Category Specific Access Restriction (CSAR) - [Support Thread]

[frank18]

Version 2.0 is now available from the plugins section.

Link: http://www.zen-cart.com/downloads.php?do=file&id=1234

Cheers / Frank

[storm007]

My question is in relation to Category Specific Restriction of Product Price Display V1. I did have this working about a month when testing the function. However, when i tried to apply the mod again it doesn't work. Do you have any ideas?
Any help would be very appreciated, I'm taring my hair out!!!

[clausont]

Hi Frank - we have a fairly new installation of ZC and are using CSAR as we have mostly restricted products but have some products available to the public. I have installed CSAR and merged it all manually. It seems to be working with the exception that I can (when testing) go to the product that is available to the public without logging in (this is the desired effect) and add it to the cart. When I go to checkout, it is still requiring me to log in before checking out. Also, when I go to Customers --> Customers, there is nothing showing "Privileges" on the main page nor when I go into the customer profile. I am sure it is just that I messed up somewhere and missed a file or something, but after carefully double checking that I moved all files to the correct places, I still don't find anything I missed.
I am using ZC 1.5.1 and CSAR v2
Any suggestions you can give would be great.
Thanks!

[joleady]

I have just installed csar v2.0 in 1.5.3. When I go to my site, it is redirecting "Home" to the login page so that whoever visits the site is forced to login. Is there a way to change this? I have Configuration > Customer Details > Customer Shop Status - View Shop and Prices set to 0.

[lavendersblue]

I have installed the CSAR plug in, however it is re-directing all customers going to my website to the log in page rather than those trying to access the category that I want to restrict. If I click on a category then I can see the products in that and only the product prices from the non-restricted categories are being shown, so that is working well. Can anyone tell me what changes I need to make to the code so that all customers see my home page unless they try to access the restricted category? My website address is; thecandleandcardco.com and the restricted category is 'wholesale'. Any help would be much appreciated as if I can get this problem sorted it will be brilliant, I have been wanting to do this for ages.

[chibipaw]

Sorry for resurrecting this very old post. I've been testing this version 2.12 of this mod on my 1.5.4 server.
Was this bug patched in the release package of v2.12?
Looks like I am able to circumvent this restriction by using Ajeh's method of using any non-restricted category + restricted product id in a url.
Here's what I've discovered:
If Im not logged in as a user, and try to directly access a restricted product. It'll throw a simple one line note of "OOPS - ILLEGAL ACCESS !".
However, if I am logged in as a valid user, but this user is NOT a privileged user, I was able to view and add the product to the user's shopping basket.

I've attempted to apply the hot fix codes in post #9 by replacing the first part of tpl_document_product_info_display.php. Didn't seem to change any of the behavior. But I figured it shouldn't be, since the post is very old, and looks like its for a versions before 2.0.

Lastly, products by Manufacturer doesn't seem to work at all. Which file controls this anyways? Im guessing it is the default_filter.php file.

Any help would appreciate it. I have a some what cult like following for my products, and my customers are extremely crafty in which I have people engineered bots for walking my catalog for scalping, but many users have actually been guessing incremental product numbers for finding newly created but hidden products. Which I really want to put an end to.

Any help is greatly appreciated.

Plugged the security hole.

File /includes/templates/MY_TEMPLATE/templates/tpl_product_info_display.php amended to this:

Code:

[ file header here]

<?php 
/** 
* CATEGORY_RESTRICTION - find corresponding master category for the current product 
 */ 
$products_id_to_block = $_GET['products_id']; 
global $db; 
$sql = "select master_categories_id from " . TABLE_PRODUCTS . " where products_id = :productID:"; 
$sql = $db->bindVars($sql, ':productID:', $products_id_to_block, 'integer'); 
$result = $db->Execute($sql); 
 
if ($result->RecordCount() > 0) { 
  echo '(used for testing purposes): Master Category ID = ' . $result->fields['master_categories_id']; 
} else { 
  echo 'Sorry, no record found for product number ' . $products_id_to_block; 
} 
 
if (!$_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($result->fields['master_categories_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) { 
 //echo ' - this product should be blocked !!'; 
 echo TEXT_ILLEGAL_ACCESS ; 
} else { // bof CATEGORY_RESTRICTION - OPEN ACCESS 

.... orginal body of the file

.... then at the bottom added after 
<!--bof Form close-->
 
<?php 
    } // eof CATEGORY_RESTRICTION - OPEN ACCESS 
?> 
</div>

Thanks again for pointing this out Ajeh!

[frank18]

.....
Here's what I've discovered:
If Im not logged in as a user, and try to directly access a restricted product. It'll throw a simple one line note of "OOPS - ILLEGAL ACCESS !".
However, if I am logged in as a valid user, but this user is NOT a privileged user, I was able to view and add the product to the user's shopping basket.

I've attempted to apply the hot fix codes in post #9 by replacing the first part of tpl_document_product_info_display.php. Didn't seem to change any of the behavior. But I figured it shouldn't be, since the post is very old, and looks like its for a versions before 2.0.

Lastly, products by Manufacturer doesn't seem to work at all. Which file controls this anyways? Im guessing it is the default_filter.php file. .....

Thank you for the heads up. I will have a look at this in the next couple of days. Just returned from a trip to Melbourne and have a pile of (paying) jobs to attend first.

Leave it with me

Cheers / Frank

[JimmyV]

Does this work with group pricing?

For example group a may access different categories than group b and so on.

I read thread but the only query in this regard was as u released v2.

[frank18]

Does this work with group pricing?

For example group a may access different categories than group b and so on.

I read thread but the only query in this regard was as u released v2.

CSAR was not designed for this. That said, there should be no reason why it can't be merged and made compatible with that feature.

You could test this on a local development site.

Cheers / Frank

[yaritai]

If you are using SitemapXML along with this mod CSAR you will recognize that the categories and products are uploaded to the sitemap. I figured this would be the best place to post it instead of the SitemapXML support thread.

In includes/modules/pages/sitemapxml/ folder this is where the instructions to make the urls. So you will have to modify 2 of those files.

In sitemapxml_categories, find this line:

PHP Code:

// EOF hideCategories 


below it, add these lines:

PHP Code:

// bof exlude CSAR from sitemap
$category_login_block_query = explode(',',CATEGORY_RESTRICTION_LOGIN_CATEGORY); // block restricted categories - don't show in sitemap
    foreach($category_login_block_query as $category_login_block) { 
        $from = '';
        $where .= " and c.categories_id != '$category_login_block' ";
    }
// bof exlude CSAR from sitemap 


In sitemapxml_products, find this line:

PHP Code:

// EOF hideCategories 


below it, add these lines:

PHP Code:

// bof exlude CSAR from sitemap
$category_login_block_query = explode(',',CATEGORY_RESTRICTION_LOGIN_CATEGORY); // block restricted products - don't show in sitemap
    foreach($category_login_block_query as $category_login_block) { 
        $from = '';
        $where .= " and p.master_categories_id != '$category_login_block' ";
    }
// bof exlude CSAR from sitemap 


This is basically the same logic that the CSAR uses on the index filter php file. So now when uploading sitemaps it will exclude those categories and the products within from being posted.