Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIB] Admin Access Level Accounts for MS2


papasan

Recommended Posts

Hi all, sorry for my bad english, but It has a long time since I studied English at Italian school :-"

 

The matter: I installed Access with Level Account v. 2.2a and Easy Populate 2.8 on my osC. Well, when I write an url in a products_description field of the products_description table of my db, through the .txt Easy Populate file, like this:

 

In vimini.<br>Da riempire eventualmente con <a class="mainLink" href="index.php?cPath=23_165">truciolo o paglietta</a>.

and I upload it, it's right. But when I download the same complete .txt, the code changes in:

 

In vimini.<br>Da riempire eventualmente con <a class="mainLink" href="index.php?cPath=23_165&osCAdminID=9b6aeaab2e1fad0968a7b0729ff2e2d2">truciolo o paglietta</a>.

 

Why? How I can prevent this?

 

Thanks.

Link to comment
Share on other sites

  • 3 months later...
Hi

This is bound to have a simple solution but I just can not find where the duplication is - please help.

 

When I go to the admin side I am asked for username/password. I give them correctly and I am let into the Admin section. As soon as I select a topic to view I am returned to the login screen. I re-enter username/password and again I am let into the Admin section - this time everything is okay and I can continue with my work.

 

Clearly there is a duplication somewhere but I can not find it. The mod has been installed for sometime and always worked okay - it has only started playing up after I moved servers - if thats a clue?

 

Please help and Happy New Year to all

John

 

Exactly the problem I'm having - did anyone ever figure this out??

Link to comment
Share on other sites

Exactly the problem I'm having - did anyone ever figure this out??

 

Sorted.

 

in admin/includes/application_top.php find:

 

tep_session_name('osCAdminID');
tep_session_save_path(SESSION_WRITE_DIRECTORY);

// set the session cookie parameters
if (function_exists('session_set_cookie_params')) {
session_set_cookie_params(0, DIR_WS_ADMIN);
} elseif (function_exists('ini_set')) {
ini_set('session.cookie_lifetime', '0');
ini_set('session.cookie_path', DIR_WS_ADMIN);
}

 

and comment lower section out to appear:

 

tep_session_name('osCAdminID');
tep_session_save_path(SESSION_WRITE_DIRECTORY);

/* comment following out
// set the session cookie parameters
if (function_exists('session_set_cookie_params')) {
session_set_cookie_params(0, DIR_WS_ADMIN);
} elseif (function_exists('ini_set')) {
ini_set('session.cookie_lifetime', '0');
ini_set('session.cookie_path', DIR_WS_ADMIN);
}*/

Link to comment
Share on other sites

  • 2 weeks later...

Hi all can some kind soul help me out on this one. Ihave installed ticket system on Osc which is working well. but one issue occurs if i log in as a user in the admin side and run a direct url it let me in even though I have set the permissons not to allow the user access.

 

If I dont log into the admin panel and try to run the url it redirect me to the login page which is good. I have included in the support.php this line

 

require('includes/application_top.php');

 

but for some reason it does not check the user permission. all the other system files for the Ticket system is working I.e it check the permissions.

 

The Ticket system I'm useing is this http://www.oscommerce.com/community/contri...h,ticket+system

 

 

TIA

 

Optimal

Link to comment
Share on other sites

  • 3 weeks later...

Hi,

 

Im getting thrown out back to the login only on some pages. Such as Whos online, when i set a refresh time.

 

I captured the headers

 

http://www.xxxxxx.co.uk/testbed/uk/admin/exportbrochure.php?submitted=1

GET /testbed/uk/admin/exportbrochure.php?submitted=1 HTTP/1.1
Host: www.xxxxxxx.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.xxxxx.co.uk/testbed/uk/admin/exportbrochure.php?osCAdminID=b580e3eea7a21e5f1939f3a26a180b37

HTTP/1.x 302 OK
Date: Wed, 07 Mar 2007 16:16:50 GMT
Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/4.4.4
Set-Cookie: osCAdminID=e8b21caae514b11c5cea7f0d9d64aeba; path=/
Location: http://www.xxxxx.co.uk/testbed/uk/admin/login.php?osCAdminID=e8b21caae514b11c5cea7f0d9d64aeba
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

 

I noticed the osCAdminID changed... is that right?

Link to comment
Share on other sites

Has anyone gotten this contribution to work with the AJAX Attributes contribution? I've been working on it all day, adding the files to my admin_files table, but I can't for the life of me get it to work.

 

Any ideas????

 

Thanks!

Link to comment
Share on other sites

  • 3 weeks later...

Hopefully someone can help. I have the register globals fix and Super Friendly Admin Menu installed. Those both work fine.

In trying to install the Admin Access Level Accounts using Chinchilla2 contrib dated jan 24 2006.

Im currently getting this error

Parse error: syntax error, unexpected ';', expecting ')' in /home/dragonca/public_html/standard/admin/index.php on line 168

 

If I correct the line it then throws more on line 170 and so on

Any ideas would be greatly appreciated.

Thanks

Kaileen

Link to comment
Share on other sites

  • 4 weeks later...

Hi,

I have installed Admin Access 2.1 (ms2). After typing in default account (admin@localhost , admin) an press "confirm" button. I received following inform:

 

1267 - Illegal mix of collations (latin1_swedish_ci,COERCIBLE) and (utf8_unicode_ci,IMPLICIT) for operation 'find_in_set'

select admin_files_id from admin_files where FIND_IN_SET( '1', admin_groups_id) and admin_files_is_boxes = '1' and admin_files_name = 'administrator.php'

[TEP STOP]

 

Please help me.

Link to comment
Share on other sites

  • 4 weeks later...

I have installed Admin Access Level account for MS2, set the permission for top administrator. I can succesfully login/logoff. However when I reached the admin/index.php page, it goes blank. Then another problem that I encountered is that when I tried to access: catalog, tools, customers I got these following errror:

 

Not Found

 

The requested URL /../.../FILENAME_FORBIDEN was not found on this server.

 

I am wondering if someone has any idea what causing this?

 

Thanks Beforehand,

Jay

Link to comment
Share on other sites

Ok, I found out some solutions to the bugs that I encountered. First, for the blank index page, I found out on the top of admin/index.php, you need to add // before //REPLACE with, so that eliminated bug no 1 :)

 

Second, for general.php, function tep_admin_check_login(), replace FILENAME_FORBIDEN with FILENAME_FORBIDDEN. This kinda solves the FILENAME_FORBIDEN error that I encountered. I am still working on solving why Catalog, Tools, and Orders won't work eventhough I declared permission for those in super admin file access.

Link to comment
Share on other sites

OK I finally got it working :D Turns out I have to modify/insert some records into admin_files table to make catalog, order, and tools category working. Basically I have to insert/change filenames that corresponds to each box(i.e: categories.php, manufacturers.php to refer to catalog.php category. On MySQL PhpAdmin this looks like: 19| categories.php| 0| 40|1,2 where 40 corresponds to admin_files_id 40 of catalog.php ) Once I map everything correctly, this contribution seems to work correctly :) Hope this helps!

 

Jay

Link to comment
Share on other sites

I've installed this contrib seemingly ok. However, is there a way to limit what boxes appear when a lower level admin sign in to the site? Right now I have a group set up to just be able to see the categories and add products etc. Right now after logging in to the admin area, the who administration box blue screen comes up. If that lower admin were to click on an area they didn't have access to, it just comes up with a page not found page.

 

Can it be changed so that the lower level admins can't even see these boxes? or maybe just dump them directly into page which lists the box options to the left?

 

Thanks in advance.

Edited by Lunara Solutions
Link to comment
Share on other sites

  • 4 weeks later...

I have followed the install instruction exactly. At first, I could login just fine. Then, when I created another user, I could no longer login. Login.php will either refresh or give me an error message about my username/password. Even when I get a new password through password_forgtotten.php, I still can't login. Could anyone help me out? Thanks in advance.

Link to comment
Share on other sites

  • 1 month later...

Any ideas? Thx

 

really stupid question however I have my files hosted @ Globat.com and i have a shared SSL account.

 

when i connect to it via FTP i have the following;

 

httpdocs

httpsdocs

 

httpsdocs - are my SSL section.

and httpdocs is normal.

 

my question is do I need to upload my shopping cart to both httpdocs & httpsdocs to get SSL working?

 

Thanks.

Link to comment
Share on other sites

  • 2 weeks later...

Hello All!

Install Admin Access 2.2a bug fix newrenderzone 19 May 2007 .

Installed succesfully.

Have problems: menu -> configuration -> 1 position -> BOX_CONFIGURATION_ADMINISTRATORS.

If click that --> The requested URL /admin/FILENAME_ADMINISTRATORS was not found on this server.

Help decision problems/

Im sorry my english

Link to comment
Share on other sites

  • 1 month later...

Does anyone have a copy of this, but including all the bug fixes up to date? I'm not too swift on editing php, and REALLY don't want to harm my site now it's running so well :)

 

Anyone point me to a package?

 

Dean

Link to comment
Share on other sites

  • 3 weeks later...

Hi to all..

 

I have this so far working nicely!!!having tried going SSL YET!! :)

 

but one thing.. is there a way to remove and change the background colour once it has logged on successfully.. its currently very.. DARK BLUE!!! and so makes it hard to read to see where and what i want to do..

 

thanks for your time!!!! Hopefully someone can help.

Link to comment
Share on other sites

got another question...

 

 

anyone got this mod working with sppc.. i have already run into troubles..

 

the file i have to edit is catalog/admin/includes/boxes/customers.php :

 

with :

 

// BOF Separate Pricing Per Customer
 if ($selected_box == 'customers') {
   $contents[] = array('text'  => '<a href="' . tep_href_link(FILENAME_CUSTOMERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CUSTOMERS_CUSTOMERS . '</a><br>' .
                   '<a href="' . tep_href_link(FILENAME_ORDERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CUSTOMERS_ORDERS . '</a><br>' .
                   '<a href="' . tep_href_link('customers_groups.php', '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CUSTOMERS_GROUPS . '</a>');
// EOF Separate Pricing Per Customer

 

BUT AAL has also edit this file with :

 

// BOE Access with Level Account (v. 2.2a) for the Admin Area of osCommerce (MS2) 1 of 1
// reverse comments to below lines to disable
//    $contents[] = array('text'  => '<a href="' . tep_href_link(FILENAME_CUSTOMERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CUSTOMERS_CUSTOMERS . '</a><br>' .
//                                   '<a href="' . tep_href_link(FILENAME_ORDERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CUSTOMERS_ORDERS . '</a>');
	$contents[] = array('text'  => tep_admin_files_boxes(FILENAME_CUSTOMERS, BOX_CUSTOMERS_CUSTOMERS) .
                                  tep_admin_files_boxes(FILENAME_ORDERS, BOX_CUSTOMERS_ORDERS));
// EOE Access with Level Account (v. 2.2a) for the Admin Area of osCommerce (MS2) 1 of 1

 

 

 

what can I do so i can have sppc code working with AAL?????????

 

thanks for your time

Link to comment
Share on other sites

  • 4 weeks later...

Hi,

 

Installed This contribution and worked great without any big hassle,

 

I am looking for one option if someone can advise if there is a possibility that Main Admin can assign Access to different parts of Categories in catalog to Different users (Sub Admins).

 

Regards

 

zee

Link to comment
Share on other sites

  • 3 weeks later...

Please HELP!

 

I have seen this problem posted many times as I have read the entire support tread, and as far as I can see it was never answered.

 

I have installed the contrib, I have no errors, but I can not make it past the login.php page.

 

Entering username & password just redirects back to login.php...

Clicking password forgotten just redirects to login.php...

 

What is going on here? I have gone over it over and over.

 

Does anyone have the solution to this? Like I said it was mention many times in this tread.

 

Any help would be greatly appreciated.

Link to comment
Share on other sites

  • 5 weeks later...

I've been having the problem with not being able to edit the admin accounts once set up, i.e. cannot change password etc. I recently discovered another version of this contribution(http://addons.oscommerce.com/info/2037) which states that the issue is to do with integrating this with the register globals contribution.

 

Anyway, i added the line as suggested and I am pleased to say it all works now. The info is as follows:

 

1) Open file admin\admin_account.php

 

2) Find:

 

//$confirm = 'confirm_account';

tep_session_register('confirm_account');

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));

 

and insert line as below:

 

//$confirm = 'confirm_account';

tep_session_register('confirm_account');

$GLOBALS['confirm_account'] = 1;

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));

 

 

The one thing i did notice after doing this is that the redirect to bypass the blue index screen no longer works so if anyone can work out how to get that going again that would be fantastic.

Edited by dreamcreative
Link to comment
Share on other sites

Just wanted to add one more thing I tried which has worked nicely.

 

For those of you who want to bypass the default blue screen after logging in; change the following:

 

1) Open admin\login.php

2) Find the following(around line 50):

 

//$date_now = date('Ymd');

tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

 

if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin@localhost') || ($login_modified == '0000-00-00 00:00:00')) {

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));

} else {

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));

}

 

and change to:

 

//$date_now = date('Ymd');

tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));

 

As you can see i have simply removed the if/else statement to redirect to the "my account" page regardless of any previous login status. Be careful when deleting the closing brackets. The closing bracket directly after the last line should be deleted leaving you with 3 closing brackets before the next set of statements. This will not affect the default warnings when an admin logs in for the first time as these are taken care of by the admin_account.php file.

 

Hope you find this useful.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...