Admin Profiles is a user access control system for the Admin part of your site, allowing you to turn menus on and off and grant or disable access to specific Admin functions for each user.
Printable View
Admin Profiles is a user access control system for the Admin part of your site, allowing you to turn menus on and off and grant or disable access to specific Admin functions for each user.
Thanks for raising this Alan, it's an interesting one. I have a few ideas, but will need a little time to get to the bottom of it. Some of the changes that went into 1.03 may affect this, but can only improve the situation (though I doubt that they would eliminate it), so there is no harm in upgrading.Quote:
Originally Posted by duncanad
Just a quick update on the above as to the nature of the problem - not the cause unfortunately.
When I raised this with Peter yesterday I thought that what I was experiencing applied only to the new product type I had created and that it may have been something I had missed whilst copying and amending files to do this. However I now find that, when creating a new product in Admin, it is only 'Product-General' that can be accessed by default. If you want to create a 'Product-Music' or 'Product-Free Shipping' you will be redirected to denied.php and get the following message:
"Sorry, your security clearance does not allow you to access this resource.
Please contact your site administrator if you believe this to be incorrect.
Sorry for any inconvenience."
If you now look into the admin_files table you will find that a new entry has been created for the product type you were trying to create e.g. product_music. If you insert '2' in the 'header' column you will find a tick box available in Tools>Admin Settings>Edit Permissions under the 'Catalog Menu' header. A tick in the box will then allow you to create products of the appropriate type.
The way I think it is supposed to work is that ticking the 'categories' tick box should allow access to all categories and products create/amend/delete functions.
In the meantime just a minor inconvenience the first time a product of a particular type is created.
Regards,
Alan
Hi, I found your Admin Profiles module and it sounds like exactly what I need. However I am having a problem getting it installed. I have a fresh installation of Zen Cart with only the demo data loaded. I followed all of the instructions in install.txt, but now when I try to login to the admin page I get an "Illegal Access" error.
Here are some notes on what I have done:
1) I did not use a DB prefix
2) I couldn't understand step 1...where was I supposed to put "Import install_admin_profiles.sql"? Since I couldn't find where to type that, I connected to my zen db from the mysql command line client and ran each line from the install_admin_profiles.sql file.
3) Copied all Admin Profiles files to their proper location
4) Patched the 3 php files listed in step 3
I then tried to login using the same username/password that was working before installing Admin Profiles, but got the Illegal Access error. I appreciate any help you can offer!
Nevermind...ignore my previous message for now. Somehow when I downloaded ZenCart today I got version 1.27bugsecurityfix. I am not sure why the site was linking to an old version, but I'm going to try upgrading to 1.3.0.1 and see if that fixes my problem.
I still would like to know where I am supposed to issue the "Import install_admin_profiles.sql" command though.
Thanks!
I found the MySQL import tool in the Zen Cart Admin page. After upgrading my cart to 1.3.0.1 it appears to be working!
That's great news. I hope you find it the mod useful.Quote:
Originally Posted by cbrantly
To those interested the archived Admin Profiles support thread is located at
http://www.zen-cart.com/forum/showthread.php?t=33570
Hi Kuroi,
Great contribution to ZenCart - it is going to come in handy.
Here's my problem: I have installed the module as per your instructions and set up a user profile with access to one area of my site. When I log in with that profile username and password I still have full access to everything (where I should only have one menu option).
Thoughts?
-Donovan
Yes that would be a bit worrying. What happens when you go back and look at the Admin Profile for that user, does it come up showing your restrictions? It's very unlikely that this will be the case, as a new user starts with no permissions, you have to deliberately add them in.Quote:
Originally Posted by ddeschn
More likely IMO, is that this is a manifestation of the Zen Cart registers_globals bug. This means that although you log in as one user, Zen Cart switches you to be another. Here's an except from the archived support forum on this problem. Although your symptoms aren't quite the same, it would take something like this for the mod to break down so completely.
Later in that thread I suggested a way of testing whether Admin is properly recognising you as the user you logged on. Here's an extract ...Quote:
Originally Posted by duncanad
Knowing whether this does reveal a shift in your user identity would be useful to me for supporting Admin Profiles. If it doesn't, we'll have to try to think of some other possible causes.Quote:
Originally Posted by kuroi
That seems to have solved it. Somehow what was happening was it kept me logged in as my main administrator and didn't recognize the switch to the new user.
With that features off everything works great!
-Donovan
[QUOTE=kuroi]Admin Profiles is a user access control system for the Admin part of your site, allowing you to turn menus on and off and grant or disable access to specific Admin functions for each user.
Excellent contrib. Easy quick install! Just what the doctor ordered.
Thanks for the work.
BR
Hello, Im trying to install Admin Profiles on my site and when i have compleated the install i log onto my admin page and insted of the Configuration etc.. links it comes up with "illegal access" when i did a trial instal on my local server with the zencart version 1.3 it worked perfect, but when i install onto my live server i get that error.
can anyone please help me with this?
This is a new one. Just it just say illegal access on an otherwise white screen, or is there more that might help us to understand where the message is coming from?
just a blank screan, i have uploaded a picture of what is happening.
Which version of Zen Cart are you using?
I am using Version 1.2.7
Oh sorry, i just read that this was for version 1.3 + :P my bad
There is an older add-in, Admin Levels, upon which Admin Profiles was based, that works with 1.2.7.
Also, don't underestimate the power of a not quite blank screen. Your screenshot confirmed that the problem was within your Zen Cart and showed how far Zen Cart had got before it threw the error. All useful info.
yeah thanks for that. yeah i knew it was with zencart coz i had the admin levels working with a newer version of zencart :) any ideas on why it would be doing this though?
Sorry, for clarity, when I wrote that the problem was within Zen Cart, I didn't mean to inply that there was a problem with Zen Cart, simply that it was Zen Cart which was unable to continue with one of it's database accesses, rather than say, a more general server problem.
Why does it happen? I can't give you a definitive answer because I only joined the Zen Cart community when v1.3 was released and so have very limited experience of the innards of 1.2.7 or ealier (just enough to have done a small number of site upgrades). However, I know that there were some structural changes, some of which will have affected the database structure and in this case it seems likely that Admin Profiles is trying to access a database table or field that exists in v1.3 but didn't (or was named differently) in v1.2.7.
I just installed this Admin Profiles. Followed instructions. However, am having problems. Only configuration menu is showing, rest are not.
Please see copy of screen image. How do I fix it?
This is a problem with your admin/includes/boxes/configuration_dhtml.php file. It has some missing characters that are causing this error. However, curiously, from the little of it that I can see, it doesn't look like the file from Zen Cart v1.3.0, v1.3.0.1 or the one installed as part of Admin Profiles - what version of Zen Cart are you using? Have you made other changes? Please can you post the code from this file (it's not very long)?Quote:
Originally Posted by makulit
Thanks Kuroi. Below is the copy of the code >>
------------------------------------ code here -------------------
<?php
/**
* @package admin
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: configuration_dhtml.php 3009 2006-02-11 15:41:10Z wilt $
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
?>
<!-- configuration //-->
<li class="submenu">
<a target="_top" href="<?php echo zen_href_link(FILENAME_ALT_NAV, '', 'NONSSL') ?>"><?php echo BOX_HEADING_CONFIGURATION; ?></a><ul>
<?php
$heading = array();
$contents = array();
$heading[] = array('text' => BOX_HEADING_CONFIGURATION,
'link' => zen_href_link(basename($PHP_SELF), zen_get_all_get_params(array('selected_box')) . 'selected_box=configuration'));
if (1 == 1) {
$cfg_groups = '';
$configuration_groups = $db->Execute("select configuration_group_id as cgID,
configuration_group_title as cgTitle
from " . TABLE_CONFIGURATION_GROUP . "
where visible = '1' order by sort_order");
while (!$configuration_groups->EOF) {
$cfg_groups .= '<li><a href="' . zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $configuration_groups->fields['cgID'], 'NONSSL') . '">' .
$configuration_groups->fields['cgTitle'] . '</a></li>' . "\n";
$configuration_groups->MoveNext();
}
}
echo $cfg_groups;
?>
</ul>
</li>
<!-- configuration_eof //-->/a></li>' . "\n";
$configuration_groups->MoveNext();
echo $cfg_groups;
?>
</ul>
</li>
<!-- configuration_eof //-->
<?php
?>
As suspected, the your version of the file is corrupt. Either recopy it from the Admin Profiles package, or delete the bits that I've marked in red and add in the bracket that I've marked in magenta (on the penultimate line).
------------------------------------ code here -------------------
<?php
/**
* @package admin
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: configuration_dhtml.php 3009 2006-02-11 15:41:10Z wilt $
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
?>
<!-- configuration //-->
<li class="submenu">
<a target="_top" href="<?php echo zen_href_link(FILENAME_ALT_NAV, '', 'NONSSL') ?>"><?php echo BOX_HEADING_CONFIGURATION; ?></a><ul>
<?php
$heading = array();
$contents = array();
$heading[] = array('text' => BOX_HEADING_CONFIGURATION,
'link' => zen_href_link(basename($PHP_SELF), zen_get_all_get_params(array('selected_box')) . 'selected_box=configuration'));
if (1 == 1) {
$cfg_groups = '';
$configuration_groups = $db->Execute("select configuration_group_id as cgID,
configuration_group_title as cgTitle
from " . TABLE_CONFIGURATION_GROUP . "
where visible = '1' order by sort_order");
while (!$configuration_groups->EOF) {
$cfg_groups .= '<li><a href="' . zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $configuration_groups->fields['cgID'], 'NONSSL') . '">' .
$configuration_groups->fields['cgTitle'] . '</a></li>' . "\n";
$configuration_groups->MoveNext();
}
}
echo $cfg_groups;
?>
</ul>
</li>
<!-- configuration_eof //-->/a></li>' . "\n";
$configuration_groups->MoveNext();
echo $cfg_groups;
?>
</ul>
</li>
<!-- configuration_eof //-->
<?php
}
?>
@kuroi
i recopied the file from admin profiles package. still gave me this ...
This is clearly going to be a corruption of your customers_dhtml.php file similar to one in your configuarion_dhtml.php file that we fixed before. Is your site on your local machine or a remote server? If it's the latter I would recommend uploading all the Admin Profiles files again and checking your FTP program's error log very carefully to ensure that they have arrived safely.
thanks kuroi. my site is on a remote server. i followed your suggestion and uploaded all the admin profiles again. this time all files arrived safely and everything's working well. am very happy with the result and this admin is excellent! just what i need. dont want my partners messing with my zen settingsQuote:
Originally Posted by kuroi
thank you very much!
Is "updating box files (a step-by-step guide).txt" up to date?
=> question re: found no options array in extra_boxes files.
I'm mid-way through installing Admin Profiles (step 4) & mid-way through the above guide in testing/demo mode install of zen cart.
The one third party contribution I've previously installed is, in fact, Image Handler 2 -- convenient, given your example.
But I find a discrepancy between the instructions & the files discussed.
[ (ZC_Root_Dir)/admin/includes/boxes/extra_boxes/product_music_extras_dhtml.php
& (same_path)/image_handler_tools_dhtml.php).
That being that in neither did I find an $options array as mentioned in step 4 & shown in the example in step 5.
The one & only statement in the IH file was:At first I figured that since there is only the one $za_content element there is no need (at present ) for the options array So replacing the 5 assignments from the music_extras w/ the above 1 line will work. As below:Quote:
$za_contents[] = array('text' => BOX_TOOLS_IMAGE_HANDLER, 'link' => zen_href_link(FILENAME_IMAGE_HANDLER, '', 'NONSSL'));
But looking at the step 5 example I'm guessing that the important part is theQuote:
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$za_contents[] = array('text' => BOX_TOOLS_IMAGE_HANDLER, 'link' => zen_href_link(FILENAME_IMAGE_HANDLER, '', 'NONSSL'));
test within the foreach loop. Yes? Is this the new part to make AP work? Seems like it would be, but I didn't see such a test nor instructions to add it in the step-by-step.Quote:
if (page_allowed($value['page'])=='true')
I'm hoping not only to be corrected if I've missed something, but that by bringing it up here it might help clarify the process for others.
For reference, version ID's:
* @version $Id: product_music_extras_dhtml.php 3001 2006-02-09 21:45:06Z wilt $
* @version $Id: image_handler_tools_dhtml.php,v 1.1 2006/04/11 22:00:55 tim Exp $
For reference, example code from step 5 in step-by-step as I found it:
BTW, Kuroi, this looks to be a superb contribution. Kudos to you.Code:<?php
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$options = array( array('box' => BOX_TOOLS_IMAGE_HANDLER, 'page' => FILENAME_IMAGE_HANDLER)
);
foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true')
$za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>
Hi Chet
You're basically on the right lines, but I thinking you've had a slight glitch alone the way in step 2. To be specific, the product_music_extras_dhtml file that you are quoting from is the default Zen Cart one, not the one that should have replaced it in step 2, that's why it doesn't look like the one described by the updating box files guide.
The image_handler_tools.dhtml file is the one that you're editing and so won't resemble the end result until after your changes.
Many of the well-constructed mods put the files you need in the right hierarchy and you can just drag the top level into your site root directory for everything to be put into the right place. However, I suspect you may have dragged the files individually and my reference to:which is intended to encompassQuote:
admin\includes\boxes\*
should probably be a little more explicit to cope with this approach.Quote:
admin\includes\boxes\extra_boxes\product_music_extras_dhtml.php
Other than that, you're right, the important part is theand an array is a bit OTT for handling a single line, but it made the instructions more straightforward in an area that tends to cause some confusion.Quote:
if (page_allowed($value['page'])=='true')
P.S. The choice of Image Handler wasn't a co-incidence. Personally I believe that all Zen Cart users should install it by default, and I suspect that it is the most used add-in.
Yes, I wound up figuring out that I had not uploaded your version of product_music_extras_dhtml. The problem was that I thought I had.
I did understand the "admin\includes\boxes\*" as 'everything in the boxes dir'. What happened was that I was going to select all inc. extra_boxes/ but then thought 'well, maybe I should look in here first so I have an idea what if anything I might be clobbering. Unfortunately, I then forgot that I'd done that.
I've actually through a bit of a tale of woe... somewhat comic... but more on that later.
A the moment though, the one overwhelming question in my mind is... what does OTT mean!?
(Especially as I think I should be able to guess.)
Gotta say tho, this is looking really cool...
thx...
OTT = over the top = more than is necessary
So at this point I've gotten Image Handler & Admin Profiles working on my testing server, installed in that order. Would you suggest doing in the opposite order? If done that way, do you still need to do the updating box files hand edit. No big deal if so, just curious what you think.
thx!
PS, re 'OTT' on the array: hey, it makes sense to me!
Hey, Kuroi, at the risk of being somewhat off-topic, but I think conceptually related, I need to do an extremely simple interface for my "barely know what the web is" users for entering & editing product data -- showing them a bone simple step by step approach. The regular ZC is just way to intimidating for them. Have you seen or done anything like this? Any places to look you know of?
I've looked a bit at the underlying code of category.php & product.php files & it's a bit much. I can dig through extract what the little pieces bit by bit if I have to, but it looks like a real chore... especially as I'm under extreme time pressure (read: supposed to have it already done.)
thx!
This is where it gets a smidgen more complex. It doesn't really make any difference which way around you install them, as hopefully you will get to same setup either way.
Can you avoid hand coding the box files. Not at the moment. I had some thoughts about that. But to do the full job would mean venturing into the core code, which I really didn't want to do as it would have meant standing by ready to rework the code and/or deal with the user complaints each time Zen Cart had a new release. I also toyed with throwing away all the box files for a single menu or even a database table, so that users could simply the new values and not have to worry about the rest of the hand coding, but I felt that actually deleting files would be a step too far for most users.
The whole Admin function is due for rewrite for version 1.6 of Zen Cart, and it's my hope that the Dev Team will incorporate a proper user access control system at a core level at that time and render Admin Profiles redundant. In the meantime my roadmap for it has just one more functional release which would permit administrators to actually create and save named profiles such as administrator, sales clerk, site designer and then apply a saved profile to a new user.
Re; your extremely simple interface. No know of nothing like this. In fact it was the absence of this that led me to take a pre-eixting add-in called Admin Levels and re-cast it as Admin Profiles to try to achieve some simplification in the Admin level for a user that I too was afraid of overwhelming.
I have walked that client through the process of adding categories and products and she did better than I expected. Other developpers have reported that their clients do better with it than you might expect. But I really hope that it's signiuficantly improved in 1.6.
hi kuroi,
long time i am not spoken to you! ehm, i have a proposition for you...:laugh: is it possible that this current admin profiles mod can control the categories & sub-categories of the products?! :dontgetit it would be a great feature for AP...:yes:
Following from #36; Ultra simple interface:
Correct me if I'm wrong-- but the whole ZC override thing doesn't work in the admin area, true?
I just did a test w/ a my_custom1/index.php & it didn't seem to work.
Sorry TajulQuote:
Originally Posted by tajul_ashyqin
Admin Profiles currently sits mostly alongside Admin and restricts access to the php files that make up Admin. To do what you suggest would mean starting to go into those files and change them. As there is no override system yet for Admin, this would mean parts of the enlarged Admin Profiles would risk getting wiped out with every release (including bug fix releases) and may even need re-writing for some releases. So it would be a nigthmare for users and and even bigger one for me to support.
You're right. There is no override system for Admin at the moment. You have to overwrite the files that you change. That may change in version 1.6.Quote:
Originally Posted by gnotapipe
BTW. There are two different override systems elsewhere in ZC. Hierarchical for languages and modules, and parallel for templates. This causes mucho confusion until people get there heads around it. I've said more about it in my second post to this thread.
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
in:
[select admin_name from admin where admin_id = ]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields.
what about this prolem
when I try to change the interface of the language
Please could you provide the following information.Quote:
Originally Posted by tyw71
Which version of Admin Profiles are you using?
Which version of Zen Cart are you running?
Does your PHP environment have registers_global set on or off?
How have your tried to change your language interface and do you mean the interface in the shop or the one in the Admin area?
What had you done immediately prior to getting this messgae?
Quote:
Originally Posted by kuroi
I have used the lastest admin profiles
my zencart vestion is 1.3.1 and update to 1.3.2 now
registers_global set on
interface in the Admin area
now any
it work well when i selet tools- admin setting-edit permission
Register_global set to on can cause problems generally, but I don't think that it is the cause of this one.Quote:
Originally Posted by tyw71
Which language pack have you installed?
By "now any" do you mean that the problem occurs as soon as you enter the Admin area?
You say that "it works well when i selet tools- admin setting-edit permission". This is Admin Profiles. Are you saying that Admin Profiles works, but the rest of Admin doesn't?
In which order did you install the language pack and Admin Profiles and when did the problem first appear?
it works well, but when I click to other language, it shows the problem
I have a quick question about the Admin Profiles contrib.
I have a client that does corporate catalogs for multiple businesses, the type of thing where you get jackets, shirts, mugs, etc. with their logo on it. For simplicity I will call my client "Printer" and my client's clients "Clients". Printer would like me to setup the (web)site so that when Clients' employees wish to order something from their corporate catalog they can, then it generates an e-mail that requires an approval from somewhere within the Clients' business. Upon approval Printer will get the order and can begin the fulfillment. Printer owns the domain and catalog sites, and charges a monthly service fee for each Clients' own catalog.
For admin level I see myself (Contracted Webmaster) as the main full admin. Printer would be able maintain the catalog and pricing, and receive approved orders. If Printer needs it they should also be able to maintain the payment system for the orders, but at this time I don't know it payment will be made through the cart or invoiced separately. Client should be able to have regular users, and a person that can review and approve orders. The Client approval person should get notification of orders.
I will be setting this up with a single hosting location, each Client would have it's own Zencart installed in a separate folder with it's own subdomain. All the catalogs look the same save some branding for each Client, and each one would have it's own separate database.
So my question is, Is the Admin Profiles contrib what I am looking for to do this? How should I best set this up? If the Admin Profiles contrib is not what I am looking for (or only part of it,) could you please point me to something that will do what I need?
Thank you very much for your assistance.
Quick question. I installed this mod under 1.3.02 today, with Super Orders and with Image Handler 2. So far everything works except for one little issue.
If I go into the Coupon editor and click the 'Restrictions' button, none of my admins have permission. Even if they have every single item checked in the permissions dialog.
Any ideas?
Thanks!
tyw71
I have now reproduced your problem and I see what you mean. If you wish to change languages, I recommend leaving the Admin Profiles screen first. Changing language. Then returning.
Sadly though, it probably won't do you much good, as Admin Profiles is resolutely monolingual. I could allow the internationalisation of the header text and pick up other language alternatives for the configuration menu. However, the majority of the text on the page is derived from the names of the executable files that make up Admin, so to make it multilingual a large number of files and all calls to them would have to be re-named, and keep being re-named with each new release of Zen Cart.
As the the error message, I'm going to leave the bug in there. As changing language brings no benefits, taking away the error message would do no more than you could do by clicking on your broiwser's back button. Not a great solution I know, but happily it will only be an issue for a limited period of time.
This is because the Zen Cart Admin area is due for a re-write in release 1.6. Hopefully the Zen Cart team will be taking the need for a user access system into account - I will certainly be encouraging them to - and if it is done as part of core Zen Cart it will be much easier to deal with issues like the one that you have raised.
There's not much quick about this question :smile: but I'll try not to make the answer overly long.Quote:
Originally Posted by T313C0mun1s7
Your question breaks down into two parts. Can you restrict access to certain functions by user? and can you have orders placed in a pending state awaiting authorisation by an administrator (albeit one with limited access to the system)?
The answers in summary are yes and yes :thumbsup:
Once you have decided how payments will work, you will need to install an appropriate payment module on each Cart. This payment module will have a Set Order Status field which is the default order status when a purchase is made using that payment module, and one of the values is pending.
Admin Profiles will allow you to define users who only have access to certain menus and screens, such as those necessary to move an order from pending to the processing state. Presumably Printer's staff would move the status to shipped. I expect that these statii could be renamed fairly easily if needed.
The only bit I am not sure about is sending an email to the clients' authorisers when an order is placed. You may wish to post a separate question on this to attract the attention of somebody with more knowledge in this area that me. In the meantime my 2 cents worth is that there may not be email such as you want generated at the moment; but there is a confirmation sent to the user who placed the order. If all users where set up with the email of the person who needs to authorize the order, then they would receive the notification that you want. Alternatively, adding a bit of extra code to duplicate the confirmation email to a specified authorizers's address would not be too difficult.
Can you post the code from the following files: super_orders_customers_dhtml.php and super_orders_reports_dhtml.php. You'll find them in your admin/includes/boxes/extra_boxes folder.Quote:
Originally Posted by Shawn Parr
Sure can:
super_orders_reports_dhtml.php (modified version after installing your mod)
super_orders_customers_dhtml.php (modified version after installing your mod)Quote:
<?php
/**
Truncated for brevity
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$options = array( array('box' => BOX_REPORTS_SUPER_AWAIT_PAY_REPORTS, 'page' => FILENAME_SUPER_AWAIT_PAY_REPORT),
array('box' => BOX_REPORTS_SUPER_CASH_REPORT, 'page' => FILENAME_SUPER_CASH_REPORT)
);
foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true') $za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>
TIA!Quote:
<?php
/**
truncated
2006-04-17 by kuroi
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$options = array( array('box' => BOX_CUSTOMERS_SUPER_ORDERS, 'page' => FILENAME_SUPER_ORDERS),
array('box' => BOX_CUSTOMERS_SUPER_BATCH_STATUS, 'page' => FILENAME_SUPER_BATCH_STATUS),
array('box' => BOX_CUSTOMERS_SUPER_BATCH_FORMS, 'page' => FILENAME_SUPER_BATCH_FORMS)
);
foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true') $za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>
kuroi, thank you for your reply.
I was not even sure of that, so defining how it would break down was immensely helpful.Quote:
Originally Posted by kuroi
It seems that payment will not be handled by the carting system, and will be handled separately. They currently HATE their custom programmed cart, but it does not require any updating of status. I think all the status updates are going to require someone to log in and do so. I really hope this extra effort does not turn into a problem.Quote:
Originally Posted by kuroi
Thank you again. I will have to work on this one I guess, as without a notification the person doing the authorization does not know there is anything to authorize.Quote:
Originally Posted by kuroi
Thank you one again for your help.
Update: Okay, I just went back into the Admin Settings to enable a new mod I just installed and now coupon restrictions shows up in there under 3rd party. I swear it wasn't there before!:wacko:
All is good now though. Thanks for the help, and the great mod! :laugh:
Quote:
Originally Posted by Shawn Parr
:D
its okay, shawn! i'm also facing the same problem last time...
I believe you ShawnQuote:
Originally Posted by Shawn Parr
Let me explain what has happened. Admin Profiles on the edge of Admin quietly monitoring what is happening and acting, as any good security measure should, to prevent activity which it has not been told explicitly is permitted.
Most third party add-ins will add themselves to the Admin menu via the box files that you diligently edited. Files referenced by the modified box files are spotted by AP which then adds them to its database of stuff to ask you about when you set up or modify a user profile.
However, sometimes a whopping big add-in comes along that has been divided up into modules, not all of which need to appear on the Admin menu, as they are called from higher level modules that are. Super Orders adds 8 php files to the Admin directory, but only 5 to the Admin menus.
When the ones about which AP knows nothing are executed, it does its job, stamps its little foot and says "access denied" (rather loudly).
But it's quite a well brought up little mod so rather than taking its toys and sulking in the corner (as I probably would), it plays nicely and generously inserts the unknown function into its database anyway so that it can prompt you about it next time you're editing profiles. The credit for this is not mine, but rather belongs to AP's grandpappy - the chap who originally built Admin Levels which later spawned AP.
The point of all this, is to recommend that you make sure that you have exercised all Super Orders functionality, and then go back and double check the profiles for your Admins in case other functions have appeared.
All the best ...
Hi,
I am a housewife who would like to build a website with some friends for our own handmade works.
Is it possible to assign a user to only one certain category by a droping down menu? For example,i only allow user 1 to add/edit/delete all the products in category 1, then user 2 to add/edit/delete the products of cetagory 2.....So that different users can work in their own cetagory of products without interfering with each other.
In "edit permissions" there is only a checkbox for a whole categories. Is it possible to add a drop down menu with all the categories listing inside for the Administer to select from?
It will be very much aprreciated if someone could help. Thanks!!
My Zencart v1.3.0.2
Admin Profiles v1.0.3
i also like this feature but its impossible for this time being... see here: http://www.zen-cart.com/forum/showpo...4&postcount=39Quote:
Originally Posted by tartgc
I installed the contrib as per the instructions using the Admin Install SQL Patch tool to take care of the SQL bit. I am using the current version of ZenCart and the only other contrib I have installed is the Image Handler 2 contrib (so your instruction went very smoothly). I made sure that I (as the only admin) had the ID of 1, I put a check in the box for the Image Handler contrib and applied it. It showed up in the tools menu - great, so far so good.
Then the Sh1* hit the fan. I went to add a second admin. I clicked on insert and filled in the form - Username, E-mail, Password, and Admin Level 2. Upon hitting submit I got a white screen with the following text:
I think this is the standard deny page. I can get to the admin home page by manually putting the base URL in the address bar, but I am denied access to any other admin page. Also I have the first menu line with the time, date, Home --- Logout links, but not the second bar with the box menus. I can not even access any of the admin pages from history. Also according to browsing the DB tables in phpMyAdmin it looks like is successfully added the second admin user.Code:Sorry, your security clearance does not allow you to access this resource.
Please contact your site administrator if you believe this to be incorrect.
Sorry for any inconvenience.
Help I am so screwed right now and I am in a real time pinch. What the heck did I do and what can I do to fix it. This cart was almost done. I have it fully branded and I have been staying up nights to get it finished, I currently have over 40 hours into it in the last 3 days.
Any help is appreciated.
the admin level should be entered 1, not 2 but i think its not a big deal! try add the 3rd admin user and see what happen...Quote:
Originally Posted by T313C0mun1s7
Sure, and just how should I do this? I have no access to the admin now. :cry:Quote:
Originally Posted by tajul_ashyqin
OK, I have to have all 7 carts done and all products loaded before beginning of business Monday. So I guess I am going to have to hack at this myself rather than just wait around and see if anyone answers.
I re-uploaded all the files to the admin folder overwriting what is there. Upon logging in I have the menu boxes back, but it is partially broke. I am getting this:
Configuration | Catalog | Modules | Customers | Locations / Taxes | Localization | Reports|$options = array( array('box' => BOX_TOOLS_IMAGE_HANDLER, 'page' => FILENAME_IMAGE_HANDLER) ); Tools | Gift Certificate/Coupons |$options = array( array('box' => BOX_TOOLS_IMAGE_HANDLER, 'page' => FILENAME_IMAGE_HANDLER) ); Extras |
I was able to go into the permissions screen and my admin login had permission to everything except Image Handler (it was reset as I set the permission on it to earlier). I also changed the admin level for the second admin account to 1. All of the second admin account's permissions were off, so I turned some on.
Now I have to figure out why some of the menu items are showing code rather than menus.
UPDATE:
OK, So in looking carefully at the text I highlighted in red I saw it was referring to the Image Handler. I then thought "Hmm, that is the extra box file I edited" so I checked the file and found the text in red was outside the ending php tag. It was also in the same location, at the end of the file beyond the ending "?>" on the product_music_extras_dhtml file. I don't know how they got there, but I seem to be back in business.
I am just a little nervous about adding the other admin users now. However, I have a local copy of all files in the renamed admin folder, so I can do this again if I need to. I wish I knew what happened, and how that extra text got there.
typo i think... :D
Yea, except I just added another new admin user. As soon as I hit submit it DID IT AGAIN!!
I don't know what is going on, but re-uploading my entire admin folder, and resetting all the permissions for every admin user every time I add a new admin user is going to get old VERY FAST.
Any ideas on why this could be happening?
I just downloaded the contribution and installed it on a fresh v1.3.0.2 install to test it.
I started with one user, ID=1, admin-level=1.
Inserted a new user... filled in the name, email, level=1... clicked Save.
No error. New user shows up in list.
Click on the orange P to edit permissions... set them as desired.
Not sure how to help you further. :(
I am not sure what is broke either, but something is. I am working in a Linux environment on my workstation, but that should not make any difference. It does have one big issue though - gFTP SUCKS and in lieu of a good FTP Client I am using a Linux nightly build of FileZilla. It does not seem to want to remember that I said overwrite all and wants to confirm for every file. Thank goodness my host lets me have SSH access to a shell so I can "rm -R *" in my admin directory first and just do a fresh upload.Quote:
Originally Posted by DrByte
------- :down: ------- :down: -------
Uh, oh - It seems the upload did not fix it this time. I have no access to anything and I have no menus again. Clearing out the admin folder and uploading files that I know work, because they are the same ones I uploaded to fix it last time, is not giving me access now. I think I am going to cry. :censored:
Since you're reloading your admin files ... why not load them up without the Admin Profiles code installed.
Then create your new admin users.
Then install the Admin Profiles code and set the permissions on your users.
Actually, I just realized that you seem to have uploaded a version 1.0.4 and the one I have having issues with is version 1.0.3 uploaded by kuroi. I don't have the files without the Admin Profiles code with my style-sheet and logo, only the originals from the download. I also don't remember what customizations I did to the admin, but I am pretty sure it was only color changes (CSS) the top left logo, and powered by logo at the bottom of the page. So I think I will just dump the files in the admin folder and put the originals back, but what about the database? DUH! Never mind I was actually smart and I did a database backup right before I installed this mod. So can I just run a database restore from cPanel, or will new database tables and entries still be there if I do that? How do I go about getting my database clean again so I can reapply the new version of the mod?Quote:
Originally Posted by DrByte
The extra code outside the php tags = FTP problem - no question. I've seen that once before.
However the getting locked out has all the hallmarks of a bug in Zen Cart itself, specifically a tendancy to change admin user when register_globals is ON. This appears to cause the following behaviour: when a new user is created, the user ID of the current user is set to that of the new user. It's not a problem with Admin Profiles, does it rather highglight it.
If register_global is ON, can you set it to OFF? If not, I have a possible (untested) workaround.
On re-reading your posts, another very real possibility is that your copy of the admin/includes/init_includes/init_admin_auth.php file, which excludes some key admin pages from being blocked by Admin Profiles, may be somehow corrupted.
I am in the process of uploading the files for the admin folder now. As soon as it is done and I have access to the admin back-end again I will run the info.php tool that is built in. Normally I have that file (under some cryptic name) on my host anyhow, but I did not put it in this one because ZenCart has it built in. Then I can check the register_globals option.
As far as turning it off, I am not sure. I think I can override the php.ini file, will that do it? I will have to look at my host's help files to be sure how it is done, but I have seen mention of php.ini files with user setting in the host's support forums.
In a local environment changing the php.ini file works fine. In a hosted environment, I believe it depends upon how the host has set things up (cue: Dr Byte, who is rather more expert in this area than me).
php.ini or .htaccessQuote:
Originally Posted by kuroi
Documented here:
http://www.zen-cart.com/wiki/index.p...-_Installation
My host is running php as cgi under phpsuexec, so it would be php.ini. Also it seems I will be needing to add it to every folder, as it effects on a per folder basis. Also, I have yet to confirm (files are still uploading) but I do believe that my host does have register_globals on by default.Quote:
Originally Posted by DrByte
The files are uploaded, and I have manually copied my php.ini file to every folder in the admin tree. I hope this is enough, as I don't want to have to do it for every folder in the carting system, and I don't know how to recursivly copy a single file to every folder in a given directory tree. If you know of the bash command that would do this it would be awesome.
I am going to try the install of 1.0.4 now. I never did find out if I have to do anything about my database. I guess I will find out soon enough.
########################################___
What is this extras folder in 1.0.4? It was not there before and the instructions have not changed from 1.0.3
1.0.4 isn't much different from 1.0.3 and really isn't needed if you're not using the User Tracking module.
This post contains a fix you can do to work around Register Globals = ON as Kuroi had suggested might be a problem:
http://www.zen-cart.com/forum/showth...836#post241836
I deleted everything in my admin folder and replaced them with the files from the download archive of the cart. I reinstalled the Image Handler mod. I manually added the php.ini file to every single directory in the admin tree. I added the php.ini file to most of the main folders for the rest of the cart (i.e. the root folder, the includes folder and sub folders, html area folder and sub folders, and all 1 level deep folders of the root folder). I confirmed register_globals is OFF.
Then I reinstalled the Admin Profiles mod following all instructions. I refreshed the admin home by clicking on the Admin Home link and . . . I am right back where I started. I have no menus and no permission to any admin page beyond index.php. :no: Now What??
########################################____
Is there anything I can look for in the database with phpMyAdmin to help?
Did you re-run the "install_admin_profiles.sql" file via phpMyAdmin to reset all the admin permissions?
I note that you refreshed the admin page. Is it possible that you might still be in the same session with a wrong user ID being held as a sessional variable?
YesQuote:
Originally Posted by DrByte
Session?? Hmm . . . Let's try logging out, ok - then back in, and . . .Quote:
Originally Posted by kuroi
I have a menu!!! :yes:
OK I only need the three admins right now, but will need more later. Just for Sh172 an Grins I deletes the rows for admins 2 and 3 in phpMyAdmin from the admin table. Let me try to re-add one of them and see what it does.
##############################_
Ok the password didn't match and the validation caught it. Let's try again.
New user added!! :thumbsup:
Thank you -- Thank you -- Thank you.
I guess is was a combination of register_globals and having the same session.
You are both great, and you put up with me when I was frustrated and short tempered. I hold you both in high regards. Thank you for staying up with me tonight, now go to bed. I think I can get it from here - I think I will be calling in sick tomorrow also.
Once again thank you both.
Very glad to be able to help. Dr Byte can go to bed now. Happily I got up early enough to pitch in. Zen Cart is truly international! :thumbsup:
I'm thinking of doing the same... :PQuote:
Originally Posted by T313C0mun1s7
Hey, could I get a note from "The Dr."? :wink2:Quote:
Originally Posted by DrByte
he called in sick ... you'll have to wait until another appointment can be booked ... :PQuote:
Originally Posted by T313C0mun1s7
hi kuroi,
i am working on multilanguage site and how can Admin Profiles handle these thing?!:yes: i just noticed that when i try to select other language than English in the admin, the system will return to the security clearance message of AP. i tried ticking the respective boxes in the permission page but the system still used English as the language...
Sorry, but Admin Profiles doesn't support multi-lingual Admin areas. I speak several languages and so would love Admin Profiles to do the same, but there is a rather large technical impediment that prevents this. I explain it here.
ahh, i see! thanx for the explanation... :yes:
Hey all!
Anybody has any idea why my admin profiles stoped working? I use 1.3.0.1 and admin profiles worked great, but one day the icon in admin, where you set permissions was gone. Now i can't even add new admin with full settings, because when loged in i have no menus. But old admin users still work with permissions i set before admin profiles crashed.
Where to start my debugging?
Tnx
ps: I use xsell and book type addons
Step 1: is register_globals ON or OFF on your server? and has it changed recently?
Step 2: Has the orange icon disappeared from all users? Has the "edit permissions" button also disappeared?
I'm running 1.3.0.2. all is well except the menus and pages I want to disable still appear. If the user clicks on a particular item which I have "unchecked", they get the denied access page. However the links are still there.
I checked the db and the admin headings are correct in the sense that user id 2 does not have all the headings listed. But when user id 2 logs in, page loads, everything shows up.
I have another installation of the same version for another client and it seems to work flawlessly.
Any suggestions ?
The menu options are driven by the files in the /admin/includes/boxes files/folders. Perhaps these have been reverted back to old versions on your site somehow?
Dr., i checked, and you were correct... i overwrote the files and ta-da !
btw... do you ever sleep or NOT be on this site ?
Thanks again !
It's set to OFF with .htaccessQuote:
Originally Posted by kuroi
php_flag session.use_trans_sid off
php_flag register_globals off
Yes, all users are missing orange icon and button is gone too.Quote:
Originally Posted by kuroi
This is sounding as though your admin.php file may have somehow been overwritten. However I have checked the two add-ons that you metioned earlier and would not expect either to do this.Quote:
Originally Posted by teva
Could you check whether or not the results of the first two code patches that you did during Admin Profiles installation are still intact. Here's a reminder of them ...Quote:
In admin\admin.php find the line containing the constant ICON_RESET (line 203 in a clean install of ZC 1.3). Insert a new line immediately afterwards containing the following ...
<?php echo '<a href="' . zen_href_link(FILENAME_ADMIN_CONTROL, 'adminID=' . $admins->fields['admin_id']) . '">' . zen_image(DIR_WS_IMAGES . 'icon_permissions.gif', ICON_PERMISSIONS) . '</a>'; ?>
In admin\admin.php find the 2nd line containing the constant IMAGE_DELETE (line 427 in a clean install of ZC 1.3 with the above patch installed). Insert a new line immediately afterwards containing the following ...
<br /><a href="' . zen_href_link(FILENAME_ADMIN_CONTROL, 'adminID=' . $adminInfo->admin_id) . '">' . zen_image_button('button_edit_permissions.gif', IMAGE_PERMISSIONS) . '</a>
I did a fresh install of Zen Cart version 1.3.0.1. Then I upgraded to 1.3.0.2. Then I installed Admin Profiles.
Step 1: I don't think I am using a DB prefix
Step 2: copied all files over to server in proper places
Step 3: Ctrl-copied code so I wouldn't make a typo
Step 4: didn't do
Step 5: didn't do
Step 6: When I logged in, I got this message and no headers, so I couldn't go to Tools
1146 Table 'designit_zc2.admin_menu_headers' doesn't exist
in:
[select id from admin_menu_headers where header = 'Configuration']
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields.
I hope you can help me. I really want this to work.
Thanks so much.
I'm surprised that this hasn't been raised before. You still need to do step one to create the tables that Admin Profiles uses. You just don't need to edit the SQL first to add a DB prefix. However, the installation instructions could be a little more clear on this. I will make them so with the next update.Quote:
Originally Posted by cindyjw
Quote:
Originally Posted by kuroi
Since I am fairly new to this coding stuff, could you explain step one to me a little more. I don't know where to go to go or what to do exactly.
Thank you so much!
Quote:
Originally Posted by cindyjw
I got it fixed. My server host helped me. He imported the install_admin_profiles.sql file into my database. The problem is...I don't know how he did that. I should have asked him. Could you make that clear on your instructions for future users?
This mod is fabulous! Thank you so much. Is there a way to choose which is the opening default page when they log in?
Thanks again!