Page 1 of 124 1231151101 ... LastLast
Results 1 to 10 of 1238
  1. #1
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Admin Profiles (for v1.3.x only!) Support Thread

    Admin Profiles is a user access control system for the Admin part of your site, allowing you to turn menus on and off and grant or disable access to specific Admin functions for each user.
    Last edited by kuroi; 12 Aug 2009 at 05:28 PM. Reason: Remove external link. Latest version is hosted on this site.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  2. #2
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: Admin Profiles Support Thread

    Quote Originally Posted by duncanad
    I am still working with Admin Profiles v1.0 - only discovered last night that this has moved on to 1.0.3 and haven't upgraded yet. Before I do I would like to get to the bottom of a little problem I have. Actually it's not really a problem but the engineer in me doesn't just want it to work - it should work right!

    I have added a new Product Type in Admin. I have done this by copying the product_general files as appropriate and renaming them product_property. The list of files is quite long but they include:

    admin/product ---> admin/product_property
    admin/includes/modules/product/collect_info.php ---> admin/includes/modules/product_property/collect_info.php
    admin/includes/modules/product/preview_info.php ---> admin/includes/modules/product_property/preview_info.php
    etc.

    The following code is included in all the appropriate files

    if (!defined('IS_ADMIN_FLAG')) {
    die('Illegal Access');
    }

    I also added the new product_property type to the product_types table in the database.

    In Admin Catalog>Categories/Products when I tried to add a new product of the product_property type by choosing this from the product type drop down list I was re-directed to denied.php

    I fixed this by inserting '2' into the 'header' field of the admin_files table for the product_property entry which had been added automatically.

    In Admin Settings I then found a 'product property' tick box under the 'Catalog Menu' header. A tick in this box and everything worked fine.

    My problem is that there are no tick boxes for any of the other product types e.g. product_music. Nor should there be since choosing the product type is just part of the process of setting up a new product, access to which is controlled by the 'Categories' tick box. So why, when I have added a new product type, does this just not work without an additional tick box being required for this product type and no other?

    Not a big problem but, as I said, the engineer in me doesn't like it. Any ideas?
    Thanks for raising this Alan, it's an interesting one. I have a few ideas, but will need a little time to get to the bottom of it. Some of the changes that went into 1.03 may affect this, but can only improve the situation (though I doubt that they would eliminate it), so there is no harm in upgrading.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  3. #3
    Join Date
    Nov 2004
    Location
    Glasgow, Scotland
    Posts
    251
    Plugin Contributions
    0

    Default Re: Admin Profiles Support Thread

    Just a quick update on the above as to the nature of the problem - not the cause unfortunately.

    When I raised this with Peter yesterday I thought that what I was experiencing applied only to the new product type I had created and that it may have been something I had missed whilst copying and amending files to do this. However I now find that, when creating a new product in Admin, it is only 'Product-General' that can be accessed by default. If you want to create a 'Product-Music' or 'Product-Free Shipping' you will be redirected to denied.php and get the following message:

    "Sorry, your security clearance does not allow you to access this resource.

    Please contact your site administrator if you believe this to be incorrect.

    Sorry for any inconvenience."

    If you now look into the admin_files table you will find that a new entry has been created for the product type you were trying to create e.g. product_music. If you insert '2' in the 'header' column you will find a tick box available in Tools>Admin Settings>Edit Permissions under the 'Catalog Menu' header. A tick in the box will then allow you to create products of the appropriate type.

    The way I think it is supposed to work is that ticking the 'categories' tick box should allow access to all categories and products create/amend/delete functions.

    In the meantime just a minor inconvenience the first time a product of a particular type is created.

    Regards,

    Alan

  4. #4
    Join Date
    May 2006
    Posts
    3
    Plugin Contributions
    0

    Default Illegal Access

    Hi, I found your Admin Profiles module and it sounds like exactly what I need. However I am having a problem getting it installed. I have a fresh installation of Zen Cart with only the demo data loaded. I followed all of the instructions in install.txt, but now when I try to login to the admin page I get an "Illegal Access" error.

    Here are some notes on what I have done:
    1) I did not use a DB prefix
    2) I couldn't understand step 1...where was I supposed to put "Import install_admin_profiles.sql"? Since I couldn't find where to type that, I connected to my zen db from the mysql command line client and ran each line from the install_admin_profiles.sql file.
    3) Copied all Admin Profiles files to their proper location
    4) Patched the 3 php files listed in step 3

    I then tried to login using the same username/password that was working before installing Admin Profiles, but got the Illegal Access error. I appreciate any help you can offer!

  5. #5
    Join Date
    May 2006
    Posts
    3
    Plugin Contributions
    0

    Default Ignore My Previous Message

    Nevermind...ignore my previous message for now. Somehow when I downloaded ZenCart today I got version 1.27bugsecurityfix. I am not sure why the site was linking to an old version, but I'm going to try upgrading to 1.3.0.1 and see if that fixes my problem.

    I still would like to know where I am supposed to issue the "Import install_admin_profiles.sql" command though.

    Thanks!

  6. #6
    Join Date
    May 2006
    Posts
    3
    Plugin Contributions
    0

    Default It works!

    I found the MySQL import tool in the Zen Cart Admin page. After upgrading my cart to 1.3.0.1 it appears to be working!

  7. #7
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: It works!

    Quote Originally Posted by cbrantly
    I found the MySQL import tool in the Zen Cart Admin page. After upgrading my cart to 1.3.0.1 it appears to be working!
    That's great news. I hope you find it the mod useful.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  8. #8
    Join Date
    Sep 2004
    Posts
    2,420
    Plugin Contributions
    2

    Default Re: Admin Profiles Support Thread

    To those interested the archived Admin Profiles support thread is located at
    http://www.zen-cart.com/forum/showthread.php?t=33570

  9. #9
    Join Date
    Oct 2005
    Posts
    3
    Plugin Contributions
    0

    Default Re: Admin Profiles Support Thread

    Hi Kuroi,

    Great contribution to ZenCart - it is going to come in handy.

    Here's my problem: I have installed the module as per your instructions and set up a user profile with access to one area of my site. When I log in with that profile username and password I still have full access to everything (where I should only have one menu option).

    Thoughts?

    -Donovan

  10. #10
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: Admin Profiles Support Thread

    Quote Originally Posted by ddeschn
    Hi Kuroi,

    Great contribution to ZenCart - it is going to come in handy.

    Here's my problem: I have installed the module as per your instructions and set up a user profile with access to one area of my site. When I log in with that profile username and password I still have full access to everything (where I should only have one menu option).

    Thoughts?

    -Donovan
    Yes that would be a bit worrying. What happens when you go back and look at the Admin Profile for that user, does it come up showing your restrictions? It's very unlikely that this will be the case, as a new user starts with no permissions, you have to deliberately add them in.

    More likely IMO, is that this is a manifestation of the Zen Cart registers_globals bug. This means that although you log in as one user, Zen Cart switches you to be another. Here's an except from the archived support forum on this problem. Although your symptoms aren't quite the same, it would take something like this for the mod to break down so completely.

    Quote Originally Posted by duncanad
    With register globals on the Admin identity changes when a new admin is created or an existing admin is deleted. This is not an Admin Profiles problem either. It happens on a virgin install of ZenCart without Admin Profiles installed. Admin Profiles just makes the problem very noticeable.

    Setting register globals off solves the problem.

    If you don't have access to your server's configuration files just add a .htaccess file to the root directory of your ZenCart with the following line of code:

    php_value register_globals 0

    Actually you should do this anyway since it makes your Zencart more secure. I always do this for live sites but didn't bother in this instance since I was 'only' testing. Wish I had now!

    Hope this helps others from suffering the same grief.
    Later in that thread I suggested a way of testing whether Admin is properly recognising you as the user you logged on. Here's an extract ...

    Quote Originally Posted by kuroi
    Your suggestion that it would be helpful to show the identity of the currently logged in user is a good one, but not strictly about Admin Profiles. However, as it is clearly relevant to users of AP, what the hell, let's take a look.

    When a user logs in a session variable is created containing his or her admin_ID. When they logoff, this variable is unset. So the easy and correct way to do what you ask, would be simply to create and unset a session variable containing the user's admin_name. Then we could simply display it anywhere we wanted. Yes. NOOOOO.

    Unfortunately, due to the admin_ID registers_global BUG identified by Duncanad, this approach would show who logged on, but not who Admin thinks the current user is, due to its tendancy under some circumstances to just change user. Ouch.

    A solution that showed who it actually thought the current user was would therefore highlight this unfortunate tendancy ... Let's do it anyway.

    Go to the bottom of admin/includes/headers.php. Find the line that reads

    <td class="headerBarContent" align="center"><b><?php echo date("r", time()) . 'GMT' . '[' . $_SERVER['REMOTE_ADDR'] . ' ]'; ?></b></td>

    change "center" to "left" then insert the following line immediately afterwards

    <td class="headerBarContent" align="center"><b><?php $result=$db->Execute("select admin_name from ".TABLE_ADMIN." where admin_id=".$_SESSION['admin_id']); echo $result->fields['admin_name']; ?></b></td>

    Upload the file to your server and enjoy.
    Knowing whether this does reveal a shift in your user identity would be useful to me for supporting Admin Profiles. If it doesn't, we'll have to try to think of some other possible causes.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

 

 
Page 1 of 124 1231151101 ... LastLast

Similar Threads

  1. v150 Admin New Order [Support Thread]
    By lhungil in forum Addon Admin Tools
    Replies: 121
    Last Post: 5 Feb 2021, 07:51 PM
  2. v150 CSS Buttons for Admin [Support Thread]
    By lat9 in forum All Other Contributions/Addons
    Replies: 19
    Last Post: 24 Dec 2015, 09:13 PM
  3. Admin-Editable Sidebox - Support Thread
    By kuroi in forum Addon Sideboxes
    Replies: 331
    Last Post: 29 Oct 2014, 04:15 AM
  4. v151 Blue Admin [Support Thread]
    By vvomble in forum Addon Templates
    Replies: 11
    Last Post: 27 May 2013, 09:43 PM
  5. [Support Thread] IE only JavaScripts and Stylesheets Addon
    By Meshach in forum All Other Contributions/Addons
    Replies: 16
    Last Post: 31 May 2011, 08:18 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR