Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIB] Admin Access Level Accounts for MS2


papasan

Recommended Posts

How do you set https for admin?

 

this is my admin configure.php

 

<?php

/*

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com



 Copyright (c) 2003 osCommerce



 Released under the GNU General Public License

*/



// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

 define('HTTP_SERVER', 'http://www.orphonsoul.com'); // eg, http://localhost - should not be empty for productive servers

 define('HTTP_CATALOG_SERVER', 'http://www.orphonsoul.com');

 define('HTTPS_CATALOG_SERVER', 'https://orphonsoul.com');

 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 define('DIR_FS_DOCUMENT_ROOT', '/home/username/public_html/'); // where the pages are located on the server

 define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

 define('DIR_FS_ADMIN', '/home/username/public_html/catalog/admin/'); // absolute path required

 define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

 define('DIR_FS_CATALOG', '/home/username/public_html/catalog/'); // absolute path required

 define('DIR_WS_IMAGES', 'images/');

 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

 define('DIR_WS_INCLUDES', 'includes/');

 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');



// define our database connection

 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

 define('DB_SERVER_USERNAME', 'DBusername');

 define('DB_SERVER_PASSWORD', 'DBpassword');

 define('DB_DATABASE', 'DBname');

 define('USE_PCONNECT', 'false'); // use persisstent connections?

 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

Angela

Link to comment
Share on other sites

Change your HTTP_SERVER variable to the https URL, i.e.

define('HTTP_SERVER', 'https://www.orphonsoul.com');

or whatever your HTTPS_SERVER is in catalog. If you wanted your whole site to be in SSL, you could do this in catalog as well. However, for performance reasons, it makes more sense to make just the private pages (account, checkout, etc.) be SSL, so catalog has two server variables between which it can switch.

 

Hth,

Matt

Link to comment
Share on other sites

That worked thanks!!!!!!

 

Now for another question... I changed my password and I got an auto email.

 

The Subject was: ADMIN_EMAIL_SUBJECT

 

And the body was: ADMIN_EMAIL_TEXT

 

I looked in admin/includes/languages/english/admin_members.php and it looks like they are both defined.

 

Thanks again, I love this place :)

Angela

Link to comment
Share on other sites

Actually the answer to the ssl question is that admin/includes/configure.php needs the line

 

define('ENABLE_SSL', 'true'); // secure webserver for admin module

 

I think placed in it.

 

because in the current setup it is still not working and yet your catalog store is playing fine with the https.

 

but then I am no code monger so I could be very wrong

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

yes it did make it work .... but when you mixup your http and your https and call a straight http with https instead .. will it work? ..

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

Can I Specify the Password for my Top Adminstrator, rather then have the auto assigned password?

 

I thought I seen an option before about changing the passwords but buggered if I can find it now..

 

Cheers MaxiDVD :-)

Link to comment
Share on other sites

actually I did read the read me .. and I quote from that esteemed bible

"

The default admin is 'admin@localhost' with the password 'admin'. Your first job may well be changing this security hole.

but it didn't seem to work that's why I had to write an md5 filter to place one in there

*smiles*

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

I found a very small detail in admin/index.php that affects if you are not using english as main language (as I do)

Where it says: (line 77 in my index.php file)

 

'children' => array(array('title' => 'My Account', 'link' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'access' => 'true'),

array('title' => 'Logoff', 'link' => tep_href_link(FILENAME_LOGOFF),

 

You need to change to:

 

'children' => array(array('title' => HEADER_TITLE_ACCOUNT, 'link' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'access' => 'true'),

array('title' => HEADER_TITLE_LOGOFF, 'link' => tep_href_link(FILENAME_LOGOFF),

 

Hope that helps...

 

And one question... I just set this thing up and I noticed that no matter what "boxes" each user has activated, every time a user logs in, the index.php page shows all the options. Is there a way to only show the options that the user has activated (sorta like what is done in colum_left.php)?

 

Thanks in advance!

Link to comment
Share on other sites

yes you have to edit the index.php file with the if statements like in the example it comes with.

 

I haven't been able to figure out what examples you mean here. Can you explain?

 

I have the same issue with email to the main admin coming through with "ADMIN_EMAIL_SUBJECT" in the subject and "ADMIN_EMAIL_TEXT" in the body. These seem to be defined properly in english/admin_members.php and nothing else looks wrong. Has anyone else figures this one out?

 

I'm also having a problem not mentioned here. When a new admin user is created, the email that is sent is correct except that the password value is "-hidden-" in the body of the email. I have no clue on this one.

 

This looks like an excellent (and necessary) contribution. I might be able to figure more out with a clear head tomorrow, but any feedback is appreciated. I am installing on an "almost" fresh copy of MS2. Thanks!

 

David

Link to comment
Share on other sites

actually I did read the read me .. and I quote from that esteemed bible

"

The default admin is 'admin@localhost' with the password 'admin'. Your first job may well be changing this security hole.

but it didn't seem to work that's why I had to write an md5 filter to place one in there

*smiles*

 

d'oh! <remove foot from mouth>

 

logon: admin@localhost

pass: admin

 

definatly will change the readme...

 

I have the same issue with email to the main admin coming through with "ADMIN_EMAIL_SUBJECT" in the subject and "ADMIN_EMAIL_TEXT" in the body. These seem to be defined properly in english/admin_members.php and nothing else looks wrong. Has anyone else figures this one out?

 

this is caused because the definitions are too low in the file, they need to be moved up to the top. this was changed in the 2.2 release. i now get two emails sometimes, one correct and one old one, but at least the correct info is being sent.

Link to comment
Share on other sites

yes you have to edit the index.php file with the if statements like in the example it comes with.

 

Hmm, what example are you talking about? I tried the if statement that comes with column_left.php on the index.php but it didnt work... could you help me a bit more on this issue?

 

thanks!

Link to comment
Share on other sites

it is in the changed files/admin/index.php

the first part looks like

<?php

/*

$Id: index.php,v 1.19 2003/06/27 09:38:31 dgw_ Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

$cat = array(array('title' => BOX_HEADING_CONFIGURATION,

//Admin begin

'access' => tep_admin_check_boxes('configuration.php'),

//Admin end

'image' => 'configuration.gif',

'href' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=1'),

'children' => array(array('title' => BOX_CONFIGURATION_MYSTORE, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=1')),

array('title' => BOX_CONFIGURATION_LOGGING, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=10')),

array('title' => BOX_CONFIGURATION_CACHE, 'link' => tep_href_link(FILENAME_CONFIGURATION, 'selected_box=configuration&gID=11')))),

array('title' => BOX_HEADING_MODULES,

//Admin begin

'access' => tep_admin_check_boxes('modules.php'),

//Admin end

'image' => 'modules.gif',

'href' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=payment'),

'children' => array(array('title' => BOX_MODULES_PAYMENT, 'link' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=payment')),

array('title' => BOX_MODULES_SHIPPING, 'link' => tep_href_link(FILENAME_MODULES, 'selected_box=modules&set=shipping')))),

array('title' => BOX_HEADING_CATALOG,

//Admin begin

'access' => tep_admin_check_boxes('catalog.php'),

//Admin end

'image' => 'catalog.gif',

'href' => tep_href_link(FILENAME_CATEGORIES, 'selected_box=catalog'),

'children' => array(array('title' => CATALOG_CONTENTS, 'link' => tep_href_link(FILENAME_CATEGORIES, 'selected_box=catalog')),

array('title' => BOX_CATALOG_MANUFACTURERS, 'link' => tep_href_link(FILENAME_MANUFACTURERS, 'selected_box=catalog')))),

array('title' => BOX_HEADING_LOCATION_AND_TAXES,

//Admin begin

'access' => tep_admin_check_boxes('taxes.php'),

//Admin end

'image' => 'location.gif',

'href' => tep_href_link(FILENAME_COUNTRIES, 'selected_box=taxes'),

'children' => array(array('title' => BOX_TAXES_COUNTRIES, 'link' => tep_href_link(FILENAME_COUNTRIES, 'selected_box=taxes')),

array('title' => BOX_TAXES_GEO_ZONES, 'link' => tep_href_link(FILENAME_GEO_ZONES, 'selected_box=taxes')))),

array('title' => BOX_HEADING_CUSTOMERS,

//Admin begin

'access' => tep_admin_check_boxes('customers.php'),

//Admin end

'image' => 'customers.gif',

'href' => tep_href_link(FILENAME_CUSTOMERS, 'selected_box=customers'),

'children' => array(array('title' => BOX_CUSTOMERS_CUSTOMERS, 'link' => tep_href_link(FILENAME_CUSTOMERS, 'selected_box=customers')),

array('title' => BOX_CUSTOMERS_ORDERS, 'link' => tep_href_link(FILENAME_ORDERS, 'selected_box=customers')))),

array('title' => BOX_HEADING_LOCALIZATION,

//Admin begin

'access' => tep_admin_check_boxes('localization.php'),

//Admin end

'image' => 'localization.gif',

'href' => tep_href_link(FILENAME_CURRENCIES, 'selected_box=localization'),

'children' => array(array('title' => BOX_LOCALIZATION_CURRENCIES, 'link' => tep_href_link(FILENAME_CURRENCIES, 'selected_box=localization')),

array('title' => BOX_LOCALIZATION_LANGUAGES, 'link' => tep_href_link(FILENAME_LANGUAGES, 'selected_box=localization')))),

array('title' => BOX_HEADING_REPORTS,

//Admin begin

'access' => tep_admin_check_boxes('reports.php'),

//Admin end

'image' => 'reports.gif',

'href' => tep_href_link(FILENAME_STATS_PRODUCTS_PURCHASED, 'selected_box=reports'),

'children' => array(array('title' => REPORTS_PRODUCTS, 'link' => tep_href_link(FILENAME_STATS_PRODUCTS_PURCHASED, 'selected_box=reports')),

array('title' => REPORTS_ORDERS, 'link' => tep_href_link(FILENAME_STATS_CUSTOMERS, 'selected_box=reports')))),

//Admin begin

array('title' => BOX_HEADING_MY_ACCOUNT,

'access' => 'true',

'image' => 'my_account.gif',

'href' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'children' => array(array('title' => 'My Account', 'link' => tep_href_link(FILENAME_ADMIN_ACCOUNT),

'access' => 'true'),

array('title' => 'logoff', 'link' => tep_href_link(FILENAME_LOGOFF),

'access' => 'true'))),

array('title' => BOX_HEADING_ADMINISTRATOR,

'access' => tep_admin_check_boxes('administrator.php'),

'image' => 'administrator.gif',

'href' => tep_href_link(tep_selected_file('administrator.php'), 'selected_box=administrator'),

'children' => array(array('title' => BOX_ADMINISTRATOR_MEMBER, 'link' => tep_href_link(FILENAME_ADMIN_MEMBERS, 'selected_box=administrator'),

'access' => tep_admin_check_boxes(FILENAME_ADMIN_MEMBERS, 'sub_boxes')),

array('title' => BOX_ADMINISTRATOR_BOXES, 'link' => tep_href_link(FILENAME_ADMIN_FILES, 'selected_box=administrator'),

'access' => tep_admin_check_boxes(FILENAME_ADMIN_FILES, 'sub_boxes')))),

//Admin end

array('title' => BOX_HEADING_TOOLS,

//Admin begin

'access' => tep_admin_check_boxes('tools.php'),

//Admin end

'image' => 'tools.gif',

'href' => tep_href_link(FILENAME_BACKUP, 'selected_box=tools'),

'children' => array(array('title' => TOOLS_BACKUP, 'link' => tep_href_link(FILENAME_BACKUP, 'selected_box=tools')),

array('title' => TOOLS_BANNERS, 'link' => tep_href_link(FILENAME_BANNER_MANAGER, 'selected_box=tools')),

array('title' => TOOLS_FILES, 'link' => tep_href_link(FILENAME_FILE_MANAGER, 'selected_box=tools')))));

 

$languages = tep_get_languages();

$languages_array = array();

$languages_selected = DEFAULT_LANGUAGE;

for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {

$languages_array[] = array('id' => $languages[$i]['code'],

'text' => $languages[$i]['name']);

if ($languages[$i]['directory'] == $language) {

$languages_selected = $languages[$i]['code'];

}

}

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

 

 

************ and the second change is on about line 178 and quoting from line 175 looks like

 

 

while ($orders_status = tep_db_fetch_array($orders_status_query)) {

$orders_pending_query = tep_db_query("select count(*) as count from " . TABLE_ORDERS . " where orders_status = '" . $orders_status['orders_status_id'] . "'");

$orders_pending = tep_db_fetch_array($orders_pending_query);

//Admin begin

// $orders_contents .= '<a href="' . tep_href_link(FILENAME_ORDERS, 'selected_box=customers&status=' . $orders_status['orders_status_id']) . '">' . $orders_status['orders_status_name'] . '</a>: ' . $orders_pending['count'] . '<br>';

if (tep_admin_check_boxes(FILENAME_ORDERS, 'sub_boxes') == true) {

$orders_contents .= '<a href="' . tep_href_link(FILENAME_ORDERS, 'selected_box=customers&status=' . $orders_status['orders_status_id']) . '">' . $orders_status['orders_status_name'] . '</a>: ' . $orders_pending['count'] . '<br>';

} else {

$orders_contents .= '' . $orders_status['orders_status_name'] . ': ' . $orders_pending['count'] . '<br>';

}

//Admin end

}

$orders_contents = substr($orders_contents, 0, -4);

 

$heading = array();

$contents = array();

 

 

*************

that's it in a nut shell

(my knowledge is so small you would think that an ant was a genius in comparison)

Link to comment
Share on other sites

strider

thanks for the reply, but I checked my index.php file... it does look exactly like yours, but it doesnt matter which user logs in, it always shows all the menus and options, I mean, it does not hide the options that the user should not see.

 

So when the user tries to access an option that he does not have permissions to, then a page is diplayed saying that he cant access that!

 

Am I missing something in order to hide those options that the user is not suppose to see/access?

 

(My english is not too good, so I dont know if Im explaining myself)

Link to comment
Share on other sites

I'm also having a problem not mentioned here. When a new admin user is created, the email that is sent is correct except that the password value is "-hidden-" in the body of the email. I have no clue on this one.

 

I think that might be on purpose... A lot of emails you get when you sign up for things don't print the password... that is a good thing. I hate it when I get a password sent to me in plian text...

Angela

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...