Jump to content
Sign in to follow this  
Parikesit

[Contribution] Admin Account with Access Level

Recommended Posts

Open the file admin/incudes/confgure.php and at the top replace

 

define('HTTP_SERVER', 'http://www.yourserver.com');

 

with

 

define('HTTP_SERVER', 'https://www.yoursecureserver.com';

 

That did the trick for me!

 

EXCEPT THAT IT DOESN'T QUITE!

 

My host provides SSL on a secure server with a shared certificate.

 

The https server is https://secure.myhost.co.uk/www.mydomain.co.uk

The http server is http://www.mydomain.co.uk

 

The catalog/includes/configure.php file has the secure and non secure servers defined as follows:

 

define('HTTP_SERVER', 'http://www.mydomain.net'); // eg, http://localhost - should not be empty for productive servers

 define('HTTPS_SERVER', 'https://secure.myhost.co.uk/www.mydomain.net'); // eg, https://localhost - should not be empty for productive servers

 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

If I leave the admin/includes/configure.php file as per the install procedure everything works as it should both in the catalog and in the admin. SSL works as and when intended within the catalog BUT none of the admin screens are secure although they all function correctly.

 

If I then amend the admin/includes/configure.php as per my previous post quoted at the top then the admin screens are all secure and function correctly but only the images stored within the admin directories are shown. Those images which are stored in the catalog directories appear as broken links. The catalog continues to function correctly with all images shown.

 

Can anyone help me with this? I have been installing and re-installing, configuring and re-configuring but I just cannot find the answer.

 

Just to be totally accurate I don't have a catalog directory. All the catalog files and folders sit within the root directory with the admin folder and files one level up ie public_html/admin/

 

Thanks in anticipation

 

Alan


Alan

Share this post


Link to post
Share on other sites

there is one bug that i found.

if we login for the 1st time,the system would ask us to change our password.so,after we changed the password, the system will send an email that supposedly containing our new password/changed password.but, somehow when i open the email,it only contains a website address,username and some predetermined text.but, the password is blank or in other words,the system are not sending the password together.so, i do check at admin/admin_account.php and found out this

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

that is around line54.plese look carefully at the $hiddenPassword variable as it is suppose to hold the new password.but in this case, there is no other variables that definining the $hiddenPassword.therefore, since the password should not be encrypted(to be send to us on the email) i take the variable

$HTTP_POST_VARS['admin_password']

which i found around line 46 in $sql_data_array variable.and then..it works!!.. :lol:


onimusha watanabe

Share this post


Link to post
Share on other sites
I have installes osc2.2_ms1 fresh and admin access. After loading the .sql file via phpmyadmin and copying all the files in. I get an error when entering the admin site..

 

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in /var/www/sals/admin/index.php on line 24

 

Any suggestions?

 

I get the same problem. Any suggestions people!?

Share this post


Link to post
Share on other sites

First, I LOVE this contribution, thanks! I was wondering how to change the address that the emails say they are coming from (mine is showing something like root@mail.hostingserver.com) to the email address set in the store configuration?

 

When you're on a shared server, the return address isn't even the same as your store domain. I know you're not supposed to reply anyway but I'd prefer for the return address to be the one I set for the store.

 

Thanks.

Stretchr


"It's a small world...

But I wouldn't want to paint it!"

Stephen Wright

Share this post


Link to post
Share on other sites
I have installes osc2.2_ms1 fresh and admin access. After loading the .sql file via phpmyadmin and copying all the files in. I get an error when entering the admin site..

 

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in /var/www/sals/admin/index.php on line 24

 

Any suggestions?

 

I had the same problem too but I figured it out... other than the fact that we need more moderators... another reason that no one answered your question is because the answer is in the README file...

 

You have to actually make some edits/hacks to existing files... the README file "section D" tells you what files to change... and what files to take the changes from...

 

latez!

Share this post


Link to post
Share on other sites

Since I haven't gotten an answer, I'll try this post again. Can someone tell me how to change the From field for emails that are sent out by the system when this hack is installed? Instead of using the setting specified in admin, it's using root@

 

I've looked everywhere I can think of so if someone out there can point me in the right direction, I'd appreciate it.

 

Cheers,


"It's a small world...

But I wouldn't want to paint it!"

Stephen Wright

Share this post


Link to post
Share on other sites
i followed the readme file exactly imported the sql tabels via phpmyadmin: all ok

 

edited all the .php files in the Admin folder as described.

 

now when I go to the admin folder I get ?

 

 

Fatal error: Call to undefined function: tep_admin_check_login() in /home/www/mywebsite.com/wwwroot/catalog/admin/index.php on line 14

 

 

and line 14 is:

 

 

<?php

/*

 $Id: index.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

 

 require('includes/application_top.php');

 :arrow: tep_admin_check_login(basename($PHP_SELF));

 

 

what did I miss here ?

 

Is nobody going to answer? this IS a support forum isnt it?

 

I have the exact same error after installing Admin Acces plugin.

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/public_html/shop/index.php on line 24

 

Please help iwith possible solutions

Share this post


Link to post
Share on other sites

 

Fatal error: Call to undefined function: tep_admin_check_login() in /home/www/mywebsite.com/wwwroot/catalog/admin/index.php on line 14

 

 

and line 14 is:

 

 

<?php

/*

 $Id: index.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

 

 require('includes/application_top.php');

 :arrow: tep_admin_check_login(basename($PHP_SELF));

 

 

what did I miss here ?

 

Is nobody going to answer? this IS a support forum isnt it?

 

I have the exact same error after installing Admin Acces plugin.

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/public_html/shop/index.php on line 24

 

Please help iwith possible solutions

 

Hi,

--To make sure, please use the last version (1.2)!

 

In the last version, the function tep_admin_check_login() .

 

To make this work, you have to call this function after all other function. In other words, you have to put the function calling in the last line of application_top.php, before end tag (?>).

 

// check login  

 if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) { 

   tep_admin_check_login(); 

 }

Share this post


Link to post
Share on other sites

Hi Stretchr,

 

The email setting in this contribution use the same way with other OSC email handling, like checkout email and sign up new member. The function of email sending is tep_mail. I still don't understand why the sender come from root@mail.hostingserver.com.

 

Anyway, maybe in your OSC version there are different configuration of STORE_OWNER. Please take a look another email function on your OSC.

 

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

Regards

Zaenal

 

First, I LOVE this contribution, thanks! I was wondering how to change the address that the emails say they are coming from (mine is showing something like root@mail.hostingserver.com) to the email address set in the store configuration?

 

When you're on a shared server, the return address isn't even the same as your store domain. I know you're not supposed to reply anyway but I'd prefer for the return address to be the one I set for the store.

 

Thanks.

Stretchr

Share this post


Link to post
Share on other sites

 

Fatal error: Call to undefined function: tep_admin_check_login() in /home/www/mywebsite.com/wwwroot/catalog/admin/index.php on line 14

 

 

and line 14 is:

 

 

<?php

/*

 $Id: index.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

 

 require('includes/application_top.php');

 :arrow: tep_admin_check_login(basename($PHP_SELF));

 

 

what did I miss here ?

 

Is nobody going to answer? this IS a support forum isnt it?

 

I have the exact same error after installing Admin Acces plugin.

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/public_html/shop/index.php on line 24

 

Please help iwith possible solutions

 

Hi,

--To make sure, please use the last version (1.2)!

 

In the last version, the function tep_admin_check_login() .

 

To make this work, you have to call this function after all other function. In other words, you have to put the function calling in the last line of application_top.php, before end tag (?>).

 

// check login  

 if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) { 

   tep_admin_check_login(); 

 }

 

I just installed version 1.2

Function tep_admin_check_login wasn't in application_top.php. It was in general.php. I moved it myself, so it looks like this:

 

// MSGCHG Admin Account -------------------------------

//Check login and file access

function tep_admin_check_login() {

global $PHP_SELF, $login_groups_id;

if (!tep_session_is_registered('login_id')) {

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

} else {

$filename = basename( $PHP_SELF );

if ($filename != FILENAME_DEFAULT && $filename != FILENAME_FORBIDEN && $filename != FILENAME_LOGOFF && $filename != FILENAME_ADMIN_ACCOUNT && $filename != FILENAME_POPUP_IMAGE && $filename != 'packingslip.php' && $filename != 'invoice.php') {

$db_file_query = tep_db_query("select admin_files_name from " . TABLE_ADMIN_FILES . " where FIND_IN_SET( '" . $login_groups_id . "', admin_groups_id) and admin_files_name = '" . $filename . "'");

if (!tep_db_num_rows($db_file_query)) {

tep_redirect(tep_href_link(FILENAME_FORBIDEN));

}

}

}

}

 

// check login

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) {

tep_admin_check_login();

}

//End Admin Account---------------------------------------

?>

 

Now, I'm getting the error message:

Fatal error: Call to undefined function: tep_redirect() in /.../catalog/admin/includes/application_top.php on line 286

 

Do I need to move tep_redirect() from general.php into application_top.php as well? Don't other things depend on finding it in general.php? I suppose I could copy it instead of moving it?

 

What am I missing here?

 

Thanks,

-Matt

Share this post


Link to post
Share on other sites

Got it!

 

application_top_php said:

// ADD the following line to AFTER: // define our general functions used application-wide

// require(DIR_WS_FUNCTIONS . 'general.php');

// require(DIR_WS_FUNCTIONS . 'html_output.php');

//------------------------------------------------

// include the password crypto functions

require(DIR_WS_FUNCTIONS . 'password_funcs.php');

//------------------------------------------------

 

Which I took to mean "Comment Out:"

require(DIR_WS_FUNCTIONS . 'general.php');

// require(DIR_WS_FUNCTIONS . 'html_output.php');

Share this post


Link to post
Share on other sites
Now, I'm getting the error message:

Fatal error: Call to undefined function: tep_redirect() in /.../catalog/admin/includes/application_top.php on line 286

 

Do I need to move tep_redirect() from general.php into application_top.php as well?  Don't other things depend on finding it in general.php?  I suppose I could copy it instead of moving it?

 

What am I missing here?

 

Thanks,

-Matt

 

 

Nop, nop...

To make this contribution suitable with OSC structure and development, I put all functions in includes/general.php. So, let function tep_admin_check_login() stayed in that file.

 

You can CALL this function from includes/application_top.php or from any other files.

 

zaenal

Share this post


Link to post
Share on other sites

Pardon to use a translating program.

 

I have installed without error admin account and when trying to consent to the panel of administration of my store he/she appears me a new blue screen requesting me e-mail and password. I have used both that are mentioned in the forum but I cannot enter in the store. I don't have way to pass to the panel because it doesn't accept me none of the e-mail or password.

That I can make to solve this?

Thank you

Share this post


Link to post
Share on other sites

I hope I can be understood:

 

I have been able to enter in the control panel using admin@localhost and test@localhost, not you because he/she gave me before error.

Now they appear me new problems:

 

1. Registration a new user with his name and mail, but the password cannot register it neither he gives me option any so that it was sent to the mail address.

 

2. To try to enter with the name and the new user's e-mail I make click it has more than enough password forgotten and it happens the following thing:

 

2.a he/she sends me 2 e-mail: one with the password and another with ADMIN_EMAIL_TEXT

2.b. If again I pulse on password alone forgotten again he/she sends me an e-mail with ADMIN_EMAIL_TEXT and without any password.

 

I don't have way to create a new user so that he/she can enter in the control panel. :(

Share this post


Link to post
Share on other sites

2.a he/she sends me 2 e-mail: one with the password and another with ADMIN_EMAIL_TEXT

2.b. If again I pulse on password alone forgotten again he/she sends me an e-mail with ADMIN_EMAIL_TEXT and without any password.

 

This is the bug of version 1.2. You can find the answer by searching previous thread in this forum.

 

+++

About your problems, you say that you have sucsefully login the ADMIN. Do you have change any password?

 

 

zaenal

Share this post


Link to post
Share on other sites

I got the Admin Account contribution installed properly and working. Yesss!!!

 

1) But one of the contributions I added previously "disapeared." Any idea how to get it back? It was the review approval functionality:

http://www.oscommerce.com/community/contri...tions,76/page,8

It changed/added the following:

/catalog/reviews.php

/catalog/product_reviews.php

/catalog/includes/boxes/reviews.php

/catalog/includes/languages/English/product_reviews_write.php

/catalog/admin/reviews.php

/catalog/admin/includes/languages/English/reviews.php

 

I need to add some functionality to OSC for a client, which I can submit as a contribution if there is any interest (email if so).

[specifically (and off topic here, just FYI), we need to add an account rep interface and put the account rep's ID into the record of any customers the account rep signs up -- so that the rep will continue receiving commissions even if the customer goes directly to the website for future purchases.]

The Admin Account interface should work perfectly for this; my question is

2) How can I add our account rep functionality so that this new module will show up in Define Groups (probably under Modules) so that I can assign permission to the proper user group?

 

3) Under File Access, Store Files the pulldown box always contains only the same two choices (english.php and footer.php). How is this supposed to work?

 

And my final question (and I suspect these are all interrelated):

4) Also, when I look under Customers in File Access, I see customers.php and orders.php, which correspond to the choices under the Customers menu, but when I look under Modules in File Access, I don't see any files corresponding to Payment, Shipping, Order Total, all I see is modules.php. Is this how it's supposed to work?

 

Thanks,

-Matt

Share this post


Link to post
Share on other sites
I got the Admin Account contribution installed properly and working. Yesss!!!

 

1) But one of the contributions I added previously "disapeared." Any idea how to get it back? It was the review approval functionality:

 

Thanks,

-Matt

 

You can add the folder (left menu) and the files trough admin panel. Go to administration menu, and click File Access. Here you can find ability to add/remove left-menus and files.

 

zaenal

Share this post


Link to post
Share on other sites

I am trying to discover reason when I make click it has more than enough password forgotten he/she sends me alone an e-mail with ADMIN_EMAIL_TEXT, but any password.

Lament not to know enough English but if some was so kind of indicating me what changes I should carry out so that when pressing password forgotten he/she sent me in password he/she would thank it to him.

Share this post


Link to post
Share on other sites
You can add the folder (left menu) and the files trough admin panel. Go to administration menu, and click File Access. Here you can find ability to add/remove left-menus and files.

 

Not sure how to add/remove the files. (See question 3 of my post:)

3) Under File Access, Store Files the pulldown box always contains only the same two choices (english.php and footer.php). How is this supposed to work?

 

I suspect it has something to do with the database. I'm trying:

INSERT INTO admin_files VALUES (43, ?sales_rep.php', 1, 0, '1,18');

(This is to do with question 2 of my post)

Here's my guess at a data dictionary for that table:

admin_files_id int(11) NOT NULL auto_increment,

admin_files_name varchar(64) NOT NULL default '',

admin_files_is_boxes tinyint(5) NOT NULL default '0', 1 if this is a box

admin_files_to_boxes int(11) NOT NULL default '0', ID# of the box this file goes under. 0 if this entry is a box itself

admin_groups_id set('1','2') NOT NULL default '1', This set apparently allows values other than 1 and 2. What does this field mean? The groups that are allowed to use this file/box I imagine.

 

But should I be doing this from the database? And why are the only files I can choose from the pulldown under File Access, Store Files english.php and footer.php?

 

Thanks,

-Matt

Share this post


Link to post
Share on other sites

I have already been able to solve the problem that was presented with the shipment when pulsing on password forgotten of an e-mail without password. The solution was in a post of onimusha. :D

However now I have a new problem :( :

When receiving the mail with the new password he/she appears me as address of the page:

http://www.domain.com/shop/admin

 

When pulsing on that address he/she appears me a popup requesting me the old oscommerce password when I installed the store for the first time without "Admin account with level", after writing user's name and password finally appears me the page where I am requested e-mail and password of "admin account with level", he/she would need that appears the address:

http://www.domain.com/shop/admin/index.php

 

If appears that second address the error it would not be made of requesting me the old password of oscommerce.

Thank you

Share this post


Link to post
Share on other sites
3) Under File Access, Store Files the pulldown box always contains only the same two choices (english.php and footer.php). How is this supposed to work?

 

And my final question (and I suspect these are all interrelated):

4) Also, when I look under Customers in File Access, I see customers.php and orders.php, which correspond to the choices under the Customers menu, but when I look under Modules in File Access, I don't see any files corresponding to Payment, Shipping, Order Total, all I see is modules.php. Is this how it's supposed to work?

 

Thanks,

-Matt

 

3) The script automatically check:

 

4) Each have only one file. Like configuration menu, it's use one file.

 

 

zaenal

Share this post


Link to post
Share on other sites

Pardon to be insistent but I believe that not you very well the following thing:

Will the password and user's name that I had in oscommerce always request it to me when he/she tries to consent to the control panel?

I supposed that starting from installing admin account he/she don't request it again but rather they would begin to be used the new passwords and user's names.

I already see that it is independent that it is written:

http://www.domain.com/shop/admin

http://www.domain.com/shop/admin/index.php

In both cases he/she requests me old user's name and their password.

Please alone I want to know if I am in an error or it is the normal thing:

First he/she appears me a popup requesting me user's name and password oscommerce natives and later those of " admin account ". Is this the normal thing or does something work bad?

Thank you

Share this post


Link to post
Share on other sites
Pardon to be insistent but I believe that not you very well the following thing:

Will the password and user's name that I had in oscommerce always request it to me when he/she tries to consent to the control panel?

I supposed that starting from installing admin account he/she don't request it again but rather they would begin to be used the new passwords and user's names.

I already see that it is independent that it is written:

http://www.domain.com/shop/admin

http://www.domain.com/shop/admin/index.php

In both cases he/she requests me old user's name and their password.

Please alone I want to know if I am in an error or it is the normal thing:

First he/she appears me a popup requesting me user's name and password oscommerce natives and later those of " admin account ". Is this the normal thing or does something work bad?

Thank you

 

My English not so well, I apologize for that.

I think I don't really understand your question. Can you explain it again?

 

Anyway...

You say that the login password appears twice: first, by "password oscommerce native", and second by "admin account". IF the first (native password) provided by something like .httaccess or .httpassword, it's good things because it make double protection for your Admin area.

 

 

zaenal

Share this post


Link to post
Share on other sites

This is a more generic PHP question:

 

When the new account email gets sent (on either yahoo or macmail, probably all), the text appears all on one line despite the n's interspersed in the code. Is another control character needed to ensure a proper linefeed/carriage return?

 

define('ADMIN_EMAIL_TEXT', 'Hi %s,' . "nn" . 'You can access the Administration Interface with the following password. Once you access the Administration Interface, please change your password!' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

 

Here's what I get:

Hi Joe, You can access the admin panel with the following password. Once you access the admin, please change your password! Website : http://www.xxxxxxxxx/ Username: xxxxxxx Password: xxxxxx Thanks! xxxxxx Corporation This is an automated response, please do not reply!

 

Thanks,

 

-Matt

Share this post


Link to post
Share on other sites

You could try a 'rn' (DOS, or a Mac 'r'). Officially, mail servers are supposed to use the 'rn'. If you are sending your emails in HTML, you would want a <br> (HTML ignores EOLs).

 

Hth,

Matt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×