Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Logging in as customer


someoneatwork

Recommended Posts

Hi forum,

At our website, we often create orders for our customers using a masterpassword.

I wanted to make modifications to our website, so if we login(as admin/mod), we have extra options or features for placing orders. but I have no idea where to look or what detects that we are logged in as admin or something.

Can anyone help me with this.

 

Thank you.

Link to comment
Share on other sites

I'm not sure I understand the question but if you are using 2.3, there is an administrators section where you can edit the login. That would show you what you logged in as.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

@@someoneatwork

 

This is dangerous without any CSRF protection. Some ecommerce use this feature and the next release v2.3.4 probably will contain. You can find addon area some solutions.

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Thanks for the replies, but that's not what i meant. sorry for not explaining well.

In our front page (not the admin panel) where our customers login, We use a masterpassword to login for them when they want to place an order thru the phone.

So we do everything like they would, select an item, type in address and other info then place the order.

When we see it in the order system, the status of the order says "Mail/Phone Order". If they placed it rather than use the status would be "Pending"

What i wanted to know is, what part of the code tells our order system that We placed the order and not the customer. So i can use that, and add an "If" statement,

Like

if (adminloggedinforcustomer) {
display a buncha options that customer's cant see.
}

 

I kind of know that "order_history" in the database plays part in this. but thats all I know.

I'm still looking around, I just feel like I'm spending too much time looking, so I asked for help.

 

We're on

 

osCommerce 2.2-MS2

 

Thanks again

 

 

---edit

I'll take a look @ that Gergely

Link to comment
Share on other sites

@@someoneatwork

 

The sessionid/login or ip address say it but not reflect to the order system. As I mentioned before admin login can handle this problem with tokens. You have to stick a flag to the order in the datatable finaly.

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Nothing tells the code. The master password login does not do anything more than bypass the customer password. You would have to augment that code to set a session parameter to track that and then check it when the order is created. Other than that you can add an order comment to make note of this.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...