Jump to content
Sign in to follow this  
papasan

[CONTRIB] Admin Access Level Accounts for MS2

Recommended Posts

Just wanted to add one more thing I tried which has worked nicely.

 

For those of you who want to bypass the default blue screen after logging in; change the following:

 

1) Open admin\login.php

2) Find the following(around line 50):

 

//$date_now = date('Ymd');

tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

 

if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin@localhost') || ($login_modified == '0000-00-00 00:00:00')) {

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));

} else {

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));

}

 

and change to:

 

//$date_now = date('Ymd');

tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));

 

As you can see i have simply removed the if/else statement to redirect to the "my account" page regardless of any previous login status. Be careful when deleting the closing brackets. The closing bracket directly after the last line should be deleted leaving you with 3 closing brackets before the next set of statements. This will not affect the default warnings when an admin logs in for the first time as these are taken care of by the admin_account.php file.

 

Hope you find this useful.

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for looking at post. I have a problem with the admin accounts module. I've installed the the module and register globals off module. All was working fine with register globals off before installing this module.

 

In the admin side when i search for product or use category drop down list i'm automatically redirected to admin login page. I disabled contribution in the application_top.php page and the search and drop down works. So it is something to do with this module. I have searched high and low for solution, but unable to find one. I would really appreciate any help, advice, suggestions you may have. Thanks in advance. Have a good day!!

 

Steven

Edited by stebut07

Share this post


Link to post
Share on other sites

Hi All,

 

Great contribution but I'm having some problems. I've searched the thread and made sure that the tep_merge_array isn't in my code and it's not. But here are the errors I'm getting.

 

Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /var/www/tranquilsense/admin/admin_members.php on line 358

 

Warning: reset() [function.reset]: Passed variable is not an array or object in /var/www/tranquilsense/admin/includes/classes/object_info.php on line 17

 

Warning: Variable passed to each() is not an array or object in /var/www/tranquilsense/admin/includes/classes/object_info.php on line 18

 

Any help is greatly appreciated!

 

Thanks - Zack

Share this post


Link to post
Share on other sites

Hi all! I'm trying to get this huge contrib working on 2.2rc2.. on PHP5 and MySQL5, i've installed all, but when i try to get into admin section my browser just stops telling that the page redirects incorrectly, firefox detected that the server redirects the request in a way that could never be completed....

 

ive seen that on function tep_admin_check_login() there is a redirect, and on application_top.php, there is the inclusion of that function, seems wrong the code on application_top.php:

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {

in fact, i'm on the page declared under "FILENAME_LOGIN" but seems that it doesn't see the name of the page...

as is, the code seems to be right but.. can someone help me on this problem?

Share this post


Link to post
Share on other sites
Hi all! I'm trying to get this huge contrib working on 2.2rc2.. on PHP5 and MySQL5, i've installed all, but when i try to get into admin section my browser just stops telling that the page redirects incorrectly, firefox detected that the server redirects the request in a way that could never be completed....

 

ive seen that on function tep_admin_check_login() there is a redirect, and on application_top.php, there is the inclusion of that function, seems wrong the code on application_top.php:

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {

in fact, i'm on the page declared under "FILENAME_LOGIN" but seems that it doesn't see the name of the page...

as is, the code seems to be right but.. can someone help me on this problem?

 

I've got it to work... need to replace (for PHP5) all $PHP_SELF with $_SERVER['PHP_SELF'] and all $HTTP_SERVER_VARS (DEPRECATED) WITH $_SERVER (pay attention, some server vars have canged names!!!!), $HTTP_GET_VARS with $_GET and $HTTP_POST_VARS with $_POST then replace:

 

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) { 	   tep_admin_check_login(); 
 }

 

 

with:

 

 

$trovato = 0;
$string = array("login_admin.php", "login.php", "password_forgotten.php", "forbidden.php");
$container = $_SERVER['PHP_SELF'];
foreach ($string as $key)
{
if(strstr($container,$key)) $trovato = $trovato+1;
}

if ($trovato == 0) {
   tep_admin_check_login(); 
 }

Share this post


Link to post
Share on other sites

Hi there,

 

i have just installed this on my live site and once I uploaded all the new files I realised there was a lot more work to be done than i originally thought (I have a heavily modified site)

 

The problem I have is a weird one. When I first went to login the email address was already completed with my personal one dave@whatever.com. I didn't really think anything about it and proceeded to login with the details provided in the install.

 

I have since uninstalled this contribution overwriting all the files with me existing ones.

 

Whilst working on the site today I have found that if I create a new customer or create an order for an existing customer (using manual order maker) their email address is already completed with my one, dave@whatever.com even if the customer already has an email address in the system.

 

I realise that on the face of it it doesn't look like a problem for this contribution but it has started happening as a result of it after i installed it last night.

 

Anyone have any ideas?

 

Thanks

 

Dave

Share this post


Link to post
Share on other sites
Hi there,

 

i have just installed this on my live site and once I uploaded all the new files I realised there was a lot more work to be done than i originally thought (I have a heavily modified site)

 

The problem I have is a weird one. When I first went to login the email address was already completed with my personal one dave@whatever.com. I didn't really think anything about it and proceeded to login with the details provided in the install.

 

I have since uninstalled this contribution overwriting all the files with me existing ones.

 

Whilst working on the site today I have found that if I create a new customer or create an order for an existing customer (using manual order maker) their email address is already completed with my one, dave@whatever.com even if the customer already has an email address in the system.

 

I realise that on the face of it it doesn't look like a problem for this contribution but it has started happening as a result of it after i installed it last night.

 

Anyone have any ideas?

 

Thanks

 

Dave

 

It turns out that it was a cookie problem, I'm not sure the exact cause, anyway sorted now

 

All the best

 

Dave

Share this post


Link to post
Share on other sites

If I missed this answer in the forum, my apologies....

 

Anyone know how to extend the time-out/log-off so that the contrib does not log off the admins so quickly? We do not allow the storage or user names on the PCs here. Thus, admins must continually re-enter user IDs and passwords. This is an issue if working with a customer. I just want to extend the time by 15 min so that the probability of auto log out is much less.

 

Thanks,

David


Anthony David

AllThingsTrendy.com

Share this post


Link to post
Share on other sites
I've got it to work... need to replace (for PHP5) all $PHP_SELF with $_SERVER['PHP_SELF'] and all $HTTP_SERVER_VARS (DEPRECATED) WITH $_SERVER (pay attention, some server vars have canged names!!!!), $HTTP_GET_VARS with $_GET and $HTTP_POST_VARS with $_POST then replace:

 

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {		tep_admin_check_login(); 
 }

 

 

with:

 

 

$trovato = 0;
$string = array("login_admin.php", "login.php", "password_forgotten.php", "forbidden.php");
$container = $_SERVER['PHP_SELF'];
foreach ($string as $key)
{
if(strstr($container,$key)) $trovato = $trovato+1;
}

if ($trovato == 0) {
   tep_admin_check_login(); 
 }

 

I did it according to the above step, but it will not work still on osc RC2a.

 

Best Regards,

Share this post


Link to post
Share on other sites

I am guessing newer versions of OsC are not compatible with this contrib? When I first got started to manually edit files admin/index.php I quickly realized that none of the code referenced matches my own. I really needed a solution like this and this appeared to be the only one of its kind which is useless for me and people with the newer installations I am assuming. I even took the time to try an find a work around for the changes in structure. I just could not make it happen. Really could have used this one.

Share this post


Link to post
Share on other sites

Thank you, your code help part of my odd problem.

 

I have the Admin Access Levels contribution working implementing it this way - http://forums.oscommerce.com/index.php?sho...00#entry1359160

 

The Admin Access Levels was working fine but strangely enough after I moved it to another computer - with same setup, I started getting errors. One was the dreaded Redirect Loop

(Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked. The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete. Have you disabled or blocked cookies required by this site? NOTE: If accepting the site's cookies does not resolve the problem, it is probably a server configuration issue and not your computer.)
which your bit of code helped.

 

The other occurred once I was able to log in - but this error appeared where the administration menu boxes were supposed to be:

 

Error!

 

Unable to determine the page link!

 

Function used:

 

tep_href_link('', 'selected_box=administrator', 'NONSSL')

 

This code helped http://forums.oscommerce.com/index.php?sho...aded&start=

 

Except that I placed the code:

if (($PHP_SELF == '') || (strlen(trim($PHP_SELF)) == 0)) $PHP_SELF = rtrim(str_replace(array( getenv('PATH_INFO'),getenv('QUERY_STRING')) , '', $_SERVER['REQUEST_URI']), '?');

 

under this in /admin/includes/application_top.php

 

// set php_self in the local scope
 $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);

 

 

I'd greatly appreciate it if someone might be able provide permanent fixes for the /admin/includes/application_top.php file. I think we'll see more problems with PHP5+?

 

 

 

I've got it to work... need to replace (for PHP5) all $PHP_SELF with $_SERVER['PHP_SELF'] and all $HTTP_SERVER_VARS (DEPRECATED) WITH $_SERVER (pay attention, some server vars have canged names!!!!), $HTTP_GET_VARS with $_GET and $HTTP_POST_VARS with $_POST then replace:

 

if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) { 	   tep_admin_check_login(); 
 }

 

 

with:

 

 

$trovato = 0;
$string = array("login_admin.php", "login.php", "password_forgotten.php", "forbidden.php");
$container = $_SERVER['PHP_SELF'];
foreach ($string as $key)
{
if(strstr($container,$key)) $trovato = $trovato+1;
}

if ($trovato == 0) {
   tep_admin_check_login(); 
 }

Share this post


Link to post
Share on other sites

Hi all,

 

I have this contribution installed and sort of working on RC2; I do have one small issue though, that I hope someone may be able to help with....

 

...if I navigate to the admin section of our test site, the original osCommerce login page appears. If I login using the original osCommerce login page, only then am I taken to the new Admin Access Level Accounts login page. How can I stop the original login page from being used? Shouldn't the new login page be a replacement, rather than a supplement to the original login?

 

 

Cheers,

Paul

Share this post


Link to post
Share on other sites

Hi,

 

Does anyone have a solution to the problem that Scott (partsace) was having here: http://forums.oscommerce.com/index.php?sho...st&p=243950?

 

I installed the contribution yesterday, and got it working great; then I come back into work this morning, and every login attempt I make just redirects me back to the login page; I too can see the number of logins for the account I am using being incremented in the database, the same as Scott could, so I know the login is being processed.

 

Only thing that I can think of that might be affecting this, that may have changed since yesterday, is the fact that my original admin session (from prior to installing this contribution) will now be gone; is a missing oscid for the admin likely to be the problem here, or something else?

 

Any comments will be gratefully received.

 

 

Cheers,

Paul

Share this post


Link to post
Share on other sites

Hi,

 

Ok sorted......

 

.... if you are having the same problem that me and Scott both had, where you are returned to the login page even though you supply the correct user name and password, and you can see your successful logins being recorded in the "admin_lognum" field of the database table "admin", the following fix may work for you. Bear in mind that I am using "Multi admin with levels" not "Admin Access Level Accounts", although from what I can gather they are very similar; the reason I posted here is twofold, firstly, because the contributions are so similar, and also because "Multi admin with levels" has no support forum thread.

 

Ok, the fix: I have had a close look at the install instructions for both contributions (maybe someone will point out that I haven't looked close enough), and neither of them appear to state that the following code needs to be removed, or commented out in "admin/includes/application_top.php":

 

// redirect to login page if administrator is not yet logged in
 if (!tep_session_is_registered('admin')) {
$redirect = false;

$current_page = basename($PHP_SELF);

if ($current_page != FILENAME_LOGIN) {
  if (!tep_session_is_registered('redirect_origin')) {
	tep_session_register('redirect_origin');

	$redirect_origin = array('page' => $current_page,
							 'get' => $HTTP_GET_VARS);
  }

  $redirect = true;
}

if ($redirect == true) {
  tep_redirect(tep_href_link(FILENAME_LOGIN));
}

unset($redirect);
 }

 

 

The reason that I didn't see this pitfall yesterday when I installed "Multi admin with levels" must be because residual information left in my session from using the original oscommerce login method earlier in the day (i.e. $_SESSION['admin']), was allowing my login attempts to proceed through this code in "application_top.php"; once the session was gone, I was screwed!!

 

If you too are unable to login after installing either "Admin Access Level Accounts" or "Multi admin with levels", then check your "admin/includes/application_top.php" file for the code above, and remove it.

 

Cheers,

Paul

Share this post


Link to post
Share on other sites

Hi,

 

Ok sorted......

 

.... if you are having the same problem that me and Scott both had, where you are returned to the login page even though you supply the correct user name and password, and you can see your successful logins being recorded in the "admin_lognum" field of the database table "admin", the following fix may work for you. Bear in mind that I am using "Multi admin with levels" not "Admin Access Level Accounts", although from what I can gather they are very similar; the reason I posted here is twofold, firstly, because the contributions are so similar, and also because "Multi admin with levels" has no support forum thread.

 

Ok, the fix: I have had a close look at the install instructions for both contributions (maybe someone will point out that I haven't looked close enough), and neither of them appear to state that the following code needs to be removed, or commented out in "admin/includes/application_top.php":

 

// redirect to login page if administrator is not yet logged in
 if (!tep_session_is_registered('admin')) {
$redirect = false;

$current_page = basename($PHP_SELF);

if ($current_page != FILENAME_LOGIN) {
  if (!tep_session_is_registered('redirect_origin')) {
	tep_session_register('redirect_origin');

	$redirect_origin = array('page' => $current_page,
							 'get' => $HTTP_GET_VARS);
  }

  $redirect = true;
}

if ($redirect == true) {
  tep_redirect(tep_href_link(FILENAME_LOGIN));
}

unset($redirect);
 }

 

 

The reason that I didn't see this pitfall yesterday when I installed "Multi admin with levels" must be because residual information left in my session from using the original oscommerce login method earlier in the day (i.e. $_SESSION['admin']), was allowing my login attempts to proceed through this code in "application_top.php"; once the session was gone, I was screwed!!

 

If you too are unable to login after installing either "Admin Access Level Accounts" or "Multi admin with levels", then check your "admin/includes/application_top.php" file for the code above, and remove it.

 

Cheers,

Paul

 

I tried your fix. To no avail. Now I get an error message stating:

 

Fatal error: Call to undefined function tep_admin_check_login() in /catalog/admin/includes/application_top.php on line 243

 

 

Line 243 reads:

if (basename($PHP_SELF) != FILENAME_LOGIN_ADMIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {

tep_admin_check_login();

}

 

 

Any thoughts?

Edited by suzibird

Share this post


Link to post
Share on other sites

I tried your fix. To no avail. Now I get an error message stating:

 

Fatal error: Call to undefined function tep_admin_check_login() in /catalog/admin/includes/application_top.php on line 243

 

 

Line 243 reads:

if (basename($PHP_SELF) != FILENAME_LOGIN_ADMIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN && basename($PHP_SELF) != FILENAME_FORBIDDEN) {

tep_admin_check_login();

}

 

 

Any thoughts?

 

 

you may have missed the functions in general.php

Share this post


Link to post
Share on other sites

After making all the coding modifications, these errors come up when accessing the admin panel:

 

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/xxxxxx/public_html/store/admin/includes/filenames.php:155) in /home/xxxxx/public_html/store/admin/includes/functions/sessions.php on line 102

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/xxxxxx/public_html/store/admin/includes/filenames.php:155) in /home/xxxxxx/public_html/store/admin/includes/functions/sessions.php on line 102

 

Warning: Cannot modify header information - headers already sent by (output started at /home/xxxxxx/public_html/store/admin/includes/filenames.php:155) in /home/xxxxxx/public_html/store/admin/includes/functions/general.php on line 123

 

Ideas?

Share this post


Link to post
Share on other sites

Im having trouble adding this contribution to a slightly modified RC2a. The instructions say I should modify the admin/includes/header.php file by replacing this line:

 

<td class="headerBarContent">  <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td>

 

However my line looks different:

 

<td class="headerBarContent">  <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>  |  <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a>'; ?></td>

 

No modifications have been made to my header.php file, so I am confused.

Edited by awscales

Share this post


Link to post
Share on other sites

Great contribution! :) but forum & discussions cannot be easily found because of the way the topic is named.

Could we change it by removing the [CONTRIB] at the begining of the file?

Edited by w3coy

Share this post


Link to post
Share on other sites

I have a little challenge and would appreciate some help. i still get error '1065 Query was empty' could you help?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×