Jump to content
Sign in to follow this  
papasan

[CONTRIB] Admin Access Level Accounts for MS2

Recommended Posts

MaxiDVD wrote:
Can someone please tell me where I can change the Auto Time-Out/Log-off Lenght, I just spent 30 Minutes writting up a new product I hit SUBMIT and the bloody admininstration logged me out/Timmed out whatever, so I signs back-in to find my new product was lost... ARH!! man was I spewen!!

 

Is there an answer for this. It times out way too quick. We work in it all day and need to set it way high or turn it off.

 

Kirk

 

I think this is a PHP thing

in PHP.INI there is a varable with the default of

 

session.gc_maxlifetime = 1440

(stated in seconds)

 

This mean after exactly 24 min (60 X 24=1440) it will treat the stored session as garbage/invaild. Try increasing this to 2700 - 45 min or more.

Warning this can cause a lot of session to pile up if not completed properly.

Share this post


Link to post
Share on other sites

I set it to

session.gc_maxlifetime = 3600

for one hour.

 

Warning this can cause a lot of session to pile up if not completed properly.
What do you mean? I am guessing this also effects actual user sessions as well??? Is this what effects when users fall off the Who' Online display? So now mine will stay on there for one hour?

 

Any other problems with setting this high?


Boom... Big butta boom.

Share this post


Link to post
Share on other sites

How could this be a php.ini thing when this did not happen with the standard oscommerce login which also uses sessions for admin?

 

I thought it would have been something to do with the adminstrative levels configurations somewhere.

 

btw. I never looked over the files either, so im not sure.

 

I can change php.ini on localhost but Its a drag getting the hosting company to change such settings.

 

anyway, any other suggestions are welcome.

 

I will try jpf suggestion.

or write my products descriptions really fast.....vrrm!! before it times out.

 

Cheers MaxiDVD :lol:

Share this post


Link to post
Share on other sites

Seth,

 

It would be a nice addition if you could add a "remember me" check box on the login screen like other web based screens so you did not have to type in your email and password as long as you were accessing from the same computer.

 

Kirk


Boom... Big butta boom.

Share this post


Link to post
Share on other sites
I will try jpf suggestion.

or write my products descriptions really fast.....vrrm!! before it times out.

 

Or write them offline and copy and paste :)


Angela

Share this post


Link to post
Share on other sites

I have installed this (with the updated 2 pages back_ and everything seems to be working fine.

 

Initially I wasn;t sure what the file access thing does - but after playing around it looks like you can specific additional files (outside of the normal OSC install) to belong to the permissions groups.

 

I have gone trhough and added all my other files to their corresponding group (all under super admin) and stored the files.

 

The are in the list on the left hand side.

 

However their entries aren't showing up on the admin menu on the left? Any ideas?

Share this post


Link to post
Share on other sites

Forget previous - found some comments in the boxes files - looks to all be working fine now!!

 

Great mod

Share this post


Link to post
Share on other sites
I will try jpf suggestion.

or write my products descriptions really fast.....vrrm!! before it times out.

 

The simpleest thing to to is save and "re-edit" it ever 10-20 mins....

 

Could you possable put a timer that show how long you have been editing the item in WYSIWYG editor?

 

A GOOD ISP should be able to change this (or most settings) on a per site basis. If your ISP does not want to do that, then it shows that they don't care about keeping you as a customer!

Share this post


Link to post
Share on other sites

I don't think it is up to Maxi to put a timer on WYSIWYG cause (as Maxi says) the problem doesn;t exist on the normal admin.

 

Once finished, I too will also be logeed into my admin for most of the day so it would be great if we could set or fix the timout bug.

Share this post


Link to post
Share on other sites

This is not a BUG - this is a PHP setting. When you have a connection like the editor has - it has a file open on the server. It does not know what your doing with it or for how long and after the set time it thinks (or assumes) the connection is dead/invaild and requires you to "restart" it. This is a level of security.

 

One of may ways around this - is to refresh the connection (to say to the server - YES I am here and I still want this connection) or as I suggested - changing the default time out or save and re-edit before the time out will happen. Or as other people have said - to make the bulk of the text off line (specially if your thinking about what to actaully put in) ant then cut'n paste in into WYSIWYG editor then add your formating.

Share this post


Link to post
Share on other sites

..vvrrrm! ..vvrrrm! beep!! beep!!

 

The simpleest thing to to is save and "re-edit" it ever 10-20 mins....

yep yep yep, that works too.. lol :lol:

Share this post


Link to post
Share on other sites

**chuckles**


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

I have made all the edits and updates suggested in the past couple pages and it seems to be working like a charm now. Thanks for the feedback and for a great and badly needed contribution!

 

David

Share this post


Link to post
Share on other sites
Now that I'm on the same page as everyone else here on this contribution.. I'm having a hard time finding this:

 

add this line to 'admin_account.php' under 'case 'save_account':':

$hiddenPassword = '-hidden-';

 

"case 'save_account':" is on line 33 in my 'admin/admin_account.php'. the hidden definition can go anywhere between that and the 'tep_mail()' statement.

 

Works well except I am getting the same email errors: subj = ADMIN_EMAIL_SUBJECT and body = ADMIN_EMAIL_TEXT. Plus I have not moved to my live site yet so I don't know how it will work with SSL.

 

One other thing, I am a bit confused on the purpose of the File Access section. Why would you want to turn the Status to red for any of the boxes? What does store files mean? Is this for adding new boxes when you add a new contrib?

 

yes, you need to make the changes in the previous posts, or wait a couple days and i'll u/l a new revision after no one complains about errors =).

 

the red boxes are for making new admin groups and turning off sections. say you want to add a user that would have access to only the cutomers and orderign section. then you would make all the boxes red for that group except the customer/ordering catagory. play around with it a little, i'm sure you'll pick it up.

 

Ya know? I think i'll just wait till there is an official update submitted before I make any changes.. Unfortunately Papasan, i'm still not seeing this save account statement and all I see is this:

 

[/code]

define('HEADING_TITLE', 'Admin Account');

 

define('TABLE_HEADING_ACCOUNT', 'My Account');

 

define('TEXT_INFO_FULLNAME', '<b>Name: </b>');

define('TEXT_INFO_FIRSTNAME', '<b>Firstname: </b>');

define('TEXT_INFO_LASTNAME', '<b>Lastname: </b>');

define('TEXT_INFO_EMAIL', '<b>Email Address: </b>');

define('TEXT_INFO_PASSWORD', '<b>Password: </b>');

define('TEXT_INFO_PASSWORD_HIDDEN', '-Hidden-');

define('TEXT_INFO_PASSWORD_CONFIRM', '<b>Confirm Password: </b>');

define('TEXT_INFO_CREATED', '<b>Account Created: </b>');

define('TEXT_INFO_LOGDATE', '<b>Last Access: </b>');

define('TEXT_INFO_LOGNUM', '<b>Log Number: </b>');

define('TEXT_INFO_GROUP', '<b>Group Level: </b>');

define('TEXT_INFO_ERROR', '<font color="red">Email address has already been used! Please try again.</font>');

define('TEXT_INFO_MODIFIED', 'Modified: ');

 

define('TEXT_INFO_HEADING_DEFAULT', 'Edit Account ');

define('TEXT_INFO_HEADING_CONFIRM_PASSWORD', 'Password Confirmation ');

define('TEXT_INFO_INTRO_CONFIRM_PASSWORD', 'Password:');

define('TEXT_INFO_INTRO_CONFIRM_PASSWORD_ERROR', '<font color="red"><b>ERROR:</b> wrong password!</font>');

define('TEXT_INFO_INTRO_DEFAULT', 'Click <b>edit button</b> below to change your account.');

define('TEXT_INFO_INTRO_DEFAULT_FIRST_TIME', '<br><b>WARNING:</b><br>Hello <b>%s</b>, you just come here for the first time. We recommend you to change your password!');

define('TEXT_INFO_INTRO_DEFAULT_FIRST', '<br><b>WARNING:</b><br>Hello <b>%s</b>, we recommend you to change your email (<font color="red">admin@localhost</font>) and password!');

define('TEXT_INFO_INTRO_EDIT_PROCESS', 'All fields are required. Click save to submit.');

 

define('JS_ALERT_FIRSTNAME', '- Required: Firstname n');

define('JS_ALERT_LASTNAME', '- Required: Lastname n');

define('JS_ALERT_EMAIL', '- Required: Email address n');

define('JS_ALERT_PASSWORD', '- Required: Password n');

define('JS_ALERT_FIRSTNAME_LENGTH', '- Firstname length must over ');

define('JS_ALERT_LASTNAME_LENGTH', '- Lastname length must over ');

define('JS_ALERT_PASSWORD_LENGTH', '- Password length must over ');

define('JS_ALERT_EMAIL_FORMAT', '- Email address format is invalid! n');

define('JS_ALERT_EMAIL_USED', '- Email address has already been used! n');

define('JS_ALERT_PASSWORD_CONFIRM', '- Miss typing in Password Confirmation field! n');

 

?>

Now, no where am I seeing on line 33 anything to do with this save account statement.. and it's becoming a bit confusing now.. I really don't want to mess up this script after all the hard work i've done and time it took to get where I'm at currently..  Are we on the same page here? Or is there another admin_account.php out there that I'm not aware of? LOL

Sorry to sound so stupid.. But if it doesn't make sense.. I have to say something..   Thank you for all of your help also by the way.



 Hey Strider.. STFU.. thanks..





Christine


If it ain't broke, don't fix it! :)

Share this post


Link to post
Share on other sites

Redsonya,

 

You are looking at the wrong file, it's admin/admin_account.php, not the lanquage file :wink: . The following are lines 34-39 of mine after editing:

        break;

     case 'save_account':

       $admin_id = tep_db_prepare_input($HTTP_POST_VARS['id_info']);

       $admin_email_address = tep_db_prepare_input($HTTP_POST_VARS['admin_email_address']);

       $hiddenPassword = '-hidden-';

       $stored_email[] = 'NONE';

That should look familiar. Line 38 is the one I added.

 

David

Share this post


Link to post
Share on other sites

hmmm

catalog->admin->admin_account.php .. could be


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

Just a question with adding other mods.

 

the normal line you add to the boxes.php is

 

'<a href="' . tep_href_link(FILENAME_STATS_CUSTOMERS, '', 'NONSSL') . '" class="menuBoxContentLink">' . BOX_REPORTS_ORDERS_TOTAL . '</a>');

 

and to make it suiteable for the admin mod the code is something like this:

 

tep_admin_files_boxes(FILENAME_STATS_CUSTOMERS, BOX_REPORTS_ORDERS_TOTAL) .

 

How does the NONSSL part fit in (and what is it used for)??

 

so basically i need to get the code for putting the NONSSL into :

 

tep_admin_files_boxes(FILENAME_STATS_CUSTOMERS, BOX_REPORTS_ORDERS_TOTAL) .

Share this post


Link to post
Share on other sites

without looking at code .. I think... well maybe I should .. lol

 

yes I thought so .. when you call the

tep_admin_files_boxes(FILENAME_STATS_CUSTOMERS, BOX_REPORTS_ORDERS_TOTAL) .

it in turns calls

function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL')

which as you can see defaults to nonssl ...


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

So basically any mod that has the NONSSL in their box.php file it isn;t required?

 

I can just use the normal

 

 

 

tep_admin_files_boxes(FILENAME_STATS_CUSTOMERS, BOX_REPORTS_ORDERS_TOTAL) .

 

And it will all work....

Share this post


Link to post
Share on other sites
Redsonya,

 

You are looking at the wrong file, it's admin/admin_account.php, not the lanquage file :wink: . The following are lines 34-39 of mine after editing:

        break;

     case 'save_account':

       $admin_id = tep_db_prepare_input($HTTP_POST_VARS['id_info']);

       $admin_email_address = tep_db_prepare_input($HTTP_POST_VARS['admin_email_address']);

       $hiddenPassword = '-hidden-';

       $stored_email[] = 'NONE';

That should look familiar. Line 38 is the one I added.

 

David

 

 

Thank you very much David.. Everything is working great now with emails etc. For some strange reason.. I didn't see the file. Must be blind as a bat.. Cause if it had teeth, it would of bitten me.. LOL

 

Just got alot on my plate right now.. Lots of work and so little time it seems.. It can really effect your concentration on things.. Thank you again guys.. :)

 

Oh by the way.. Is it just me, or when you go to use the Password forgotten feature.. It doesn't work.. Just leaves on the same page after you hit confirm.. And no email sent out to you regarding your password etc.. Thanks again. :)

 

Christine


If it ain't broke, don't fix it! :)

Share this post


Link to post
Share on other sites

Hi

Just about to install this module but before I do just a couple of questions.

1) Does the latest version (11/8/2003) of this contribution contain all the bug fixes or is one due shortly?

2) When you limit the access to a user can you "hide" the area of admin that is not available to him i.e. is does not show up on the left hand panel.

3) I intend to have an aceess set up for the mailing department. All they need to see is the orders and be able to actually print off mailing labels and invoices, can they do this? Reason I ask because on ms1 i was using a different admin with levels module and although the mailing department could see the orders they could not print them.

Many thanks.


thanks

Rich

"May the seam be with you"

Share this post


Link to post
Share on other sites

Rich,

 

#1 Not sure that it is updated yet, but the four changes are simple...

papasan wrote:

alright...four changes...

 

to fix your problem, DavidR, add these lines to 'includes/languages/[LANGUAGE]/admin_account.php':

Code:

define('ADMIN_EMAIL_SUBJECT', 'Personal Information Change');

define('ADMIN_EMAIL_TEXT', 'Hi %s,' . "nn" . 'Your personal information, perhaps including your password, has been changed. If this was done without your knowledge or consent please contact the administrator immediatly!' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

 

and, add this line to 'admin_account.php' under 'case 'save_account':':

Code:

$hiddenPassword = '-hidden-';

 

 

found another email discrepencey...add these lines to ''includes/languages/[LANGUAGE]/admin_members.php':

Code:

define('ADMIN_EMAIL_EDIT_SUBJECT', 'Admin Member Profile Edit');

define('ADMIN_EMAIL_EDIT_TEXT', 'Hi %s,' . "nn" . 'Your personal information has been updated by an administrator.' . "nn" . 'Website : %s' . "n" . 'Username: %s' . "n" . 'Password: %s' . "nn" . 'Thanks!' . "n" . '%s' . "nn" . 'This is an automated response, please do not reply!');

 

and in 'admin_members.php' under 'case 'member_edit':' change:

Code:

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

to:

Code:

tep_mail($HTTP_POST_VARS['admin_firstname'] . ' ' . $HTTP_POST_VARS['admin_lastname'], $HTTP_POST_VARS['admin_email_address'], ADMIN_EMAIL_EDIT_SUBJECT, sprintf(ADMIN_EMAIL_EDIT_TEXT, $HTTP_POST_VARS['admin_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $HTTP_POST_VARS['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

One note: the $hiddenPassword = '-hidden-'; goes int the admin/admin_account.php file NOT the language file with same name.

 

#2 Yes

 

#3 I am fairly sure you will be able to do this.


Boom... Big butta boom.

Share this post


Link to post
Share on other sites

i'm looking into changing the 'index.php' to reflect accessable and unaccessable sections fo the admin. look for a new update after i get this done. my chedule is pretty full this week so it may be a little bit. the changes we've mentioned in the last 4 pages of this thread are pretty straight-forward, i would think most folks could handle them.

 

Is it just me, or when you go to use the Password forgotten feature.. It doesn't work.. Just leaves on the same page after you hit confirm.. And no email sent out to you regarding your password etc.. Thanks again. :)

Christine

 

played around with this a little. apparently the 'password_forgotten.php' file was miss-coded for SSL just like the 'login.php' file was and i missed it. Try changing...

<?php echo tep_draw_form('login', password_forgotten.php?action=process'); ?>

to

<?php echo tep_draw_form('login', FILENAME_PASSWORD_FORGOTTEN, 'action=process'); ?>

Share this post


Link to post
Share on other sites

I think a text search for .php throughout the complete admin side might prove benefiicial.

not just through the admin levels code and no I don't know what it will turn up....well I sort of do .. 800 items in 294 docs .. lol

lots of header, applicaction_ and left and right .php files


(my knowledge is so small you would think that an ant was a genius in comparison)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×