Jump to content
Sign in to follow this  
papasan

[CONTRIB] Admin Access Level Accounts for MS2

Recommended Posts

Admin Time Out---

 

Is the only way to adjust the timeout length to adjust the php.ini file!? What about for shared servers where you can't edit that?

Same headache. ;)

The other way to keep session timeout by keep session_register for login_id, login_group_id every reload page by make litle chang to function tep_admin_check_login()

 

function tep_admin_check_login() {
 global $PHP_SELF, $login_id, $login_groups_id, $login_first_name;
 if (!tep_session_is_registered('login_id')) {
   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 } else {
   tep_session_register('login_id');
   tep_session_register('login_groups_id');
   tep_session_register('login_first_name');

   $filename = basename( $PHP_SELF );
   if ($filename != FILENAME_DEFAULT && $filename != FILENAME_FORBIDEN && $filename != FILENAME_LOGOFF && $filename != FILENAME_ADMIN_ACCOUNT && $filename != FILENAME_POPUP_IMAGE && $filename != 'packingslip.php' && $filename != 'invoice.php') {
     $db_file_query = tep_db_query("select admin_files_name from " . TABLE_ADMIN_FILES . " where FIND_IN_SET( '" . $login_groups_id . "', admin_groups_id) and admin_files_name = '" . $filename . "'");
     if (!tep_db_num_rows($db_file_query)) {
       tep_redirect(tep_href_link(FILENAME_FORBIDEN));
     }
   }
 }  
}

Share this post


Link to post
Share on other sites

Thank you for this wonderful contribution. It is a great help to me in keeping my clients from killing their own web sites.

 

I have one obstacle to overcome, though. When I try to log in the admin section, I get the username and password popup along with the main admin page. Essentially, I have to log in twice. I think this is caused by an .htaccess file. Can someone verify this for me along with instructions on how to fix it?

 

Running ms2 on Apache.

 

Thanks.


I just may be the lunatic you're looking for.

Share this post


Link to post
Share on other sites

I think I solved my own problem. Here's the answer I came up with for other people who might want it.

 

Edit the .htaccess file in the Admin folder (not the one in the main folder). Put a '#' at the beginning of each line to comment everything out. This prevents the extra popup login from appearing when you go to the admin page.

 

If anyone knows about problems caused by doing this, please reply.


I just may be the lunatic you're looking for.

Share this post


Link to post
Share on other sites

I think you should not comment out this lines if you use SSL:

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers
<IfModule mod_setenvif.c>
 <IfDefine SSL>
   SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
 </IfDefine>
</IfModule>

I dream a World where only free software like Mozilla were used... but actually, we also have to look at MSIE... :(

Share this post


Link to post
Share on other sites

Hi again.

 

Is there is a way to "skip" the admin/index.php file or at least its content: when a person with certain admin privileges gets in the admin tool, the fist page they see is a "full" possibilities menu... most of these are "dead" options. when they click on one of these options, they get to the admin tool with the

No Right Permission Access // Please contact your Web Administrator to request  more access or if you found any problem.
dialog. Is there a way to show just the options they could use on the index.php ??

 

thank you.

shutiri.

Share this post


Link to post
Share on other sites

Hiyas,

I think you have made great improvement on this contribution.

I like the idea that you can get your password emailed to you if you forget it.

However, I don't particularly care for the email address as the login name.


If it weren't for tweakers, I would not have a job.

Share this post


Link to post
Share on other sites

Hi all ,

 

great contribution , I really like it . I spend hours reading all pages but I didn?t find a solution for my special request.

My idea is to create a special category called something like "New Items" and have one employee to add items to ONLY this category , I don?t want him to have access to the other categories nor to see them.

Any ideas how this is possible ?

Thank you for any help in advance

 

regards

 

Michael


-------------------

Surf-Timer

Internet Kiosk Software

www.surf-timer.com

Share this post


Link to post
Share on other sites
My idea is to create a special category called something like "New Items" and have one employee to add items to ONLY this category , I don?t want him to have access to the other categories nor to see them.
That's what the Virtual Mall contribution does if you define the employee as a store.

 

Hth,

Matt


Always back up before making changes.

Share this post


Link to post
Share on other sites

I just install this contrib into a fresh install of os.

When i go to admin i get this error.

 

Warning: main(includes/functions/password_funcs.php): failed to open stream: No such file or directory in C:\apache\htdocs\quickstart\shop\admin\includes\application_top.php on line 73

 

Fatal error: main(): Failed opening required 'includes/functions/password_funcs.php' (include_path='.;C:\apache\php\pear\') in C:\apache\htdocs\quickstart\shop\admin\includes\application_top.php on line 73

 

What is the problem?

Thanks.

Share this post


Link to post
Share on other sites
Hi all ,

 

great contribution , I really like it . I spend hours reading all pages but I didn?t find a solution for my special request.

My idea is to create a special category called something like "New Items" and have one employee to add items to ONLY this category , I don?t want him to have access to the other categories nor to see them.

Any ideas how this is possible ?

Thank you for any help in advance

 

regards

 

Michael

Hi,

 

This can be done by adding some modification to TABLE CATEGORIES and categories.php in Admin Panel. You don't need to install Virtual Mall anyway.

 

Regards,

zaenal

Share this post


Link to post
Share on other sites

hi

i just tried to implement this contribution to my MS2 (it a vigin:) )

everything went ok

but i only looked that way

i cannot change the password ..when i add an admin user the next screen is :

dispaying 0 of 0 (of 2 in total) ->st like that

so although it (the system) knows there are 2 admin it shows 0

the marketing group cannot access anything though the settings are clear that they should see "loads"

 

i run it on a dedicated server with register globals off. I have implementer the global fix to the store then to this contribution but my guess is that this adddon needs reg_glob on to work ->Im i right ? :)

 

adding a screenshot of the thing that is suposed to be the pass change screen to show you what doesnt happen :(

pass1.th.jpg


::::.::.:::::::::::::::::::::.:miranda_made_by_BoSZ.png:.::::::::::::::::::::.::.::::

..:::::::::::::::::::....::..::mozilla.png::..::....:::::::::::::::::::..

Share this post


Link to post
Share on other sites

Hi,

 

I installed the Administration Access Level Accounts 2.0 on MS2 contribution on my shop. But it gave me following error. But one thing I want to mention is I have also intalled the Register Globals contribution becuase register_global variable is off in my hosting server php.ini file and they do not allow me to enable it for security.

 

 

PHP Warning: dir(D:/Sitedata/fawadahmed/Inetpub/wwwroot/catalog/******/index.php) [function.dir]: failed to open dir: Invalid argument in D:\Sitedata\fawadahmed\Inetpub\wwwroot\catalog\******y\admin_files.php on line 235 PHP Fatal error: Call to a member function on a non-object in D:\Sitedata\fawadahmed\Inetpub\wwwroot\catalog\******\admin_files.php on line 237 PHP Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

 

 

I hope you will help me. :D

 

Thanks

Share this post


Link to post
Share on other sites

I've installed v 2.3 of this contribution on a new install of MS2. Got everything to work OK. I am now trying to add SSL functionality and can make all of the Admin screens work in secure mode as follows:

 

define('HTTP_SERVER', 'https://mysecureserver/mywebspace');

 

I have a small problem with catalog images but I think I have found the answer elsewhere. I just don't want to run the whole of Admin in SSL mode.

 

I found this contribution:

 

http://forums.oscommerce.com/index.php?showtopic=103024

 

which enables you to define which of your admin pages should be SSL (e.g. Customer, Orders etc) and which NONSSL (e.g. catagories, products, etc)

 

Again I can get this to work perfectly on a virgin install.

 

Wouldn't it be great if I could combine the two contributions! Secure login, defineable user permissions and secure viewing of confidential customer details.

 

Unfortunately I can't get the two to work together.

 

When I do put them together I login via SSL - not what I expected but great.

 

I can browse all the NONSSL pages ok - in NONSSL mode - just what I want.

 

If I try to access any pages defined as SSL, e.g customers, I get .... the login screen - not what I want at all.

 

Has anyone tried this and got it to work? I suspect it's got something to do with the function which checks user permissions each time a page is requested but I don't know enough (anything!) about PHP to attempt a solution.

 

I've posted a similar epistle here:

 

http://forums.oscommerce.com/index.php?showtopic=103024 - post 18

 

Thought if I worked it from both ends I would have more chance of a result.

 

Thanks in anticipation.


Alan

Share this post


Link to post
Share on other sites

Hello,

 

When I enter 'Costumers->Orders' I cannot see any orders (as the weren't any, but I've made some for testing).

When trying to select an order by it's ID I get back to login page.

Well, I'm using the PWA contrib, but it makes changes only to orders.php

What might be wrong?

Excuse me for my total lack of programming skills :/

Thanks in advance.

Share this post


Link to post
Share on other sites

Hi there,

 

Somebody ever tried to make the main admin page selective. I mean that the user can only view the options which he's allowed to see with his rights?

 

This should be a simple modification I think, but I need some help:

 

Based on the access rights of the user I like to fill the array in the index.php, so it sould be filled selectively depending on the rights.

 

Please give advise.

Share this post


Link to post
Share on other sites

just installed the contrib, and i am getting an error when i try to log in that says:

 

1146 - Table 'databasename.TABLE_ADMIN' doesn't exist

 

my admin table was successfully created in my database with all fields, but do i need to define TABLE_ADMIN someplace? i can't seem to find out where i would do this! any help greatly appreciated, as i have been staring at my screen for a good while now tryin to figure this one out!

Share this post


Link to post
Share on other sites

In my "admin/includes/database_tables.php" I have the following:

define('TABLE_ADMIN', 'admin');

define('TABLE_ADMIN_FILES', 'admin_files');

define('TABLE_ADMIN_GROUPS', 'admin_groups');

 

Good luck.

Share this post


Link to post
Share on other sites

Hi,

 

I tried to install this Contrib but no luck.

 

It's on a fresh OSc install so no clashes. Uploaded both Originals as well as Changed Files and verified they were copied properly. Added the 3 database tables through PhpMyAdmin.

 

Now when going to the admin folder, nothing has changed. No login requests etc. whatsoever.

 

When I call the new files in the browser, like login.php, I get errors like

 

Warning: main(includes/languages/english/FILENAME_LOGIN): failed to open stream: No such file or directory in /web/_b/_u/_y/mydomain.co.uk/public/www/admin/login.php on line 58

Fatal error: main(): Failed opening required 'includes/languages/english/FILENAME_LOGIN' (include_path='.:/usr/local/lib/php') in /web/_b/_u/_y/mydomain.co.uk/public/www/admin/login.php on line 58

 

Could it be down to the fact that I'm not using the /catalog/ folder? Everything else works fine though.

 

Tracing the possible origin for the above errors, everything seems to be OK all the time.

 

index.php has been changed and includes files that are there and seem fine. But when going to the admin, there's just no difference to what it used to be. No warnings or error messages either.

 

Any clues?


Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Share this post


Link to post
Share on other sites

Have you a file named "includes/languages/english/FILENAME_LOGIN" on your server? No, of course, and the error message tells you.

Did you defined FILENAME_LOGIN in the "includes/filenames.php" file?

Mine contains this:

[...]

define('FILENAME_LOGIN', 'login.php');

[...]

I guess you forget to update this file. And maybe other. Check your installation of this contrib, it don't seems to be complete.

Share this post


Link to post
Share on other sites

Hi,

 

I've juz installed Admin Access Level, the Jan 2005 contribution

 

http://www.oscommerce.com/community/contributions,1174

 

Initially, when I installed everything, that's a register global error.

 

Then, I added the register global contribution, and it worked!

 

But then, I can't change the default password. I have this similar problem with one of the forum thread with Bosz. Could it be b'cos of the global registers thingy?

 

Contributors, members, friends, any advice?

 

Greatly appreciate this.

 

Thanks.

Share this post


Link to post
Share on other sites

Hi,

 

Similar thing here.

 

I am an osCommerce newb,

 

osCommerce 2.2 MS2 (dl two weeks ago)

 

Applied the Register Globals v1.3 (2005-01-13)

http://www.oscommerce.com/community/contributions,2097

 

Applied Administration Access Level Accounts 2.3 (2003-09-05)

http://www.oscommerce.com/community/contributions,1359

 

Clicking on edit, I can change admin name and email address, but not the password.

 

Adding new administrator, prompts only for first/last, email address, and group but no way to assign a password to the new admin.

 

clicking on "password forgotten" emails new random password, but again, cannot change it.

 

BTW, the "password forgotten" is not very secure, anyone who knows the store owner will know her first name and her e-mail address. Actually, you do not even need to know the store owner, the info is in the "contact us" page... need to add a "security" question to the "forgotten password" feature.

 

I applied all the changes from Admin Access Level to all files, I double checked all the files, (i.e. the files from the "changed files" and the live files) the only diffs were the sections that had to do with Register Globals, which if applied, would have reverted the files to the pre-Register Globals changes. (I used emacs Tools -> Ediff -> Two Buffers to apply the contribution)

 

Is there a compatibility issue between Register Global and Admin Access Level?

 

If so, what is the fix?

 

If not, what am I doing wrong?

 

Thanks in advance.

 

-avi


-avi

 

http://otn.com complete web site design, specializing in custom programming (php/perl/mysql/postgress/javascript/ajax/c/c++/python/ruby) databases, shopping carts, integration of web site with existing business systems (point of sales, accounting systems, etc.)

 

web site hosting, maintenance, promotion, marketing, search engine optimization (seo) and more.

Share this post


Link to post
Share on other sites

PROBLEM WITH CUSTOMIZED BOXES!

 

Hi,

 

I'm using the latest version of your admin access level contrib for MS2.2.

 

It's basically running well.

 

But, I do have customized boxes (e.g. Extra Images under Catalog oder Generate PDF under Tools). The contrib doesnt consider this.

 

My question: What do I have to edit, in order to make my customized box items show up in the "define group permissions" dialog??

Because right now, not even the Top Admin has access to those items. How can I include them in the permission-defining-and-checking-process?

 

Tx!

ChrF

Edited by ChrF

Share this post


Link to post
Share on other sites

Hi I just installed this contribution and it works fine.. yet Im having trouble showing in the Catalog Menu list options the easy populate, and other contributions, as I used too before installing the contribution. what do i need to do for this option to appear on the list..I have already added the files in the file access to the Catalog Menu, yet they still do not appear (I am logged in as the Top Administrator and still don't see them) thanks for all your help.


Maru Perez

Share this post


Link to post
Share on other sites
yet Im having trouble showing in the Catalog Menu list options the easy populate, and other contributions, as I used too before installing the contribution.  what do i need to do for this option to appear on the list..I have already added the files in the file access to the Catalog Menu, yet they still do not appear

 

This is exactly what I'm talking about!!!! Hasn't anybody solved that problem yet?!

 

Greets,

ChrF

Share this post


Link to post
Share on other sites

Here is a way to get back to work, but it is NO real solution, since it will bypass the wanted security for those particular box items:

 

1. Add the missing box files through the fileaccess dialog

 

2. go back to the particular php-file under admin/includes/boxes ... e.g. catalog.php

 

3. remember that you commented out ( // ) all those "a href" links of your box items and added some tep_amin functions instead...

 

4. just put those "a href" links back for e.g. easypopulate

 

5. easypopulate will now show in the catalog-box AT ALL TIMES (i mean whenever somebody is allowed to see this particular box at all)

 

6. But, if you cancel the permissions only for the easypopulate file, people can still see it, but they can't access it...

 

As I said, no real solution. But at least you can get back to work!

 

DOESNT ANYBODY HAVE A REAL SOLUTION? :(

 

Greets, ChrF

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×