Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIB] Admin Access Level Accounts for MS2


papasan

Recommended Posts

well you could do something like this example then

 

$cat = array();

 

if (tep_admin_check_boxes('configuration.php') != false) {

 

array_push($cat,array('title' => BOX_HEADING_CONFIGURATION,

//Admin begin

'access' => tep_admin_check_boxes('configuration.php'),

//Admin end

'image' => 'configuration.gif',

'href' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=1'),

'children' => array(array('title' => BOX_CONFIGURATION_MYSTORE, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=1')),

array('title' => BOX_CONFIGURATION_LOGGING, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=10')),

array('title' => BOX_CONFIGURATION_CACHE, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=11')))));

}

 

if(tep_admin_check_boxes('modules.php') != false) {

array_push($cat,array('title' => BOX_HEADING_MODULES,

//Admin begin

'access' => tep_admin_check_boxes('modules.php'),

//Admin end

'image' => 'modules.gif',

'href' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=payment'),

'children' => array(array('title' => BOX_MODULES_PAYMENT, 'link' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=payment')),

array('title' => BOX_MODULES_SHIPPING, 'link' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=shipping')))));

}

 

 

*************

and continue throughout the rest of the arrays ..

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

this is caused because the definitions are too low in the file, they need to be moved up to the top. this was changed in the 2.2 release. i now get two emails sometimes, one correct and one old one, but at least the correct info is being sent.

Thanks, but I'm not sure I understand. I am using the 2.2 release so something is still wrong :?. The definitions are about halfway down the english/admin_members.php file, but even when I moved them to the very top, it didn't change. Also, how could the placement end up sending two emails? Sorry for sounding dense, but I am trying to grasp this and want to get it right. Could you explain what and where you mean? Thanks!

 

I think that might be on purpose... A lot of emails you get when you sign up for things don't print the password... that is a good thing. I hate it when I get a password sent to me in plian text...

I think you are right about this. I had to add $hiddenPassword="-hidden-" in one spot because one of the emails had nothing where the -hidden- should have been, but that's another story :) .

 

David

Link to comment
Share on other sites

let me know if you find any omits or irregularities.   All credit goes to Zaenal Muttaqin for the original, I just hacked this for MS2 and re-versioned it 2.0.

Hi papasan,

 

This is the way the open source growth and should become. Many thanks for your work. I really appreciate it.

 

I just migrate to MS2 anyway :wink:

 

Regards,

zaenal

Link to comment
Share on other sites

well you could do something like this example then

 

$cat = array();

 

if (tep_admin_check_boxes('configuration.php') != false) {

 

 array_push($cat,array('title' => BOX_HEADING_CONFIGURATION,

 

*************

and continue throughout the rest of the arrays ..

 

Strider, once again, thanks! I got it up n running... Works great. Now each time a different user logs in, the index.php ONLY displays the sections (boxes) he has access to.

 

I dont know if anyone is interested in having that code, but I would post it here or send it if its any help!

Link to comment
Share on other sites

I am having session problems. Everything seems to go smooth, but if I stand idle for awhile and try to do something I receive session errors and headers already sent errors. I am wondering if it is in the cookie expiration settings? Has anyone else experienced something like this because I don't quite know how to explain it. :cry:

Link to comment
Share on other sites

Hi Everyone,

 

In my search for Decent Admin Protection.. I decided to install this Contribution.

 

I don't know if I did anything wrong.. But I worked diligently for 3 hours going through each file adding each //Admin begin here comments to each of the files mentioned.

 

First off, are you supposed to have double categories on the left while in your admin? And when you turn on the red light, via the File Access section, that's the only way to make the double category go away. And then me being top administrator.. I'm being told that I can't access files.. And certain categories all together aren't showing up.. Like for example:

 

"Customers Orders"

 

I can see Customers.. But it won't let me access the orders.. And that's just an example.. This is happening pretty much all over.. I really need some help here.. After 3 hours of this.. My eyes are tired of looking at code.. And i'm sleepy now.. lol

 

The main reason i wanted this contribution was to protect my admin of all things.. And of course. .Thinking of the future if I were to ever hire anyone later down the road or just plain give another person admin rights to my site..

 

Thanks so much..

 

Christine

Link to comment
Share on other sites

Thanks, but I'm not sure I understand. I am using the 2.2 release so something is still wrong . The definitions are about halfway down the english/admin_members.php file, but even when I moved them to the very top, it didn't change. Also, how could the placement end up sending two emails? Sorry for sounding dense, but I am trying to grasp this and want to get it right. Could you explain what and where you mean? Thanks!

 

I don't like to repost my own stuff but can anyone comment on this? Seems like a minor thing but I haven't yet figured it out. If you understand it or could explain your original comments more clearly, I would appreciate it!

 

David

Link to comment
Share on other sites

Hello,

Many thanks for this contribution. This is exactly what I've been looking for. Question, though. Can anyone tell me what the default password for users is? I'm trying to set up a few users, and I don't know how to assign them passwords, nor do I know the default password that is being set for them.

Cheers,

Anthony

Link to comment
Share on other sites

Hello,

Many thanks for this contribution.  This is exactly what I've been looking for.  Question, though.  Can anyone tell me what the default password for users is?  I'm trying to set up a few users, and I don't know how to assign them passwords, nor do I know the default password that is being set for them.  

Cheers,

Anthony

 

Anthony, there is no default pass for users, I believe it creates a random password and it sends it via email to the email address you specified for the user. The first time the user logs in with that password, he/she can change the password.

For the admin, there is a default pass... its admin

Link to comment
Share on other sites

Thanks, but I'm not sure I understand. I am using the 2.2 release so something is still wrong . The definitions are about halfway down the english/admin_members.php file, but even when I moved them to the very top, it didn't change. Also, how could the placement end up sending two emails? Sorry for sounding dense, but I am trying to grasp this and want to get it right. Could you explain what and where you mean? Thanks!

 

you want to be looking at admin/password_forgotten.php where the email is actually sent out. in 2.2 right at the top of the file is

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

a little different from the older versions where the language file isn't defined until after the email code.

Link to comment
Share on other sites

DavidR

 

played around with this a little. apparently the 'password_forgotten.php' file was miss-coded for SSL just like the 'login.php' file was and i missed it. Try changing...

<?php echo tep_draw_form('login', password_forgotten.php?action=process'); ?>

to

<?php echo tep_draw_form('login', FILENAME_PASSWORD_FORGOTTEN, 'action=process'); ?>

Link to comment
Share on other sites

Hi Everyone,

 

        In my search for Decent Admin Protection.. I decided to install this Contribution.

 

  I don't know if I did anything wrong.. But I worked diligently for 3 hours going through each file adding each //Admin begin here comments to each of the files mentioned.

 

 First off, are you supposed to have double categories on the left while in your admin? And when you turn on the red light, via the File Access section, that's the only way to make the double category go away. And then me being top administrator..  I'm being told that I can't access files.. And certain categories all together aren't showing up.. Like for example:

 

"Customers Orders"

 

I can see Customers.. But it won't let me access the orders.. And that's just an example.. This is happening pretty much all over.. I really need some help here.. After 3 hours of this.. My eyes are tired of looking at code.. And i'm sleepy now.. lol  

 

 The main reason i wanted this contribution was to protect my admin of all things.. And of course. .Thinking of the future if I were to ever hire anyone later down the road or just plain give another person admin rights to my site..

 

Thanks so much..

 

 Christine

 

I was thinking that maybe the // commenting out for example:

 

//Admin begin

// '<a href="' . tep_href_link(FILENAME_CATEGORIES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_PRODUCTS_ATTRIBUTES, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_CATEGORIES_PRODUCTS_ATTRIBUTES . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_MANUFACTURERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_MANUFACTURERS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_REVIEWS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_REVIEWS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_SPECIALS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_SPECIALS . '</a><br>' .

// '<a href="' . tep_href_link(FILENAME_PRODUCTS_EXPECTED, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_CATALOG_PRODUCTS_EXPECTED . '</a>');

tep_admin_files_boxes(FILENAME_CATEGORIES, BOX_CATALOG_CATEGORIES_PRODUCTS) .

tep_admin_files_boxes(FILENAME_PRODUCTS_ATTRIBUTES, BOX_CATALOG_CATEGORIES_PRODUCTS_ATTRIBUTES) .

tep_admin_files_boxes(FILENAME_MANUFACTURERS, BOX_CATALOG_MANUFACTURERS) .

tep_admin_files_boxes(FILENAME_REVIEWS, BOX_CATALOG_REVIEWS) .

tep_admin_files_boxes(FILENAME_SPECIALS, BOX_CATALOG_SPECIALS) .

tep_admin_files_boxes(FILENAME_PRODUCTS_EXPECTED, BOX_CATALOG_PRODUCTS_EXPECTED));

//Admin end

 

Seems like is happening in a few of the files via admin/includes/boxes

I was wondering if it's possible that this is why i'm seeing repeat categories in my left menu via the admin section of my cart? Does anyone have any ideas?

 

Also, granted that I have a few other contributions running and installed. So I had to put all lines from the changed files section of this contribution myself. Every seems to be okay.. Except that I as administrator can't access certain categories, even though I have the green light on them for Top Administrator.. Don't work.. :( and the fact that i'm seeing the categories repeating themselves directly underneith the administrators option on the left hand side..

God, I hope I'm making sense here.. I'm trying to be as expicit as I can without going off rambling.. Well anyway, thank you.. and any help would be appreciated.. :)

 

Christine

Link to comment
Share on other sites

Hi Everyone,

 First off, are you supposed to have double categories on the left while in your admin? And when you turn on the red light, via the File Access section, that's the only way to make the double category go away. And then me being top administrator..  I'm being told that I can't access files.. And certain categories all together aren't showing up.. Like for example:

 Christine

 

sounds like you left in the original catagories. if you look at 'column_left.php' i commented out the original catagories before making the neccessary changes. then if you look at all the associated boxes i commented out the original code (just in case anyone wanted to revert to pre-admin code) before making the changes. sounds like you left the original code in place without commenting it out or deleting it.

Link to comment
Share on other sites

she's flipping out on the admin_files.

admin_files is a table that you created when you installed the code, if you installed it correctly.

it is a table of linked id's

admin_files_id admin_files_name admin_files_is_boxes admin_files_to_boxes admin_groups_id

this table tells the mod which programs can be used by which group. It is very self evident if you look at it. If you add more admin prog's then you need to add them to this list because you will not be able to control access to them any other way.

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

Papasan,

 

Thank you very much! That was what it was.. Those lines were not commented out in the colum_left.php file.. That did the trick.. Thank you again :)

 

Too much looking at code and concentrating on the contribution can make a bit dizzy with all of it.. Get to be overwhelming.. lol

 

 

Strider,

 

Thank you for pointing out the obvious.. And I wasn't flipping out.. Just on you.. ROTF!! hehehehee

 

Well anyways.. I started to add the files via the File Access option in the Administrator menu.. And to be quite honest.. I know the files that belong to certain categories.. Like the who's online and server info and mail files all belong in TOOLs category.. But I hate to sound like a dunce.. But because I don't use all the files all the time.. I don't know where there perspective places are.. And if you put a file in the wrong category by mistake.. It doesn't show up or work for that category.. So what I'm getting at here is if you would be so kind as to make a list of which file goes where.. Just to simplify things .. If you could.. Other than that.. One could be working for hours on something that could be remedied by just referring to a simple list of where to put what.. And wella..

 

Thank you again Papasan and Strider for all your help.. This is truly a wonderful contribution.. :)

 

Christine

Link to comment
Share on other sites

DavidR

 

played around with this a little.  apparently the 'password_forgotten.php' file was miss-coded for SSL just like the 'login.php' file was and i missed it.  Try changing...

<?php echo tep_draw_form('login', password_forgotten.php?action=process'); ?>

to

<?php echo tep_draw_form('login', FILENAME_PASSWORD_FORGOTTEN, 'action=process'); ?>

 

Thanks papasan, I have made this change but I may have been unclear about the problem I am having. When an admin logs in, goes to My Account and then changes their password, the email that is generated upon saving the info comes through with the subject "ADMIN_EMAIL_SUBJECT" and the body as "ADMIN_EMAIL_TEXT". This seems to be generated in admin_account.php. If I define these two constants at the top of that file, it works - however I'm don't understand why it isn't working in the first place and why no one else has complained about it (except one). Can you verify this on your own installation?

 

Second, I inserted "$hiddenPassword = '-hidden-';" at line 38 in admin_account.php, otherwise once I got the email to work correctly the place in the body where it should say "-hidden-" is blank.

 

Last, it seems there should be a different email subject and body when info is changed in an admin account as opposed to when the account is first created. It looks like it is sending the same message for both occassions because it is triggered on the "action=save_account" in each instance. For now I would be happy to understand why I am having the problem above and then I can probably fix the rest. Let me know what you think. This is way to useful a contribution not to keep at it :wink:

 

David

Link to comment
Share on other sites

alright...four changes...

 

to fix your problem, DavidR, add these lines to 'includes/languages/[LANGUAGE]/admin_account.php':

define('ADMIN_EMAIL_SUBJECT', 'Personal Information Change');

define('ADMIN_EMAIL_TEXT', 'Hi %s,' . "nn" . 'Your personal information, perhaps including your password, has been changed.  If this was done without your knowledge or consent please contact the administrator immediatly!' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

and, add this line to 'admin_account.php' under 'case 'save_account':':

$hiddenPassword = '-hidden-';

 

found another email discrepencey...add these lines to ''includes/languages/[LANGUAGE]/admin_members.php':

define('ADMIN_EMAIL_EDIT_SUBJECT', 'Admin Member Profile Edit');

define('ADMIN_EMAIL_EDIT_TEXT', 'Hi %s,' . "nn" . 'Your personal information has been updated by an administrator.' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

and in 'admin_members.php' under 'case 'member_edit':' change:

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

to:

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_EDIT_SUBJECT, sprintf(ADMIN_EMAIL_EDIT_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

Link to comment
Share on other sites

Hi Again,,

 

Can someone please tell me where I can change the Auto Time-Out/Log-off Lenght, I just spent 30 Minutes writting up a new product I hit SUBMIT and the bloody admininstration logged me out/Timmed out whatever, so I signs back-in to find my new product was lost... ARH!! man was I spewen!!

 

Help plz.............

 

Cheers MaxiDVD :lol:

Link to comment
Share on other sites

alright...four changes...

 

to fix your problem, DavidR, add these lines to 'includes/languages/[LANGUAGE]/admin_account.php':

define('ADMIN_EMAIL_SUBJECT', 'Personal Information Change');

define('ADMIN_EMAIL_TEXT', 'Hi %s,' . "nn" . 'Your personal information, perhaps including your password, has been changed.  If this was done without your knowledge or consent please contact the administrator immediatly!' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

and, add this line to 'admin_account.php' under 'case 'save_account':':

$hiddenPassword = '-hidden-';

 

found another email discrepencey...add these lines to ''includes/languages/[LANGUAGE]/admin_members.php':

define('ADMIN_EMAIL_EDIT_SUBJECT', 'Admin Member Profile Edit');

define('ADMIN_EMAIL_EDIT_TEXT', 'Hi %s,' . "nn" . 'Your personal information has been updated by an administrator.' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

and in 'admin_members.php' under 'case 'member_edit':' change:

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

to:

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_EDIT_SUBJECT, sprintf(ADMIN_EMAIL_EDIT_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

Hi Papasan ,

 

I just wanted to let you know that all worked out okay.. I must of been totally frazzled the other night after hours of work.. lol But I managed to fix everything so far, including putting the files all in their rightful places I believe via the Account Levels Admin mod.. :)

 

Now that I'm on the same page as everyone else here on this contribution.. I'm having a hard time finding this:

 

add this line to 'admin_account.php' under 'case 'save_account':':

$hiddenPassword = '-hidden-';

 

I looked over the admin_account file diligently. And I'm not seeing any save account instance.. Am I missing something perhaps?

 

If there are specific lines that this new code of yours needs to be placed at.. Please specify what lines they are to be placed on.. Pretty please? hehehe .. I don't mean to be a pain in the butt.. Just am a little anal in having everything done.. and done right.. My bad.. lol

 

I would just like to say once again that this is a great contribution and is coming along quite nicely.. I feel as if I have top of the line security for my admin now.. And am comfy now. :)

 

Christine

Link to comment
Share on other sites

Hi Seth,

 

I just installed your ver 2.2 on my MS2.

 

Works well except I am getting the same email errors: subj = ADMIN_EMAIL_SUBJECT and body = ADMIN_EMAIL_TEXT. Plus I have not moved to my live site yet so I don't know how it will work with SSL.

 

I just wanted to clarify: To be up to date on bug fixes, I presume I need to apply the changes that Christine repeated in the post above mine. Are these the only ones (after reading this whole thread I was getting fried).

 

One other thing, I am a bit confused on the purpose of the File Access section. Why would you want to turn the Status to red for any of the boxes? What does store files mean? Is this for adding new boxes when you add a new contrib?

 

Btw, very nice contrib.

 

Kirk

Boom... Big butta boom.

Link to comment
Share on other sites

Now that I'm on the same page as everyone else here on this contribution.. I'm having a hard time finding this:

 

add this line to 'admin_account.php' under 'case 'save_account':':

$hiddenPassword = '-hidden-';

 

"case 'save_account':" is on line 33 in my 'admin/admin_account.php'. the hidden definition can go anywhere between that and the 'tep_mail()' statement.

 

Works well except I am getting the same email errors: subj = ADMIN_EMAIL_SUBJECT and body = ADMIN_EMAIL_TEXT.  Plus I have not moved to my live site yet so I don't know how it will work with SSL.

 

One other thing, I am a bit confused on the purpose of the File Access section.  Why would you want to turn the Status to red for any of the boxes? What does store files mean? Is this for adding new boxes when you add a new contrib?

 

yes, you need to make the changes in the previous posts, or wait a couple days and i'll u/l a new revision after no one complains about errors =).

 

the red boxes are for making new admin groups and turning off sections. say you want to add a user that would have access to only the cutomers and orderign section. then you would make all the boxes red for that group except the customer/ordering catagory. play around with it a little, i'm sure you'll pick it up.

Link to comment
Share on other sites

Christine wrote

I must of been totally frazzled ... lol But I managed to fix everything so far, including putting the files all in their rightful places I believe via the Account Levels Admin mod..  

and My question is .. there is an Accounts Levels Admin for files? .. damn and I have been doing it by hand all this time........

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

MaxiDVD wrote:

Can someone please tell me where I can change the Auto Time-Out/Log-off Lenght, I just spent 30 Minutes writting up a new product I hit SUBMIT and the bloody admininstration logged me out/Timmed out whatever, so I signs back-in to find my new product was lost... ARH!! man was I spewen!!

 

Is there an answer for this. It times out way too quick. We work in it all day and need to set it way high or turn it off.

 

Kirk

Boom... Big butta boom.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...