menu ADMINISTRATOR.PHP is supposed to contain, this at least keeps the menus working.

 

Someone more familiar with the contribution may be able to suggest what the ADMIN/ADMINISTRATOR.PHP file is supposed to contain.

Link to comment
Share on other sites

A quick fix I guess is to edit admin/index.php and change ADMINISTRATOR.PHP to ADMIN_ACCOUNT in the two places

 

OR

 

on the server, you could copy /admin/admin_account.php  to create a new files called /admin/administrator.php

I posted a bit too soon :huh:

 

A cleaner fix might be to edit admin/index.php and change ADMINISTRATOR.PHP to ADMIN_MEMBERS in the two places

 

OR

 

on the server, you could copy /admin/admin_members.php to create a new files called /admin/administrator.php

 

It seems that if there is no specific main menu, the common thing to do is display the top item in the upper left box. In this menu, that would appear to be ADMIN_MEMBERS

 

both fixes work, but this second entry seems cleaner.

Link to comment
Share on other sites

I just installed the Administration Access Level Accounts 2.0 contribution. It seems to work, but I cannot find a way to set up a password for the new user I made. Under the admin groups section, I have 3 buttons, new permission, edit and delete. Below that it says

 

NOTE:

edit: edit group name.

delete: delete group.

define: define group access.

 

I have no define button though.

Link to comment
Share on other sites

Great Contribution....i've installed it and it seems to works fine....

 

But i'm a searching a way to better use it!!

 

since i would use it to grant access to my content providers, and would for them to see only their own products (and stats about it)...there is a way to make it possible!!

 

Any help will be higly appreciated

Link to comment
Share on other sites

"Access Denied - No Right Permission Access"

 

Please forgive me ... But I havent read the 20 previous pages on this contrib. Therefore I dont know whether this topic has allready been covered :unsure:

 

Anyhow here goes:

 

Have just installed this contrib and everything seems fine EXCEPT that I cant access my installed "Version Control & Bookmark MODULE" anymore.

 

Any suggestions to where I shall/can add installed admin contribs so I dont get my fingers slapped with an 'Access Denied'

Link to comment
Share on other sites

Annoying Logout after 1440 seconds

I'm having a problem with this contrib (as supplied through the Loaded6 package). After

24 minutes (I think) [1440 seconds], the login_id session variable expires and you're forced to login again. I've found the code which is supposed to set the lifetime of the session variables to 0 [while the browser is open] but that doesn't seem to be working. A check of session_get_cookie_params suggests it's been set correctly but it's not behaving correctly.

 

I'm using PHP 4.3.2

 

I don't want to resort to using a username/password protection for the admin site, but it's incredibly annoying that I'm forced to log in over and over throughout my time on the site.

Link to comment
Share on other sites

Thanks. That worked.

I also found that if I change the config from

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

to

 

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

it works too.

 

Brian

Link to comment
Share on other sites

I have added this contribution and it works great, the only thing is how can i add more contributions on to my Oscommerce after as it just says

"Please contact your Web Administrator to request

more access or if you found any problem."

 

How do i get round this do i have to declare the filename somewhere in the admin access?

 

Thanks

Link to comment
Share on other sites

I have added this contribution and it works great, the only thing is how can i add more contributions on to my Oscommerce after as it just says

"Please contact your Web Administrator to request

more access or if you found any problem."

 

How do i get round this do i have to declare the filename somewhere in the admin access?

 

Thanks

you need to set the permissions for the file access in admin under administration you can add the files for any added contribution and set whom has access to what

No longer giving free advice. Please place deposit in meter slot provided.  Individual: [=] SME: [==] Corporation: [===]
If deposit does not fit one of the slots provided then you are asking too much! :P

Is your Osc dated try Phoenix  raising oscommerce from the ashes.

Link to comment
Share on other sites

Have found a weird problem and can't seem to see the solution. I have installed Admin Access With Levels 1.6 contrib and also have edit orders contrib. As main admin I have no problem with anything - it all works great.

 

However, when i create a user all works well except they can not print an invoice or packing slip (they have been setup to access this area :rolleyes: ).

 

Is this a permissions problem or me being my usual stupid self and missing that one little thing?? :huh:

 

Install on MS2 - invoice button is looking for the following link;

 

http://localhost/oscommerce/catalog/admin/invoice.php?oID=6

 

Result is new window comes up "page cannot be displayed".

 

Invoice.php exists in this directory

 

Appreciate your help on this.

Edited by deepfreeze
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...