Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Admin Account with Access Level


Parikesit

Recommended Posts

Hi

I have installed:

Access with Level Account for the Admin Area of osCommerce (MS2)

For a friend of mine and everything seems to work ok except when I log in with the admin who is suppose to have full access and I try to click on the Customers link so I can see any orders I get an error stating the below message.

 

~~~~~~~~~~~~~~~~~~~~

Access Denied

 

No Right Permission Access

 

Please contact your Web Administrator to request

more access or if you found any problem.

~~~~~~~~~~~~~~~~~~~~

 

I get the same error message when I click on:

Locations / Taxes

Localization

Reports

Tools

 

Anyone got any suggestions for me.

 

He wanted me to set it up so he could have someone else input the infor for his items and just give the access to Catalog:

 

I set up a new user with just access to Catalog and this seems to work just fine, my only problem is the one stated above about the full admin access.

 

Thanks

Steve

Link to comment
Share on other sites

  • Replies 297
  • Created
  • Last Reply

Top Posters In This Topic

I am also geeting some problem related with the sessions, As when i click on a drop down menu under the Admin section (i.e Select Process,Delivery order type from order page )the system logs me off, and i have to log back in, but even if i do that it still wont let me do what i want to do, it will just log me back off again

and again?

 

Can anyone please help me out. plz... my email [email protected].

Thanks

 

 

Cheers!!

Vikram

Link to comment
Share on other sites

  • 3 weeks later...

I have this contribution installed but am wondering...do people still recommend password protecting the admin direct (ie using .htaccess) as well or is having both just overkill?

Link to comment
Share on other sites

  • 1 month later...

I've installed this contribution and it works fine BUT it seems not right.

 

1. Administrator>File Access>

I have to click twice to open the folder. there is a drop down menu on the left and it gives only choice of five files(footer,header,filenames,clumn_left,account_check) to choose from. And regardless which folders you are in, you are only given these 5 files. Is it supposed to work in this way?

 

Why do I need to include either of these files in irrelevant folders?

 

2. The password and login

Once its time out, I can't sign in again with the correct password and login name. I've to login with 'admin@localhost, admin' even though I have changed the default pw and login name. After I signed in after each time out, all the groups and new members info is gone, it becomes default.

 

I'm new to this and would like to know if this contribution supposed to work this way?

Link to comment
Share on other sites

3. The SQL database structure..

 

Can someone kindly help to explain to me what the following for?

 

admin_files_is_boxes tinyint(5) NOT NULL default '0',

admin_files_to_boxes int(13) NOT NULL default '0',

admin_groups_id set('1','2') NOT NULL default '1',

PRIMARY KEY (admin_files_id)

 

I tried to include new files and no matter how I edit the numbers, I never able to get the files in the correct place. I tried to add the following

 

INSERT INTO admin_files VALUES (43, 'templates.php', 1, 0, '1');

INSERT INTO admin_files VALUES (44, 'infobox_skin.php', 0, 10, '1');

INSERT INTO admin_files VALUES (45, 'infobox_skin_mapping.php', 0,10, '1');

 

Appreciate any help and input greatly!

Link to comment
Share on other sites

  • 8 months later...

Hi

 

Is it possible to change the location that you are directed to when you click on the Confirm button in login. At present it goes to index, I would like it to go to Categories.

 

Thanks

 

W

Link to comment
Share on other sites

  • 7 months later...
  • 1 month later...
I'm able to add new users to the admin, but i can't seem to find the place to add the password for each users. Can i know where is it?

 

I have same problem and dont know how to add login information for user. Can i do that some how? I dont understand what user group is for realy becuase i can add member but not add login information! and they must use same pass and email as admin to login

 

Anyone?

Link to comment
Share on other sites

  • 2 months later...

I'm not a php programmer but I have a moderate understanding of the script.

I'm trying to get Admin Access and the MVS 1.1 to work on the same site. The admin section does not display when everything is installed. I did correctly install this contribution on several test site with various misc installs. My problem is the general.php causing my errors. And I don't know what to look for because my PHP at localhost is not displaying any errors at all... Any ideas would be great....

 

apollo

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...

New update : admin access 2.2a - bug fix newrenderzone 19 May 2007

 

This fixes a bug in the 24 Jan 2006 2.2a full package.

 

In the admin/includes/application_top.php file, the line:

 

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) {

 

should be changed to:

 

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) !=

 

FILENAME_FORBIDDEN) {

here is an explanation for the update newrenderzone made:

 

 

Symptom: when you are an admin with restricted rights and you go to a page where you have no rights, the access denied page saying "No Right Permission Access" never loads completely.

 

Why: in the original admin access 2.2a - the access denied page (forbidden.php) requires includes/application_top.php. Here you check the login (tep_admin_check_login) and if you have no rights, you are redirected to the access denied page, which is loaded again. Again, includes/application_top.php is required and again you are redirected, etc.

 

This is why i suggest to check the login unless you are in the login page, the passwd forgotten page AND in the access denied page.

 

Note: as in 22a-README.txt provided by Chinchilla2, File Edit section, line 618, function tep_admin_check_login redirects the user except for the page FILENAME_FORBIDEN, which obviously doesn't work for the access denied page (FILENAME_FORBIDDEN)

 

That's it, if any details are missing in the explanation above, please let me know. Also, please send me your opinion.

 

 

Hope some people here tell what they think of the bugfix

MS2

Link to comment
Share on other sites

Hi man! I really love this contribution but i have a problem.

 

I need to increase the time of session in the admin, how can i do it? Anybody has the same problem than I? I´m really worried about that, please help me!!

Link to comment
Share on other sites

  • 2 weeks later...

Hi! I'm using htaccess login with ssl and Admin Account with Access Level which is quite confusing for my client since they need to log in three times (two htaccess logins and one with AAAL).

 

Therefor I wonder if I can remove the htaccess login completely? Is Admin Account with Access Level safe enough? Really safe?

Link to comment
Share on other sites

  • 2 months later...

When I am logged into admin, and go to

admin/admin_members.php?selected_box=administrator

or any other admin page, in the header to the right I am missing some langugage files for:

HEADER_TITLE_ONLINE_CATALOG

HEADER_TITLE_ADMINISTRATION

 

However, when I go into

admin/includes/languages/english.php

the language definitions are there. Where else should the langugage file definitons be located?

Link to comment
Share on other sites

  • 4 years later...

I realize this forum is rather old and somewhat outdated, and I've read every thread on this forum more than once, so here goes...

 

I've installed this contribution on my extremely modified osc v2.3.1 (I've added so many contributions I lost count, from both v2.3.1 and v2.2-which I modified for v2.3.1). After some modifying and tweaking things to work in this osc version, everything seems to work fine now.

 

I even installed the add-on from post #31 for File Logging or Email for Failed Login Attempts. Had some tweaking on that as well.

 

 

And for my version of this contribution (v2.3.4 dated 15nov2009, which actually holds the stuff for v2.3.3), it was missing the files: admin/password_forgotten.php and admin/style.css. The instructions also still state that:

 

Look for

if (function_exists('ini_get') && ((bool)ini_get('file_uploads') == false) ) {

$messageStack->add(WARNING_FILE_UPLOADS_DISABLED, 'warning');

}

 

add bellow

 

// BOE Access with Level Account (v. 2.2 RC2A) for the Admin Area of osCommerce (MS2) 2 of 2

// comment out below line to disable this contribution

if (basename($PHP_SELF) != FILENAME_LOGIN_ADMIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {

tep_admin_check_login();

}

// EOE Access with Level Account (v. 2.2 RC2A) for the Admin Area of osCommerce (MS2) 2 of 2

....but it should be added before the final ?> at the end of the page.

 

 

 

I have a couple of issues of course...:

 

1) The Failed Logins send me two emails. I can't figure out how to correct this.

 

2) The application_top.php seems to be rather unstable, as the column_left keeps disappearing. I keep having to upload the original file, refresh the url page (now the column_left appears), upload the modified file, then refresh the page again. It just disappears without a symptom that I can tell yet. Still looking for a pattern.

 

3) When selecting boxes to display, the main category box works just fine with different admin groups. But the subcategories don't seem to care whether they're selected or not. If the main category is selected, then it displays everything in it regardless of what has been checked or unchecked.

 

3a) The function tep_admin_files_boxes doesn't seem to work correctly, so I've had to keep the original tep_href_link until I can find a way to get the function to work properly.

 

 

Any help would be wonderful!! And I see the original author is from Indonesia. My wife is from Jakarta as well. Just thought it would help with translations, though the english seems to be pretty good too.

Edited by The Munch
Link to comment
Share on other sites

I should rephrase 3) above... When someone doesn't have permission to go to a subcategory (that link is unchecked), it does redirect to the Access Denied page. So that does work. What I'm really wanting is to not even display the link if they don't have access. I believe someone else had brought this up before as well. If they don't have access, there should be a way to disable their appearance, like the main category boxes. I just can't seem to get an IF-type statement to work within the array formulas for admin/includes/boxes/... pages.

 

This would also mean that 3a) above... does actually work, but I'm not sure why, as I don't recall actually calling it from any of the boxes files... But there definitely needs to be some resolve to not display a link if it's not accessible.

Edited by The Munch
Link to comment
Share on other sites

One pattern I do notice with the application_top.php is that whenever a session has timed out and the page is refreshed or re-logged-in, the column_left does not appear, hence having to reload the original app_top, refresh the url so the col_left appears, then reload and refresh with the modified app_top.

 

I've gone into admin/includes/functions/sessions.php and changed the value to 36000 seconds, but it makes no difference. The session still seems to end after the original 1440 seconds. I'm not sure what I'm doing wrong there yet. Hopefully someone can shed some light on that subject as well.

 

So I'm not totally sure where the problem lies: application_top.php, column_left.php, sessions.php, or somewhere else? I'm pretty confident it's in application_top.php, but I just can't seem to find it. I do hope someone reads this forum with some helpful insight pretty soon...

Link to comment
Share on other sites

  • 4 years later...

I am using this contribution, i upgrade to oscommerce version 2.3.3.4, and i am using the php version 5.3.x or more.

 

In admin/includes/configure.php i am using shared ssl:

 

define('HTTP_SERVER', 'http://www.sitename.com');

define('HTTPS_CATALOG_SERVER', 'http://www.sitename.com'); // eg, http://www.sitename.com');

define('HTTPS_CATALOG_SERVER', 'http://www.sitename.com');

 

Thank you if someone know how to fix this problem ?

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...