Jump to content
Sign in to follow this  
papasan

[CONTRIB] Admin Access Level Accounts for MS2

Recommended Posts

How do you set https for admin?

 

this is my admin configure.php

 

<?php

/*

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com



 Copyright (c) 2003 osCommerce



 Released under the GNU General Public License

*/



// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

 define('HTTP_SERVER', 'http://www.orphonsoul.com'); // eg, http://localhost - should not be empty for productive servers

 define('HTTP_CATALOG_SERVER', 'http://www.orphonsoul.com');

 define('HTTPS_CATALOG_SERVER', 'https://orphonsoul.com');

 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 define('DIR_FS_DOCUMENT_ROOT', '/home/username/public_html/'); // where the pages are located on the server

 define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

 define('DIR_FS_ADMIN', '/home/username/public_html/catalog/admin/'); // absolute path required

 define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

 define('DIR_FS_CATALOG', '/home/username/public_html/catalog/'); // absolute path required

 define('DIR_WS_IMAGES', 'images/');

 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

 define('DIR_WS_INCLUDES', 'includes/');

 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');



// define our database connection

 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

 define('DB_SERVER_USERNAME', 'DBusername');

 define('DB_SERVER_PASSWORD', 'DBpassword');

 define('DB_DATABASE', 'DBname');

 define('USE_PCONNECT', 'false'); // use persisstent connections?

 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>


Angela

Share this post


Link to post
Share on other sites

Change your HTTP_SERVER variable to the https URL, i.e.

define('HTTP_SERVER', 'https://www.orphonsoul.com');

or whatever your HTTPS_SERVER is in catalog. If you wanted your whole site to be in SSL, you could do this in catalog as well. However, for performance reasons, it makes more sense to make just the private pages (account, checkout, etc.) be SSL, so catalog has two server variables between which it can switch.

 

Hth,

Matt

Share this post


Link to post
Share on other sites

That worked thanks!!!!!!

 

Now for another question... I changed my password and I got an auto email.

 

The Subject was: ADMIN_EMAIL_SUBJECT

 

And the body was: ADMIN_EMAIL_TEXT

 

I looked in admin/includes/languages/english/admin_members.php and it looks like they are both defined.

 

Thanks again, I love this place :)


Angela

Share this post


Link to post
Share on other sites

Actually the answer to the ssl question is that admin/includes/configure.php needs the line

 

define('ENABLE_SSL', 'true'); // secure webserver for admin module

 

I think placed in it.

 

because in the current setup it is still not working and yet your catalog store is playing fine with the https.

 

but then I am no code monger so I could be very wrong


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

The previous answere fixed my SSL problem...

 

But I still don't know why my email isn't defined


Angela

Share this post


Link to post
Share on other sites

yes it did make it work .... but when you mixup your http and your https and call a straight http with https instead .. will it work? ..


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

As of yet I don;t see a way to call any page that comes up broken in the catalog....

 

And in the admin, this makes it ALL https


Angela

Share this post


Link to post
Share on other sites

Can I Specify the Password for my Top Adminstrator, rather then have the auto assigned password?

 

I thought I seen an option before about changing the passwords but buggered if I can find it now..

 

Cheers MaxiDVD :-)

Share this post


Link to post
Share on other sites

I always wondered what that default password was.


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

so what is the default password so you can login


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

actually I did read the read me .. and I quote from that esteemed bible

"

The default admin is 'admin@localhost' with the password 'admin'. Your first job may well be changing this security hole.

but it didn't seem to work that's why I had to write an md5 filter to place one in there

*smiles*


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

I found a very small detail in admin/index.php that affects if you are not using english as main language (as I do)

Where it says: (line 77 in my index.php file)

 

'children' => array(array('title' => 'My Account', 'link' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'access' => 'true'),

array('title' => 'Logoff', 'link' => tep_href_link(FILENAME_LOGOFF),

 

You need to change to:

 

'children' => array(array('title' => HEADER_TITLE_ACCOUNT, 'link' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'access' => 'true'),

array('title' => HEADER_TITLE_LOGOFF, 'link' => tep_href_link(FILENAME_LOGOFF),

 

Hope that helps...

 

And one question... I just set this thing up and I noticed that no matter what "boxes" each user has activated, every time a user logs in, the index.php page shows all the options. Is there a way to only show the options that the user has activated (sorta like what is done in colum_left.php)?

 

Thanks in advance!

Share this post


Link to post
Share on other sites

yes you have to edit the index.php file with the if statements like in the example it comes with.


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites
yes you have to edit the index.php file with the if statements like in the example it comes with.

 

I haven't been able to figure out what examples you mean here. Can you explain?

 

I have the same issue with email to the main admin coming through with "ADMIN_EMAIL_SUBJECT" in the subject and "ADMIN_EMAIL_TEXT" in the body. These seem to be defined properly in english/admin_members.php and nothing else looks wrong. Has anyone else figures this one out?

 

I'm also having a problem not mentioned here. When a new admin user is created, the email that is sent is correct except that the password value is "-hidden-" in the body of the email. I have no clue on this one.

 

This looks like an excellent (and necessary) contribution. I might be able to figure more out with a clear head tomorrow, but any feedback is appreciated. I am installing on an "almost" fresh copy of MS2. Thanks!

 

David

Share this post


Link to post
Share on other sites
actually I did read the read me .. and I quote from that esteemed bible

"

The default admin is 'admin@localhost' with the password 'admin'. Your first job may well be changing this security hole.

but it didn't seem to work that's why I had to write an md5 filter to place one in there

*smiles*

 

d'oh! <remove foot from mouth>

 

logon: admin@localhost

pass: admin

 

definatly will change the readme...

 

I have the same issue with email to the main admin coming through with "ADMIN_EMAIL_SUBJECT" in the subject and "ADMIN_EMAIL_TEXT" in the body. These seem to be defined properly in english/admin_members.php and nothing else looks wrong. Has anyone else figures this one out?

 

this is caused because the definitions are too low in the file, they need to be moved up to the top. this was changed in the 2.2 release. i now get two emails sometimes, one correct and one old one, but at least the correct info is being sent.

Share this post


Link to post
Share on other sites

btw, admin@localhost / admin seems to work fine for me, i just ran the SQL from the distro and logged onto my admin section.

Share this post


Link to post
Share on other sites
I found a very small detail in admin/index.php that affects if you are not using english as main language (as I do)...

 

thanks, i made the changes for the next distro package.

Share this post


Link to post
Share on other sites
yes you have to edit the index.php file with the if statements like in the example it comes with.

 

Hmm, what example are you talking about? I tried the if statement that comes with column_left.php on the index.php but it didnt work... could you help me a bit more on this issue?

 

thanks!

Share this post


Link to post
Share on other sites

it is in the changed files/admin/index.php

the first part looks like

<?php

/*

$Id: index.php,v 1.19 2003/06/27 09:38:31 dgw_ Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

$cat = array(array('title' => BOX_HEADING_CONFIGURATION,

//Admin begin

'access' => tep_admin_check_boxes('configuration.php'),

//Admin end

'image' => 'configuration.gif',

'href' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=1'),

'children' => array(array('title' => BOX_CONFIGURATION_MYSTORE, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=1')),

array('title' => BOX_CONFIGURATION_LOGGING, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=10')),

array('title' => BOX_CONFIGURATION_CACHE, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=11')))),

array('title' => BOX_HEADING_MODULES,

//Admin begin

'access' => tep_admin_check_boxes('modules.php'),

//Admin end

'image' => 'modules.gif',

'href' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=payment'),

'children' => array(array('title' => BOX_MODULES_PAYMENT, 'link' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=payment')),

array('title' => BOX_MODULES_SHIPPING, 'link' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=shipping')))),

array('title' => BOX_HEADING_CATALOG,

//Admin begin

'access' => tep_admin_check_boxes('catalog.php'),

//Admin end

'image' => 'catalog.gif',

'href' => tep_href_link(FILENAME_CATEGORIES, 'selected_box=catalog'),

'children' => array(array('title' => CATALOG_CONTENTS, 'link' => tep_href_link(FILENAME_CATEGORIES, 'selected_box=catalog')),

array('title' => BOX_CATALOG_MANUFACTURERS, 'link' => tep_href_link(FILENAME_MANUFACTURERS, 'selected_box=catalog')))),

array('title' => BOX_HEADING_LOCATION_AND_TAXES,

//Admin begin

'access' => tep_admin_check_boxes('taxes.php'),

//Admin end

'image' => 'location.gif',

'href' => tep_href_link(FILENAME_COUNTRIES, 'selected_box=taxes'),

'children' => array(array('title' => BOX_TAXES_COUNTRIES, 'link' => tep_href_link(FILENAME_COUNTRIES, 'selected_box=taxes')),

array('title' => BOX_TAXES_GEO_ZONES, 'link' => tep_href_link(FILENAME_GEO_ZONES, 'selected_box=taxes')))),

array('title' => BOX_HEADING_CUSTOMERS,

//Admin begin

'access' => tep_admin_check_boxes('customers.php'),

//Admin end

'image' => 'customers.gif',

'href' => tep_href_link(FILENAME_CUSTOMERS, 'selected_box=customers'),

'children' => array(array('title' => BOX_CUSTOMERS_CUSTOMERS, 'link' => tep_href_link(FILENAME_CUSTOMERS, 'selected_box=customers')),

array('title' => BOX_CUSTOMERS_ORDERS, 'link' => tep_href_link(FILENAME_ORDERS, 'selected_box=customers')))),

array('title' => BOX_HEADING_LOCALIZATION,

//Admin begin

'access' => tep_admin_check_boxes('localization.php'),

//Admin end

'image' => 'localization.gif',

'href' => tep_href_link(FILENAME_CURRENCIES, 'selected_box=localization'),

'children' => array(array('title' => BOX_LOCALIZATION_CURRENCIES, 'link' => tep_href_link(FILENAME_CURRENCIES, 'selected_box=localization')),

array('title' => BOX_LOCALIZATION_LANGUAGES, 'link' => tep_href_link(FILENAME_LANGUAGES, 'selected_box=localization')))),

array('title' => BOX_HEADING_REPORTS,

//Admin begin

'access' => tep_admin_check_boxes('reports.php'),

//Admin end

'image' => 'reports.gif',

'href' => tep_href_link(FILENAME_STATS_PRODUCTS_PURCHASED, 'selected_box=reports'),

'children' => array(array('title' => REPORTS_PRODUCTS, 'link' => tep_href_link(FILENAME_STATS_PRODUCTS_PURCHASED, 'selected_box=reports')),

array('title' => REPORTS_ORDERS, 'link' => tep_href_link(FILENAME_STATS_CUSTOMERS, 'selected_box=reports')))),

//Admin begin

array('title' => BOX_HEADING_MY_ACCOUNT,

'access' => 'true',

'image' => 'my_account.gif',

'href' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'children' => array(array('title' => 'My Account', 'link' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'access' => 'true'),

array('title' => 'logoff', 'link' => tep_href_link(FILENAME_LOGOFF),

'access' => 'true'))),

array('title' => BOX_HEADING_ADMINISTRATOR,

'access' => tep_admin_check_boxes('administrator.php'),

'image' => 'administrator.gif',

'href' => tep_href_link(tep_selected_file('administrator.php'), 'selected_box=administrator'),

'children' => array(array('title' => BOX_ADMINISTRATOR_MEMBER, 'link' => tep_href_link(FILENAME_ADMIN_MEMBERS, 'selected_box=administrator'),

'access' => tep_admin_check_boxes(FILENAME_ADMIN_MEMBERS, 'sub_boxes')),

array('title' => BOX_ADMINISTRATOR_BOXES, 'link' => tep_href_link(FILENAME_ADMIN_FILES, 'selected_box=administrator'),

'access' => tep_admin_check_boxes(FILENAME_ADMIN_FILES, 'sub_boxes')))),

//Admin end

array('title' => BOX_HEADING_TOOLS,

//Admin begin

'access' => tep_admin_check_boxes('tools.php'),

//Admin end

'image' => 'tools.gif',

'href' => tep_href_link(FILENAME_BACKUP, 'selected_box=tools'),

'children' => array(array('title' => TOOLS_BACKUP, 'link' => tep_href_link(FILENAME_BACKUP, 'selected_box=tools')),

array('title' => TOOLS_BANNERS, 'link' => tep_href_link(FILENAME_BANNER_MANAGER, 'selected_box=tools')),

array('title' => TOOLS_FILES, 'link' => tep_href_link(FILENAME_FILE_MANAGER, 'selected_box=tools')))));

 

$languages = tep_get_languages();

$languages_array = array();

$languages_selected = DEFAULT_LANGUAGE;

for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {

$languages_array[] = array('id' => $languages[$i]['code'],

'text' => $languages[$i]['name']);

if ($languages[$i]['directory'] == $language) {

$languages_selected = $languages[$i]['code'];

}

}

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

 

 

************ and the second change is on about line 178 and quoting from line 175 looks like

 

 

while ($orders_status = tep_db_fetch_array($orders_status_query)) {

$orders_pending_query = tep_db_query("select count(*) as count from " . TABLE_ORDERS . " where orders_status = '" . $orders_status['orders_status_id'] . "'");

$orders_pending = tep_db_fetch_array($orders_pending_query);

//Admin begin

// $orders_contents .= '<a href="' . tep_href_link(FILENAME_ORDERS, 'selected_box=customers&status=' . $orders_status['orders_status_id']) . '">' . $orders_status['orders_status_name'] . '</a>: ' . $orders_pending['count'] . '<br>';

if (tep_admin_check_boxes(FILENAME_ORDERS, 'sub_boxes') == true) {

$orders_contents .= '<a href="' . tep_href_link(FILENAME_ORDERS, 'selected_box=customers&status=' . $orders_status['orders_status_id']) . '">' . $orders_status['orders_status_name'] . '</a>: ' . $orders_pending['count'] . '<br>';

} else {

$orders_contents .= '' . $orders_status['orders_status_name'] . ': ' . $orders_pending['count'] . '<br>';

}

//Admin end

}

$orders_contents = substr($orders_contents, 0, -4);

 

$heading = array();

$contents = array();

 

 

*************

that's it in a nut shell


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

strider

thanks for the reply, but I checked my index.php file... it does look exactly like yours, but it doesnt matter which user logs in, it always shows all the menus and options, I mean, it does not hide the options that the user should not see.

 

So when the user tries to access an option that he does not have permissions to, then a page is diplayed saying that he cant access that!

 

Am I missing something in order to hide those options that the user is not suppose to see/access?

 

(My english is not too good, so I dont know if Im explaining myself)

Share this post


Link to post
Share on other sites
I'm also having a problem not mentioned here. When a new admin user is created, the email that is sent is correct except that the password value is "-hidden-" in the body of the email. I have no clue on this one.

 

I think that might be on purpose... A lot of emails you get when you sign up for things don't print the password... that is a good thing. I hate it when I get a password sent to me in plian text...


Angela

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×