individual authorization to buy - how do I stop dangerous customers?

[100asa]

In customer info, in admin section, I see:
Customers Authorization Status-->with 4 options
with first option all work well, instead with the other options customer however browse and buy.
How can I solve to stop only certain customer to buy?
Thank's

[100asa]

SOLVE
in includes-->modules-->pages-->login-->header_php.php I've change with 1.3.8 file, and now work well!

[100asa]

NOT SOLVE
I've changed only this file, but now all customers are blocked!
What's files must changed to work well customers authorization?

[100asa]

It's simply: I would to have normal shopping, with price and navigation for all customers; instead I would to have pending authorization for only those customers to have level 2,3,4 in their account.
Now I've this setting on admin-->configuration:
my shop status=0
info customers: shop status=0
pending auth=0
if I change info customers or pendig to other value, no prices are visibile on shop.
Please, can I have help from you? Can i stop some dangerous customers?

[Ajeh]

I am not fully understanding what it is you want ...

You can have several setups:

1 customers come to the site and shop as a guest or when logged in
Customers can see the whole site with prices, whether or not they are logged in to the shop

2 customers come to the site and must login to shop:
A Can see the site with prices
B Can see the site without prices
C Cannot see anything until logged in

3 customers come to the site and must login to shop, and they need to be approved
A Customers can see the site with prices
B Customers can see the site without prices
C Cannot see anything until logged in
D Cannot see anything until approved

Can you give a bit more detail on exactly what it is you want?

Also, what version of Zen Cart are you running right now?

Clean install or an upgrade?

[100asa]

I'm running 1.5 version with some contribution, on apache server.
Now I've this settings:
configuration-->customer info: status shop=0
pending auth=0
so gust can see the site with price and when logged in can buy
Then, in customer sheet, however I setup "Customers Authorization Status", customer can browse and buy.
I hope I'm clear

[Ajeh]

On the Customer Details you have 2 settings that affect this:

Customer Shop Status - View Shop and Prices
Customer must be approved to shop
0= Not required
1= Must login to browse
2= May browse but no prices unless logged in
3= Showroom Only

It is recommended that Option 2 be used for the purposes of Spiders if you wish customers to login to see prices.

Customer Approval Status - Authorization Pending
Customer must be Authorized to shop
0= Not required
1= Must be Authorized to Browse
2= May browse but no prices unless Authorized
3= Customer May Browse and May see Prices but Must be Authorized to Buy

It is recommended that Option 2 or 3 be used for the purposes of Spiders

NOTE: when testing be sure to start with a fresh browser session as the settings are managed based on these settings when the customer hits the site the first time ...

I am not sure what version Zen Cart you have as we do not have a v1.5 ...

[100asa]

Sorry: 1.3.5
for both setting, I've 0 because I want all guest see the site with prices, and when logged in can buy. But I want stop only certain customers.

[Ajeh]

v1.3.5 is a very old and buggy version, you should really look into upgrade ...

That said, you have some customers you want to "stop" ...

What determines the "why" you want to stop them and the "how" you want to identify them?

If I want to stop you from seeing my site, I have to know it is you ... to do this, you have to login so I can say, no way jose ...

Or, I prevent all from buying and seeing prices until they are logged in and that forces them to login to see the prices and buy and if I don't have you approved then you cannot buy ... or get stuck out in never never land ...

You need to break down more what it is you are trying to stop here or not let the customer do and think of it in steps ...

I am a stranger, I come to your site, what can I see/do ...

I am a stranger, I come to your site, I create an account, what can I see/do ...


Now look at what happens once the account is created and I am logged in ...

I login to the site, what can I see/do ... is there another step to approve me? Or do you want to just disapprove ...

If you want to disapprove, then you have to stop me until you know who I am by making me login so you can identify me ...

If you want to stop me from everything because you are trying to block me from your site that is a totally different thing ...

So, how are you determining "certain customers" and what do you want to do to stop them and identify them?

Right now, I can just not login and as a guest I can see the site with prices and buy when logged in ...

If you want to then use the Authorization to prevent buying at this point, you need to decide how do you want approval to happen ...

These two setting can be used in combination, however, there are issues with the older versions and a lot of work to fix that without an upgrade, not to mention that there are a bazzilion bugs in your v1.3.5 version ...

[100asa]

I've solved:
in includes-->modules-->pages-->login-->header_php.php

PHP Code:

<?php

/**

 * Login Page

 *

 * @package page

 * @copyright Copyright 2003-2006 Zen Cart Development Team

 * @copyright Portions Copyright 2003 osCommerce

 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0

 * @version $Id: header_php.php 3777 2006-06-15 07:03:03Z drbyte $

 */



// This should be first line of the script:

$zco_notifier->notify('NOTIFY_HEADER_START_LOGIN');



// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started)

if ($session_started == false) {

  zen_redirect(zen_href_link(FILENAME_COOKIE_USAGE));

}



// if the customer is logged in already, redirect them to the My account page

  if (isset($_SESSION['customer_id']) and $_SESSION['customer_id'] != '') {

    zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));

  }



require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php'));

include(DIR_WS_MODULES . zen_get_module_directory(FILENAME_CREATE_ACCOUNT));



$error = false;

if (isset($_GET['action']) && ($_GET['action'] == 'process')) {

  $email_address = zen_db_prepare_input($_POST['email_address']);

  $password = zen_db_prepare_input($_POST['password']);



  /* Privacy-policy-read does not need to be checked during "login"

  if (DISPLAY_PRIVACY_CONDITIONS == 'true') {

  if (!isset($_POST['privacy_conditions']) || ($_POST['privacy_conditions'] != '1')) {

  $error = true;

  $messageStack->add('create_account', ERROR_PRIVACY_STATEMENT_NOT_ACCEPTED, 'error');

  }

  }

  */





  // Check if email exists

  $check_customer_query = "SELECT customers_id, customers_firstname, customers_password,

                                    customers_email_address, customers_default_address_id,

                                    customers_authorization, customers_referral

                           FROM " . TABLE_CUSTOMERS . "

                           WHERE customers_email_address = :email";



  $check_customer_query  =$db->bindVars($check_customer_query, ':email', $email_address, 'string');

  $check_customer = $db->Execute($check_customer_query);

/*

  if (!$check_customer->RecordCount()) {

    $error = true;

  } else {

    // Check that password is good
*/

  if (!$check_customer->RecordCount()) {

      $error = true;

      $messageStack->add('login', TEXT_LOGIN_ERROR);

    } elseif ($check_customer->fields['customers_authorization'] == '3') {

      // this account is banned

      $zco_notifier->notify('NOTIFY_LOGIN_BANNED');

      $messageStack->add('login', TEXT_LOGIN_BANNED);

    } else {

      // Check that password is good


    if (!zen_validate_password($password, $check_customer->fields['customers_password'])) {

      $error = true;

    } else {

      if (SESSION_RECREATE == 'True') {

        zen_session_recreate();

      }



      $check_country_query = "SELECT entry_country_id, entry_zone_id

                              FROM " . TABLE_ADDRESS_BOOK . "

                              WHERE customers_id = :customersID

                              AND address_book_id = :adressBookID";



      $check_country_query = $db->bindVars($check_country_query, ':customersID', $check_customer->fields['customers_id'], 'integer');

      $check_country_query = $db->bindVars($check_country_query, ':adressBookID', $check_customer->fields['customers_default_address_id'], 'integer');

      $check_country = $db->Execute($check_country_query);



      $_SESSION['customer_id'] = $check_customer->fields['customers_id'];

      $_SESSION['customer_default_address_id'] = $check_customer->fields['customers_default_address_id'];

      $_SESSION['customers_authorization'] = $check_customer->fields['customers_authorization'];

      $_SESSION['customer_first_name'] = $check_customer->fields['customers_firstname'];

      $_SESSION['customer_country_id'] = $check_country->fields['entry_country_id'];

      $_SESSION['customer_zone_id'] = $check_country->fields['entry_zone_id'];



      $sql = "UPDATE " . TABLE_CUSTOMERS_INFO . "

              SET customers_info_date_of_last_logon = now(),

                  customers_info_number_of_logons = customers_info_number_of_logons+1

              WHERE customers_info_id = :customersID";



      $sql = $db->bindVars($sql, ':customersID',  $_SESSION['customer_id'], 'integer');

      $db->Execute($sql);

      $zco_notifier->notify('NOTIFY_LOGIN_SUCCESS');



      // restore cart contents

      $_SESSION['cart']->restore_contents();

      /*

      if ($_SESSION['cart']->count_contents() > 0) {

      zen_redirect(zen_href_link(FILENAME_CHECKOUT_SHIPPING));

      }

      */

      if (sizeof($_SESSION['navigation']->snapshot) > 0) {

        //    $back = sizeof($_SESSION['navigation']->path)-2;

        //if (isset($_SESSION['navigation']->path[$back]['page'])) {

        //    if (sizeof($_SESSION['navigation']->path)-2 > 0) {

        $origin_href = zen_href_link($_SESSION['navigation']->snapshot['page'], zen_array_to_string($_SESSION['navigation']->snapshot['get'], array(zen_session_name())), $_SESSION['navigation']->snapshot['mode']);

        //            $origin_href = zen_back_link_only(true);

        $_SESSION['navigation']->clear_snapshot();

        zen_redirect($origin_href);

      } else {

        zen_redirect(zen_href_link(FILENAME_DEFAULT));

      }

    }

  }

}



if ($error == true) {

  $messageStack->add('login', TEXT_LOGIN_ERROR);

  $zco_notifier->notify('NOTIFY_LOGIN_FAILURE');

}



$breadcrumb->add(NAVBAR_TITLE);





// This should be last line of the script:

$zco_notifier->notify('NOTIFY_HEADER_END_LOGIN');

?>

Now all guest can browse and see the prices; when they logged in can buy.
If this customer can made "trouble" or problems, the admin change his account to 3rd position and he can't log in.
This work on 1.3.5 version
That's all