Why am I able to view Contact Us and not other links when Customer not Authorized?

Hello,

I currently have my website set in Admin>Customer Details
Customer Approval Status - Authorization Pending set to "1" must be authorize to browse.

What I noticed is that if the customer is not logged in, they can still click on the Contact Us link in the header and is able to see that page. But my other links which are ez pages cannot be viewed.

Is this because Contact us is a defined page? How can I make pages viewable even if they are not logged in and my website is configured to require authorization to browse?

Thanks.

In a stock Zencart installation, there is no 'Contact Us' link in the header, so the developers probably didn't anticipate users would have a link to that page in the header.

You could remove that link, or consider this: if I'm a customer and have trouble logging in, at least I'll be able to let you know if I can get to the Contact Us page.

Actually there are pages that were allowed with intent ...

You can see which ones in the:
/includes/init_includes/init_customer_auth.php

If you want no pages, then change the setting from relaxed to strict:

Code:

---

if (!defined('DOWN_FOR_MAINTENANCE_TYPE')) define('DOWN_FOR_MAINTENANCE_TYPE', 'relaxed');

---

Or you can adjust individual pages when set to relaxed:

Code:

---

  case ((DOWN_FOR_MAINTENANCE == 'true') && !in_array($_GET['main_page'], array(FILENAME_LOGOFF, FILENAME_PRIVACY, FILENAME_CONTACT_US, FILENAME_CONDITIONS, FILENAME_SHIPPING))):

---

Adjust these as needed ... or leave as they are ...

Hi Linda and Steve,

Thanks for the help. Steve you are right, I do want them to be able to view the Contact Us page. I also want to add more pages too but I'm not sure how to do that. I can't view any of the ez pages even when I link to them because of not being logged in. Linda is it possible to make custom pages that I can allow visitors to view even when I have those settings in my Admin and they are not logged in? How can I accomplish this? I just want to put a few links that have info on those pages.

Thanks.

If you look at the code that I posted, it indicates what pages can be seen when the Down for Maintenance is set ...

You can add additional pages to it ...

Hi Linda,

Thank you for your help. Since my site is NOT set to Down For Maintenance, I should not be modifying those cases that you mentioned correct? I was thinking that I have to modify this area:

Code:

---

case (in_array($_GET['main_page'], array(FILENAME_LOGOFF, FILENAME_PRIVACY, FILENAME_PASSWORD_FORGOTTEN, FILENAME_CONTACT_US, FILENAME_CONDITIONS, FILENAME_SHIPPING, FILENAME_UNSUBSCRIBE))):

---

Since that is the area that says "// on special pages, allow customers to access regardless of store mode or cust auth mode". This is exactly what I want. If this is the area that I need to modify, then what is the syntax to link to say FILENAME_SHIPPING? Becuase when I tried to link to that page, it doesn't work as in nothing happens when I click on the link.

Also the comment mentions "on special pages". So my question is what desinates a "special page"?

You will need to go through that file for the sections such as:

Code:

---

  case (in_array($_GET['main_page'], array(FILENAME_LOGOFF, FILENAME_PRIVACY, FILENAME_PASSWORD_FORGOTTEN, FILENAME_CONTACT_US, FILENAME_CONDITIONS, FILENAME_SHIPPING, FILENAME_UNSUBSCRIBE))):
    // on special pages, allow customers to access regardless of store mode or cust auth mode
  break;

---

Check the whole file based on your settings as to which areas of the code might need adjusting for your needs ...

Hi Linda,

So what is the syntax to say allow this page to be viewed? When I use this in my header. This is without changing anything in init_customer_auth.php.

Code:

---

<li><a href="<?php echo zen_href_link(FILENAME_CONTACT_US, '', '$request_type'); ?>" rel="nofollow">Contact</a></li>

---

and I click on the link, it works.

but using the exact code and just changing the contact us to conditions, that link doesn't work.

Code:

---

<li><a href="<?php echo zen_href_link(FILENAME_CONDITIONS, '', '$request_type'); ?>" rel="nofollow">Contact</a></li>

---

I think I know which area (case) I need to modify. But I'm not sure what the code is to say, allow these pages to be viewed.

Does this code

Code:

---

(in_array($_GET['main_page'], array(FILENAME_LOGOFF, FILENAME_PRIVACY, FILENAME_PASSWORD_FORGOTTEN, FILENAME_CONTACT_US, FILENAME_CONDITIONS, FILENAME_SHIPPING, FILENAME_UNSUBSCRIBE))):

---

mean that allow all those files to be viewable?

Sorry for asking so many questions, I'm trying my best to understand this section.

I must not be fully following what you are trying to do ...

The init_authorization controls what can be seen for the Authorized ...

What Customer Setting(s) are you using?

Currently, if using setting 1 on:

Quote:

---

Customer must be Authorized to shop
0= Not required
1= Must be Authorized to Browse
2= May browse but no prices unless Authorized
3= Customer May Browse and May see Prices but Must be Authorized to Buy

---

Then these are controlled in the section for:

Code:

---

  case (CUSTOMERS_APPROVAL_AUTHORIZATION == '1' and $_SESSION['customer_id'] == ''):
  /**
  * customer must be logged in to browse
  */
//  if (!in_array($_GET['main_page'], array(FILENAME_LOGIN, FILENAME_CREATE_ACCOUNT))) {
  if (!in_array($_GET['main_page'], array(FILENAME_LOGIN, FILENAME_LOGOFF, FILENAME_CREATE_ACCOUNT, FILENAME_PASSWORD_FORGOTTEN, FILENAME_CONTACT_US, FILENAME_PRIVACY))) {
    if (!isset($_GET['set_session_login'])) {
      $_GET['set_session_login'] = 'true';
      $_SESSION['navigation']->set_snapshot();
    }
    zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
  }
  break;

---

Hi Linda,

Yes those are the settings I have. There is actually 2 settings in detail:
1. Customer Shop Status is set to "1" - Must login to browse
2. Customer Approval Status is set to "1" - Must be Authorized to Browse.

So with these settings and customer is not logged in, what is the syntax and where do I put it to still allow them to view those (shipping, conditions, privacy) pages?