dolalu Posted June 23, 2004 Posted June 23, 2004 Hi, I have been trying to get a fix for my problem for over two months now and im hoping somebody will be able to put me out of my misery. Basically, we run a modelling agency and use the cart system as a casting suite of sort. People 'shop' for models and then @checkout they give us their wish list. What we want to do is prevent other companies stealing our 'stars'. I have been trying to protect the catalog, so that in order to view it you must first register and log in. The short term fix i have been using is to set up an external password protection for the whole oscommerce site. When people log in they can access the full site. This is very time consuming as in order to use the site properly they must log in again. But before they can do that i have to manually input/register their data on OScommerce. We are currently recieving over 200 password requests per day and i cant keep up with the demand. There must be someway around this, Any help will be greatly appreciated. Luke Dolan
fifthnail Posted June 23, 2004 Posted June 23, 2004 Password protect your Catelog directory or whatever directory you have osCommerce using .htaccess and .htpasswrd. Google ".htaccess generator password" for more info on how to do this. You should be password protecting your admin directory like this in some fasion or another anyways.
dolalu Posted June 24, 2004 Author Posted June 24, 2004 will that integrate with osc though? Will the user be promted to log or register or just to log in? I dont want to make it too hard to use the site.
GraphicsGuy Posted June 24, 2004 Posted June 24, 2004 I haven't thought this all the way through, but you might incorporate a conditional test of "tep_session_is_registered('customer_id')" into the page loading of product_info.php. If it evaluates as false (not logged in) then redirect to login.php else proceed with loading product_info.php. I'm not sure where exactly you would need to put the conditional, but maybe that will give you a starting point. Doing something like this, your viewers could see the home page and the categories, but they would have to log in to go to the "product" page. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1.
dolalu Posted June 25, 2004 Author Posted June 25, 2004 Logging in a viewing the categories but not being able to view the images until logged in is exactly what im looking for. How would you include a redirect to login.php sorry but im trying to learn php and im very s l o w Thanks for your help, once i get this the site is ready to go live Cheers, luke
GraphicsGuy Posted June 25, 2004 Posted June 25, 2004 Ok, I gave it a quick go and worked it out. It just has one caveat, after they login they will be on the homepage rather than back at the "product" page. But once logged in, they can navigate freely in the catalog. First of all - backup your catalog, or at least the product_info.php file. Open catalog/product_info.php After require('includes/application_top.php'); insert: if (!(tep_session_is_registered('customer_id'))) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } else { Then at the very end of the file insert a } just before the last ?> so that it looks like this: <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); } ?> That should do it, with just that one inconvenience of bouncing back to the home page. Perhaps someone else will know how to make the login return back to the appropriate product_info.php page afterwards. Note: This assumes that you use SSL for the login. If not replace if (!(tep_session_is_registered('customer_id'))) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } else { with if (!(tep_session_is_registered('customer_id'))) { tep_redirect(tep_href_link(FILENAME_LOGIN)); } else { Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1.
dolalu Posted June 25, 2004 Author Posted June 25, 2004 that is working, however...being a pain as ever. When you click on the category, then sub category a thumbnail appears of the image, when you click the image it then asks you to log in. The only bit of code i can find that refers to that step refers to a c section as shown in the URL /catalog/index.php?cPath=21_24 is it possible to make the protection kick in one stage before, so that you cannot see any images or is it possible to set a default image for all picyures such as 'click here to view' Then when they are logged in they can view the remainder of the pictures (would a slideshow contrib work?? Really appreciate your help.......its getting closer i can almost smell it!! Luke
dolalu Posted June 25, 2004 Author Posted June 25, 2004 I have just come across a different way of ensuring the images are not viewed, i put the protection in the index file. It make you log in before viewing most things, but still lets you view stuff in the info box and search box. I will have to protect the search function also. All i need do now is have a greeting page on the main site which then directs you to the catalog and bobs your uncle. Not the ideal way as id like to find the middle ground between both solotions, however this is acceptable and the better option of the two. Many thanks for all your help and if you do come across how to do exactly what i want then please let me know. Cheers, Luke
dolalu Posted June 25, 2004 Author Posted June 25, 2004 just come across this proble after registration. Seems to be some sort of problem with recognizing the user Fatal error: Cannot redeclare tep_db_connect() (previously declared in /catalog/includes/functions/database.php:13) in /catalog/includes/functions/database.php on line 13 any ideas??
dolalu Posted June 27, 2004 Author Posted June 27, 2004 Does anybody have any ideas on how to correct this error??
GraphicsGuy Posted June 27, 2004 Posted June 27, 2004 It will be necessary to know what changes were made to the index.php file in order for anyone to be able to offer advice on that. It appears that something about the code change is causing it to try to connect to the database after it has already been done. The index.php file is more complex because it does double duty, generating the home page and the categories. Modifying it with the login requirement code could be a bit more complicated. Relating back to my original suggestion. It should only prompt for login the first time that they click on a "product" whether category or subcategory. Once they are logged in, they should be able to browse freely. This seems like it would be a fairly clean approach. Also, by putting the protection on the product page, it doesn't matter how they get to the product, they will have to log in. If you put the protection on anything prior to that (i.e index.php), and they link stratight in to the product (i.e. from a search engiine), there will be no restriction. They wouldn't be able to browse freely, but they would have full access to the product page they landed on. And once they noticed the structure of the URL, they could likely access other product pages by trial and error. Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1.
dolalu Posted June 27, 2004 Author Posted June 27, 2004 The only problem with the product_info page is that it allows you to view the thumbnail of the image, alot of the parents for the child models that we have are uncomfotable with this type of access. Im trying to keep them happy but also make it easy for casting directors to use the site. Is there anyway to remove the thumbnail image, or replace the thumbnails with a click to view image? The changes that were made the the index.php file were eactly the same as the product_info page namely: at top of page prior to HTML bits. *********************************************************** Released under the GNU General Public License */ require('includes/application_top.php'); if (!(tep_session_is_registered('customer_id'))) { tep_redirect(tep_href_link(FILENAME_LOGIN)); } else { require('includes/application_top.php'); // the following cPath references come from application_top.php $category_depth = 'top'; if (isset($cPath) && tep_not_null($cPath)) { $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $cateqories_products = tep_db_fetch_array($categories_products_query); if ($cateqories_products['total'] > 0) { $category_depth = 'products'; // display products } else { $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'"); $category_parent = tep_db_fetch_array($category_parent_query); if ($category_parent['total'] > 0) { $category_depth = 'nested'; // navigate through the categories } else { $category_depth = 'products'; // category has no products, but display the 'no products' message } } } } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); ?> ************************************************************* Any suggestions??
vipfoot Posted June 28, 2004 Posted June 28, 2004 You have require('includes/application_top.php'); written twice in your code. So the next question is how to make the Columns invisible until you login .. Any ideas?
dolalu Posted June 28, 2004 Author Posted June 28, 2004 It has something to do with the cpath attribute( i think) ive trying playing around with protecting that but i just end up with loads of errors.
dolalu Posted June 28, 2004 Author Posted June 28, 2004 I have managed to protect the whole of the index page. At the moment this is the best as i can manage. Unless i call discover how to prevent the cpath stuff showing i will have to use a main page which then links to the catalog.
normd Posted June 29, 2004 Posted June 29, 2004 I wanted to require the customer to log in but not have access to the menu items and prices. I simply added this code to the bottom of /boxes/categories.php just above $info_box_contents = array(); if (!(tep_session_is_registered('customer_id'))) { $categories_string ='<br><b>To use the Estimator please log in. This will allow us to better serve you.</b><br><br>'; } This message appears in the Categories box instead of the menu items. Everything else on the page remains the same, so they have access to the links and other information. http://mossycreekcatering.com/catalog Norm
Recommended Posts
Archived
This topic is now archived and is closed to further replies.