kaos9889 Posted December 30, 2004 Share Posted December 30, 2004 Yes with no avail Quote There are many very useful OsC Contributions BACKUP BACKUP BACKUP!!! You did backup, right?? And remember if you didnt back up its not a big deal, You just have to do everything all over again. Link to comment Share on other sites More sharing options...
Guest Posted December 30, 2004 Share Posted December 30, 2004 Please post or send me the results of the debug output from the following: if ( ($PHP_AUTH_USER==admin1) || ($PHP_AUTH_USER==admin2) ) {; } else { echo "<br>PHP_AUTH_USER: " . $PHP_AUTH_USER; echo "<br>PHP_SELF: " . $PHP_SELF; echo "<br>_SERVER[PHP_AUTH_USER]: " . $_SERVER['PHP_AUTH_USER']; echo "<br>_SERVER[REMOTE_USER]: " . $_SERVER['REMOTE_USER']; echo "<br>_SERVER[REMOTE_ADDR]: " . $_SERVER['REMOTE_ADDR']; if ( ($PHP_SELF != "/admin/orders.php") && ($PHP_SELF != "/admin/invoice.php") && ($PHP_SELF != "/admin/packing_slip.php") && ($PHP_SELF != "/admin/customers.php") ) { die("<br><br><center>You are not authorized to view this page.\n\n</center>"); } } -jared Quote Link to comment Share on other sites More sharing options...
TCwho Posted January 3, 2005 Share Posted January 3, 2005 ok im using your simple admin cont and here is my problem, there is two user names, the first admin1 will be my username and needs to have access to everything and the second is admin2 which is the one i need to constrict. If that is how you want it setup then you only need to have 1 admin listed in the code..... all accounts not listed in the code will be the ones with the restrictions... Quote Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
soundtraker Posted January 5, 2005 Share Posted January 5, 2005 Hi, I've got a fatal error when i whant to loggin. The message is : Fatal error: Call to undefined function: tep_admin_check_login() in /home/soundtra/sd/www.shop/admin/includes/application_top.php on line 213 What should i do?? The message is here since i've installed the meta-tag contrib. And the line 213 in application_top.php is : //Admin begin if (basename($PHP_SELF) != FILENAME_LOGIN && basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN) { tep_admin_check_login(); } //Admin end Thanx Quote ms2 Link to comment Share on other sites More sharing options...
soundtraker Posted January 5, 2005 Share Posted January 5, 2005 Ok, after a reinstallation, it's work again...! :D :D Quote ms2 Link to comment Share on other sites More sharing options...
TCwho Posted January 8, 2005 Share Posted January 8, 2005 Ok, after a reinstallation, it's work again...! :D :D <{POST_SNAPBACK}> :thumbsup: Quote Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
Guest Posted February 2, 2005 Share Posted February 2, 2005 1.1 released with updates and suggestions from this thread. Available at http://www.oscommerce.com/community/contributions,2701 . -jared Quote Link to comment Share on other sites More sharing options...
Mordor Posted February 8, 2005 Share Posted February 8, 2005 (edited) It don't work i get the same problem i cant get in anything. if ($messageStack->size > 0) { echo $messageStack->output(); } if ($PHP_AUTH_USER==admin1) {; } else { if ( ($PHP_SELF != "/admin/orders.php") && ($PHP_SELF != "/admin/invoice.php") && ($PHP_SELF != "/admin/packing_slip.php") && ($PHP_SELF != "/admin/customers.php") ) { die("<br><Br><center>You are not authorized to view this page.\n\n</center>"); } } ?> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><?php echo tep_image(DIR_WS_IMAGES . 'logowebwinkeldesign.jpg', '', '324', '59'); ?></td> <td align="right"><?php echo '<a href="http://www.webwinkeldesign.nl" target="_blank">' . tep_image(DIR_WS_IMAGES . 'header_support.gif', HEADER_TITLE_SUPPORT_SITE, '50', '50') . '</a> <a href="' . tep_catalog_href_link() . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_ONLINE_CATALOG, '53', '50') . '</a> <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_administration.gif', HEADER_TITLE_ADMINISTRATION, '50', '50') . '</a>'; ?> </td> </tr> <tr class="headerBar"> <td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td> <td class="headerBarContent" align="right"><?php echo '<a href="http://www.webwinkeldesign.nl" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> |& nbsp; <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td> </tr> </table> Edited February 8, 2005 by mjeroense Quote Link to comment Share on other sites More sharing options...
Guest Posted February 8, 2005 Share Posted February 8, 2005 Are you logging in as admin1? If not, you'll only have access to orders.php and those 3 others. If you're logging in as a user named "fred" for example, you'll need to change that first line from: if ($PHP_AUTH_USER==admin1) to if ($PHP_AUTH_USER==fred) -jared Quote Link to comment Share on other sites More sharing options...
Mordor Posted February 8, 2005 Share Posted February 8, 2005 Are you logging in as admin1? If not, you'll only have access to orders.php and those 3 others. If i loggin in with another name i cant get in anything!!! Quote Link to comment Share on other sites More sharing options...
Guest Posted February 8, 2005 Share Posted February 8, 2005 If you remove that section of code completely, the portion from this contrib, does everything work properly? What happens if you browse to http://website/admin/orders.php directly? Can you get there from a non-admin1 user? -jared Quote Link to comment Share on other sites More sharing options...
Mordor Posted February 9, 2005 Share Posted February 9, 2005 If you remove that section of code completely, the portion from this contrib, does everything work properly? YES What happens if you browse to http://website/admin/orders.php directly? Can you get there from a non-admin1 user? If i do that first i get the loggin screen because i make that safe so i log in with my username and password. If i loggon with a non-admin1 user i get on all pages of the admin the message: You are not authorized to view this page. -jared <{POST_SNAPBACK}> Quote Link to comment Share on other sites More sharing options...
Guest Posted February 9, 2005 Share Posted February 9, 2005 Found the problem. Change the paths for each of those files to be /webwinkel/admin/orders.php instead of /admin/orders.php. It now occurs to me that this is a better way to do it: if ($PHP_AUTH_USER==admin1) {; } else { if ( ($PHP_SELF != DIR_WS_ADMIN . "orders.php") && ($PHP_SELF != DIR_WS_ADMIN . "invoice.php") && ($PHP_SELF != DIR_WS_ADMIN . "packing_slip.php") && ($PHP_SELF != DIR_WS_ADMIN . "customers.php") ) { die("<br><Br><center>You are not authorized to view this page.\n\n</center>"); } } I should have done it that way to begin with - - didn't occur to me at the time that folks install in other directories. <grin> Lemme know if that works for you. -jared Quote Link to comment Share on other sites More sharing options...
Mordor Posted February 9, 2005 Share Posted February 9, 2005 Yes it works mate thank you verry much for your help!! Quote Link to comment Share on other sites More sharing options...
Guest Posted February 10, 2005 Share Posted February 10, 2005 v1.2 has been uploaded to http://www.oscommerce.com/community/contributions,2701 with this improvement. Thanks, Michael! -jared Quote Link to comment Share on other sites More sharing options...
ts201 Posted February 10, 2005 Share Posted February 10, 2005 if ($PHP_AUTH_USER==admin1) {; } else { if ( ($PHP_SELF != DIR_WS_ADMIN . "orders.php") && ($PHP_SELF != DIR_WS_ADMIN . "invoice.php") && ($PHP_SELF != DIR_WS_ADMIN . "packing_slip.php") && ($PHP_SELF != DIR_WS_ADMIN . "customers.php") ) { die("<br><br><center>You are not authorized to view this page.\n\n</center>"); } } if ($PHP_AUTH_USER==admin1) <---- [email protected] ? but : You are not authorized to view this page. :-( Quote Link to comment Share on other sites More sharing options...
TCwho Posted February 10, 2005 Share Posted February 10, 2005 admin1 = yourusername (not email address) Username from .htaccess or from what you setup in your host control panel... Quote Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
ts201 Posted February 10, 2005 Share Posted February 10, 2005 this is my code : if ($PHP_AUTH_USER==toni) {; } else { if ( ($PHP_SELF != DIR_WS_ADMIN . "orders.php") && ($PHP_SELF != DIR_WS_ADMIN . "invoice.php") && ($PHP_SELF != DIR_WS_ADMIN . "packing_slip.php") && ($PHP_SELF != DIR_WS_ADMIN . "customers.php") ) { die("<br><br><center>You are not authorized to view this page.\n\n</center>"); } } this my .htaccess : AuthName "PRIVAT" AuthType Basic AuthUserFile /var/www/web1/html/logad/.htpasswd <Limit GET> require valid-user </Limit> message : You are not authorized to view this page. :-(:-(:-(:-(:-( Quote Link to comment Share on other sites More sharing options...
Guest Posted February 12, 2005 Share Posted February 12, 2005 Have you tried using $_SERVER[REMOTE_USER] instead of $PHP_AUTH_USER? -jared Quote Link to comment Share on other sites More sharing options...
Hans Meier Posted February 13, 2005 Share Posted February 13, 2005 Hi Jared, I try to implement your code in my (first) shop. Sadly I get some problems: My code is the following: echo "<br>PHP_AUTH_USER: " . $PHP_AUTH_USER; echo "<br>PHP_SELF: " . $PHP_SELF; echo "<br>_SERVER[PHP_AUTH_USER]: " . $_SERVER['PHP_AUTH_USER']; echo "<br>_SERVER[REMOTE_USER]: " . $_SERVER['REMOTE_USER']; echo "<br>_SERVER[REMOTE_ADDR]: " . $_SERVER['REMOTE_ADDR']; echo "<br> DIR_WS_ADMIN: " . DIR_WS_ADMIN; if ($messageStack->size > 0) { echo $messageStack->output(); } if ($_SERVER['REMOTE_USER']==osc-shop) {; } else { if ( ($PHP_SELF != DIR_WS_ADMIN . "orders.php") && ($PHP_SELF != DIR_WS_ADMIN . "invoice.php") && ($PHP_SELF != DIR_WS_ADMIN . "reviews.php") && ($PHP_SELF != DIR_WS_ADMIN . "specials.php") && ($PHP_SELF != DIR_WS_ADMIN . "stats_products_viewed.php") && ($PHP_SELF != DIR_WS_ADMIN . "stats_products_purchased.php") && ($PHP_SELF != DIR_WS_ADMIN . "stats_customers.php") && ($PHP_SELF != DIR_WS_ADMIN . "mail.php") && ($PHP_SELF != DIR_WS_ADMIN . "newsletter.php") && ($PHP_SELF != DIR_WS_ADMIN . "server_info.php") && ($PHP_SELF != DIR_WS_ADMIN . "whos_online.php") && ($PHP_SELF != DIR_WS_ADMIN . "customers.php") ) { die("<br><Br><center>Sie sind nicht berechtigt diese Seite zu sehen.\n\n</center>"); } } ?> Result if XXX/shop/admin/file_manager.php is called: PHP_AUTH_USER: PHP_SELF: /shop/admin/file_manager.php _SERVER [php_AUTH_USER]: _SERVER[REMOTE_USER]: not_osc-shop_SERVER[REMOTE_ADDR]: XXX.XXX.XXX.XXXDIR_WS_ADMIN: /shop/admin/and the page file_manager.php with all my files! NOT THE MESSAGE Sie sind nicht berechtigt diese Seite zu sehen !So everyone could see all admin pages, if he/she has an user/password for the .htaccess protection. My .htaccess file: # $Id: .htaccess,v 1.1 2003/06/20 00:18:30 hpdl Exp $ # # This is used with Apache WebServers # # For this to work, you must include the parameter 'Options' to # the AllowOverride configuration # # Example: # # <Directory "/usr/local/apache/htdocs"> # AllowOverride Options # </Directory> # # 'All' with also work. (This configuration is in the # apache/conf/httpd.conf file) # The following makes adjustments to the SSL protocol for Internet # Explorer browsers <IfModule mod_setenvif.c> <IfDefine SSL> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </IfDefine> </IfModule> # Fix certain PHP values #<IfModule mod_php4.c> # php_value session.use_trans_sid 0 # php_value register_globals 1 #</IfModule> AuthName "Administrator Bereich" AuthType Basic AuthUserFile /homepages/33/d39877653/htdocs/shop/admin/.htpasswd require valid-user Do you know what went wrong? In my opinion, everything is right (but went wrong ;=(), $_SERVER['REMOTE_USER'] checks for the user, DIR_WS_ADMIN gets the correct directory. Any help for me? Regards and thanks a lot, Hans Quote Link to comment Share on other sites More sharing options...
Hans Meier Posted February 13, 2005 Share Posted February 13, 2005 Hmmm, seems to be a big problem. If I includ if ($_SERVER['REMOTE_USER']==osc-shop) { echo "hallo osc-shop<br>"; } else { echo "hallo unbekannter<br>"; } in the header.php, I always get the message hallo osc-shop (but _SERVER[REMOTE_USER]: not_osc-shop is printed a few lines below) and not hallo unbekannter. I log in as not_osc-shop. What went wrong? Hans Quote Link to comment Share on other sites More sharing options...
Hans Meier Posted February 13, 2005 Share Posted February 13, 2005 (edited) Hello Admins and Jared, everything works fine, I'm just too stupid for this great soft :=( Quotation marks where missing, just my poor PHP knowlegde were the fault. ($_SERVER['REMOTE_USER']=="osc-shop") works perfect! @admins: If you want, you could delete the last two posts above this one. @Jared: Great work! Thanks a lot, Hans Edited February 13, 2005 by Hans Meier Quote Link to comment Share on other sites More sharing options...
Guest Posted February 14, 2005 Share Posted February 14, 2005 I'm just too stupid for this great soft :=( Nonsense. Quotation marks where missing, just my poor PHP knowlegde were the fault. ($_SERVER['REMOTE_USER']=="osc-shop") works perfect! Great! Glad to hear it's working for you! I never have looked into why some servers require $_SERVER['REMOTE_USER'] and others work fine with $PHP_AUTH_USER. I'm curious if $_SERVER['REMOTE_USER'] always requires quote marks around the username, or if $_SERVER['REMOTE_USER'] works on more servers than $PHP_AUTH_USER. I'll have to add notes about that to the readme. Good work! -jared Quote Link to comment Share on other sites More sharing options...
TCwho Posted February 14, 2005 Share Posted February 14, 2005 !!! Still a great easy simple contribution for admin side! The quotation issue is interesting....... Quote Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
Millie Posted April 7, 2005 Share Posted April 7, 2005 Would it be possible to add a third user level? Ideally, we would have 1 full user, 1 user who can access the orders and third user who can access files to edit products. Millie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.