Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommended Posts

Posted

Hai,

:D

i have installed Administrator-1.2.2. I set some Administrators with partial accesses for the admin-site. These administrators can only get access to Catalog,Configuration,Customers,Reports from the admin-site. But if they want to surf the site invoice.php and packingslip.php they always getting a message that they can't access that site. :cry: Although these sites (invoice.php+packingslip.php) are part of the link Customers'. I followed all of the instructions in the Readmefile.

If anyone does have any suggestions, i would be very thankful. :D

 

regards,

arko

  • 2 weeks later...
Posted
Hai,

:D

i have installed Administrator-1.2.2. I set some Administrators with partial accesses for the admin-site. These administrators can only get access to Catalog,Configuration,Customers,Reports from the admin-site. But if they want to surf the site invoice.php and packingslip.php they always getting a message that they can't access that site. :cry: Although these sites (invoice.php+packingslip.php) are part of the link Customers'. I followed all of the instructions in the Readmefile.

If anyone does have any suggestions, i would be very thankful. :D

 

regards,

arko

 

If I remember correctly, I commented the following in /catalog/admin/includes/functions/administrators.php

 

/*

if ($aCurrentPageBox != '*')

{

if (!in_array( $aCurrentPageBox, $aAllowedPages))

{

echo '<center><p><font size="+2">You are not authorized to view this page, please go back.';

exit();

}

}

*/

 

Let me know if this does or doesn't work and I'll do some more digging.

Posted

Just keep in mind that if you comment out that section, people WHO KNOW the location of certain files will have access to them. For example, if you give someone access only to the Customers section, and they **manually** enter http://yourdomain/admin/whos_online.php, they will see corresponding information when they aren't supposed to. However, if they are new and don't know the structure of the admin section, then they shouldn't be able to find it since it's not going to be listed.

 

I know that there's another way to fix this problem, but I haven't had time to actually figure it out. This is merely a QUICK fix to this problem.

 

-Ray

Posted

Heres what you need to do:

 

AND you do this for any other moduules you've installed!!

 

Go To adminincludesfunctionsadaministrators.php

 

 

FIND:

'customers.php'                => 'customers.php',

'orders.php'                   => 'customers.php',

'q_order_update.php'           => 'customers.php',

 

 

CHANGE TO:

'customers.php'                => 'customers.php',

'orders.php'                   => 'customers.php',

'q_order_update.php'           => 'customers.php',

'invoice.php'                   => 'customers.php',

'packingslip.php'                   => 'customers.php',

 

I hope this helps!!

 

Warren Ashcroft

Posted

Warren,

 

Thank you for your excellent explanation. It worked out perfect, except for one thing. "mail.php" is referenced by "tools.php" and "customers.php". Apparently, the Email button will not work in the customers section UNLESS tools.php has been granted access. Another way that I was able to get it to work is by commenting

 

'mail.php' => 'tools.php'

 

and allowing

 

'mail.php' => 'customers.php'

 

What do you think? Any ideas on how to fix this? The only thing that I can think of is to perform a check somewhere right before

 

if (!in_array( $aCurrentPageBox, $aAllowedPages))

 

Thanks again for your help.

 

-Ray

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...