Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

setting a closed shop, members only, how ?


voytek

Recommended Posts

Hello, I'm new to osCommerce, need some advice/suggestion on 'best way to' :

 

I need to set up a shop for a wholesaler, he only deals with pre-defined/existing customers; public is not allowed to look or access, all prices to be shown are wholesale/trade only.

 

so, basically, a shop customer must authenticate before he is allowed to enter the shop

 

- do I put the entire shop behind some sort of authentication form ?

- do I use one of the contrib options I spotted in contrib area (like, hide prices ?)(which one ?) ?

 

I'm looking for advice/suggestions/sample code/whatever which way to go

 

TIA,

Voytek

Link to comment
Share on other sites

If there aren't going to be a large number of new users on a regular basis, I would go with setting up authentication to gain access to the catalog folder similar to what you would use to secure the admin folder. This way you don't need to do anything else since anyone with access to the site is authorized to see the prices.

 

On the other hand, if there will be new users on a regular basis, it might be better to use this pair of contribuitons:

 

Control Login - New users complete the account creation as normal, but are not active until approved by the store manager.

 

Prices for Logged-In Users Only - Name pretty much says it all.

 

This way, casual browsers can't see the pricing or make a purchase. Managing users is simple because they enter all of their own information and the manager only has to approve them (or decline them).

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

If there aren't going to be a large number of new users on a regular basis, I would go with setting up authentication to gain access to the catalog folder similar to what you would use to secure the admin folder. This way you don't need to do anything else since anyone with access to the site is authorized to see the prices.

 

thanks, Mike

 

it's largely same users. any new user would need to contact the owner 1st, etc, etc

it's probably about.... 100-something customers, some with multiple locations, so, maybe 150 or so

 

so, with above suggestion, I just set up Apache's htaccess in /catalog

 

is it viable to setup unique htaccess user/pass for 150/200 users ?

is there a way to 'synch' htaccess user/pass with oscommerce's user data ?

 

thanks again for the suggestions, and, any further ideas you can offer,

and, thanks to oscommerce developers for a great app

 

Voytek

Link to comment
Share on other sites

is it viable to setup unique htaccess user/pass for 150/200 users ?

is there a way to 'synch' htaccess user/pass with oscommerce's user data ?

 

It is viable and there are scripts out there for entry of user lists into the password file but I don't know of a way to synch it with the customer accounts.

 

Alternatively, a php coder could adapt login.php to work at the entry to the site. Or if you are up for some experimentation, you can probably do it yourself. As I see it, the tasks would be soemthing like this:


  1. rename index.php to index2.php and make changes in other files as needed to match that. <LI>copy login.php to be the new index.php <LI>comment out the "create account" parts of the page and recenter the login in both copies of the login page (login.php and the new index.php) <LI>comment out the code that calls the other page elements (i.e. header, footer & left/right columns) in the new index.php - this way there aren't any links to click to get around the login.
  2. in admin/customers.php add the ability to assign a password (not sure why it doesn't already have it)
  3. install Prices for Logged-In Users Only just in case somebody plays around typing urls to get past the login.

This technique would be slightly less secure in that someone could experiment with the URL to hit a page other than the login page and gain access to the site. But they couldn't make a purchase and with the price restriction contrib installed, they wouldn't be able to see prices.

 

hth

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

I would not use the htaccess for this purpose, rather I would use a contribution which would allow/disallow the customer. This is simply due to the fact that if all customers use the same login info to gain access to the site, then in the future, you will not be able to deny a customer access if the need arose without having everyone have to change the login info used.

 

Adding a create account page bofore any other parts of the site and login if the simplest way to achieve this, and can be done with a few simple line changes in the application top page. The allowing/denying of the customer is also a few minor changes to the system. Tieing the customer groups and the pricing would be a good comination working with this type of system...

 

Overall 90% of what you need is already made up and available through the contribution section here, with only a few files needing to have any custom code added to it....

 

cheers,

Peter M

Peter McGrath

-----------------------------

See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...