Jump to content
Sign in to follow this  
Parikesit

[Contribution] Admin Account with Access Level

Recommended Posts

what's the default username and password?

 

I tried the admin@localhost.com and test@localhost.com but keep getting an error stating username or password are incorrect.

Edited by iucvivivi

Share this post


Link to post
Share on other sites
what's the default username and password?

 

I tried the admin@localhost.com and test@localhost.com but keep getting an error stating username or password are incorrect.

I was wondering the same thing. Come on, someone please help us out.

Share this post


Link to post
Share on other sites

I found a way just after I posted.

 

Change the email in the database to your email, then go to the admin page and use the password forgotten link. Enter the firstname and the email from your database. Check your email and you should have a new randomly generated password.

Edited by iucvivivi

Share this post


Link to post
Share on other sites

Hi,

 

I have installed the package as per your README instructions, but when I go to the Admin I get the following message;

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in C:\Program Files\Apache Group\Apache2\htdocs\oscommerce\catalog\admin\index.php on line 24

 

Can you help?

 

Many thanks,

 

Steven

Share this post


Link to post
Share on other sites
Hi,

 

I have installed the package as per your README instructions, but when I go to the Admin I get the following message;

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in C:\Program Files\Apache Group\Apache2\htdocs\oscommerce\catalog\admin\index.php on line 24

 

Can you help?

 

Many thanks,

 

Steven

:(

 

I got the same error ......

Edited by wong1234

Share this post


Link to post
Share on other sites

Here's the error message that I'm getting... Someone please help...

 

Fatal error: Call to undefined function: tep_admin_check_boxes() in /home/nothinfa/public_html/shop/admin/index.php on line 17

Share this post


Link to post
Share on other sites

Hello, I installed your Admin panel. I got to the dialog box to log in but the password in the database is encrypted. How do I log into the admin at this point? I tried resetting the password and I just got the following in my email:

 

ADMIN_EMAIL_TEXT

 

Can you help me? What do I need to do?

Share this post


Link to post
Share on other sites

My admin login.php page keeps reloading itself after putting in the correct username and PW. Has anyone had this problem and know who it fix it? I have made 3 differenct admin setions and it keeps doing it.

 

Thanks,

 

Scott

Ps. I know it is the correct UN & PW because I checked the database and it says that I have logged in 5 times.

Edited by partsace

Share this post


Link to post
Share on other sites

i'll getting your Admin Access Level 1.2 in osCommerce MS2...It work not okie in member groups. And this error:

 

Admin Members

 

Fatal error: Call to undefined function: tep_array_merge() in C:\FoxServ\www\admin\admin_members.php on line 350

 

How me fix it ???. Help me.

Thanks a lot

Share this post


Link to post
Share on other sites

Hey Quick question,

 

I have MS2 and I have installed over 24 contributions to it and it works perfect, backed up every time I installed something. When looking at this contrib I knew it was a keeper for the very end.

 

Got it installed now, but I only have the features in Admin. I have turned on the other modules but none of the files are accessable because I don't have the proper permission level to access the features.

 

I have changed the files as to what the other files were changed in admin/includes/boxes but when I do that I can't even access the features in admin...basically what I am saying is...It's 3am and I am about to die. What is the proper concept for integration of non-core admin modules so they work with Account Access? If you had your bare bones system setup, how would you install a contrib into the backend using this package?

 

Thanks so much!

Brad

cruz AT shaw DOT CA

Share this post


Link to post
Share on other sites

How can we increase the timeout value in the admin section?

 

I see where this question has been asked several times throughout the forum but no replies to any of them. Anyway this is a very good mod but just need to figure this out because a lot of the time before we can finish typing up replies, etc to customers only to loose them when submiting due to login timing out.


**Please remember any coding I post is use at you own risk... We are not responsible for any damages, downtime, etc.**

Share this post


Link to post
Share on other sites
I found the error in password forgotten tep_mail.

Please paste these line to admin/includes/languages/english/login.php

 

define('ADMIN_EMAIL_SUBJECT', 'OsC Admin Member');
define('ADMIN_EMAIL_TEXT', 'Hi %s,\n\n You can access the admin panel with the following password. Once you access the admin, please change your password! \n\n ?Website : %s \n ?Username: %s \n ?Password: %s \n\n Thanks! \n %s \n This is an automated response, please do not reply!');

Regard's

zaenal

 

I pasted this in and it makes it so the password displays properly when new admin is created, but the forgotten password email doesn't work. It displays ADMIN_EMAIL_SUBJECT and ADMIN_EMAIL_TEXT. Anyone know the fix for this?

 

A little helpless,

DC

Share this post


Link to post
Share on other sites

i installed version 2.3 but have problem now. access to every page under /admin/ will lead to http 404 (file not fund) error.

 

what is wrong? is it cauces by that i am using mydomain.com/stores/admin instead of original mydomain.com/catalog/admin?

 

thanks in advance for any help.

Share this post


Link to post
Share on other sites
How can we increase the timeout value in the admin section?

I'm not sure it's a good way to do it, but try this:

 

Replace in admin/includes/functions/sessions.php:

 

  if (STORE_SESSIONS == 'mysql') {
   if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
     $SESS_LIFE = 1440;
   }

 

With:

 

  if (STORE_SESSIONS == 'mysql') {
#    if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
#      $SESS_LIFE = 1440;
// 3600 is 1 hour, so 36000 is 10.
     $SESS_LIFE = 36000;
#    }

 

It works. There is time out after 10 hours of idle time (I tried with 10 secondes, but it must be equal with 36000)

Share this post


Link to post
Share on other sites

I have worked out most of the kinks of the Admin Mod.

 

I did make a quick change to separate out the forgotten password code:

define('ADMIN_FORGOTPSSWD_SUBJECT', 'Forgot Password');
define('ADMIN_FORGOTPSSWD_TEXT', 'Hi %s,' . "\n\n" . 'You can access the admin panel with the following password. Once you access the admin, please change your password!' . "\n\n" . 'Website : %s' . "\n" . 'Username: %s' . "\n" . 'Password: %s' . "\n\n" . 'Thanks!' . "\n" . '%s' . "\n\n" . 'This is an automated response, please do not reply!');

 

and used the constants in password_forgotten.php

        tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_FORGOTPSSWD_SUBJECT, sprintf(ADMIN_FORGOTPSSWD_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

HOWEVER:

For some reason now I cannot delete any of the admin accounts. It just displays "Delete Permission" with a "back" button and I cannot delete the specified user. Is this a file permissions thing? A site admin permissions thing? Please help

Share this post


Link to post
Share on other sites

It has to do with the code in admin_members.php

 

Line 433-442:

case 'del_member':
     $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_DELETE . '</b>');
     if ($mInfo->admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS) {
     $contents[] = array('align' => 'center', 'text' => '<br><a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $mInfo->admin_id) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a><br> ');
     } else {
     $contents = array('form' => tep_draw_form('edit', FILENAME_ADMIN_MEMBERS, 'action=member_delete&page=' . $page . '&mID=' . $admin['admin_id'], 'post', 'enctype="multipart/form-data"'));
     $contents[] = array('text' => tep_draw_hidden_field('admin_id', $mInfo->admin_id));
     $contents[] = array('align' => 'center', 'text' =>  sprintf(TEXT_INFO_DELETE_INTRO, $mInfo->admin_firstname . ' ' . $mInfo->admin_lastname));
     $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_ADMIN_MEMBERS, 'page=' . $HTTP_GET_VARS['page'] . '&mID=' . $HTTP_GET_VARS['mID']) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
     }

 

the code

admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

 

seems counter intuitive as admin delete rights should be admin_groups_id==1 so i think this should be:

 

admin_groups_id != 1 || $mInfo->admin_email_address != STORE_OWNER_EMAIL_ADDRESS

 

Does this make since? I would like some feedback to make sure this is right

Share this post


Link to post
Share on other sites

The code:

admin_id == 1 || $mInfo->admin_email_address == STORE_OWNER_EMAIL_ADDRESS

 

was the issue. I had change the email of the store owner on the production site from the development site. The email of the user site admin was still using the development site email address. These have to match or the site admin does not have the right permissions to delete other site admins. Bizarre. Any suggestions to make this more stable would be great.

Share this post


Link to post
Share on other sites
Hey Quick question,

What is the proper concept for integration of non-core admin modules so they work with Account Access? If you had your bare bones system setup, how would you install a contrib into the backend using this package?

I've got this same problem. Sorry for the entry. I want to be emailed if anyone replies to this and didn't see a "Monitor" option in the forum. This should do it.

Share this post


Link to post
Share on other sites

trying to figure out how this works. Want to know where the code is that determines what is allowed in the admin area and how it gets the login id. Need to know this to make mods in my report that only allows orders to be displayed in the reports by the login id. I know what I'm doing - just can't find the code that does it.

 

What I want to do is to link the group to a vendor's login. Then I will create an id in the product to indicate which vendor supplies this product. When any order reports are requested by that vendor by logging into the admin area - he will only see the reports because thats what his group allows. But the reports will also look at his login (thats why I need to know how to do above) and get the vendor code and only select order/sales details valid for his products.

 

This gives me vendor reports that are available at call - I don't have to periodically run them and send them.

 

Can ayone help with the above?

Maybe the author of the contrib???

 

Joe

Share this post


Link to post
Share on other sites

I cannot find some specific information on this contribution and have not installed it yet.

 

Does this contribution just hide admin pages from people who are not configured to access them?

 

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

 

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

Share this post


Link to post
Share on other sites
I cannot find some specific information on this contribution and have not installed it yet.

 

Does this contribution just hide admin pages from people who are not configured to access them?

 

If someone knows (or figures out) the actual directory and php file for admin, can they access it directly thus bypassing this contribution?

 

On my current host, I cannot set any security of the files or directories directly and am trying to find a way to keep someone from just browsing to the admin directory. (Yes, I'll rename it to something other than Admin :-)

no if you try to access a page and your permission is not set then you will get bounced it is all controlled by status flags in the database.

 

If you try to go directly to a page then you will be bounced to the login.

 

It follows along these lines user id group id and there are checks if the encrypted password + user id + group id have any part wrong then no access is granted.


No longer giving free advice. Please place deposit in meter slot provided.  Individual: [=] SME: [==] Corporation: [===]
If deposit does not fit one of the slots provided then you are asking too much! :P


Support The Project
Documentation/Knowledgebase/Discussions
 

Share this post


Link to post
Share on other sites

Thanks, this sounds like what I want. I think I'll fresh install OSCommerce on a box and add the contribution and test it out.

 

Thanks for the information!

 

Mark

Edited by Lavarock

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×