someoneatwork Posted July 18, 2013 Posted July 18, 2013 Hi forum, At our website, we often create orders for our customers using a masterpassword. I wanted to make modifications to our website, so if we login(as admin/mod), we have extra options or features for placing orders. but I have no idea where to look or what detects that we are logged in as admin or something. Can anyone help me with this. Thank you.
Jack_mcs Posted July 18, 2013 Posted July 18, 2013 I'm not sure I understand the question but if you are using 2.3, there is an administrators section where you can edit the login. That would show you what you logged in as. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Praful Kamble Posted July 18, 2013 Posted July 18, 2013 @@someoneatwork Try to see in customers>orders. Like post..hit LIKE button. osCommerce | Joomla | WordPress | Magento | SEO | CakePHP | CI Guaranteed Website Speed Optimization!!
tgely Posted July 18, 2013 Posted July 18, 2013 @@someoneatwork This is dangerous without any CSRF protection. Some ecommerce use this feature and the next release v2.3.4 probably will contain. You can find addon area some solutions. osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.
someoneatwork Posted July 18, 2013 Author Posted July 18, 2013 Thanks for the replies, but that's not what i meant. sorry for not explaining well. In our front page (not the admin panel) where our customers login, We use a masterpassword to login for them when they want to place an order thru the phone. So we do everything like they would, select an item, type in address and other info then place the order. When we see it in the order system, the status of the order says "Mail/Phone Order". If they placed it rather than use the status would be "Pending" What i wanted to know is, what part of the code tells our order system that We placed the order and not the customer. So i can use that, and add an "If" statement, Like if (adminloggedinforcustomer) { display a buncha options that customer's cant see. } I kind of know that "order_history" in the database plays part in this. but thats all I know. I'm still looking around, I just feel like I'm spending too much time looking, so I asked for help. We're on osCommerce 2.2-MS2 Thanks again ---edit I'll take a look @ that Gergely
tgely Posted July 18, 2013 Posted July 18, 2013 @@someoneatwork The sessionid/login or ip address say it but not reflect to the order system. As I mentioned before admin login can handle this problem with tokens. You have to stick a flag to the order in the datatable finaly. osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.
ozEworks Posted July 18, 2013 Posted July 18, 2013 Nothing tells the code. The master password login does not do anything more than bypass the customer password. You would have to augment that code to set a session parameter to track that and then check it when the order is created. Other than that you can add an order comment to make note of this.
someoneatwork Posted July 18, 2013 Author Posted July 18, 2013 Yea I already figured it out. I just wanted to know where that was located, kept checking login, checkout.php and sessions with no luck. But I found it, now I can mess with it :D Thank you all for your info
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.