
Originally Posted by
chibipaw
......
Looks like I am able to circumvent this restriction by using Ajeh's method of using any non-restricted category + restricted product id in a url.
Here's what I've discovered:
If Im not logged in as a user, and try to directly access a restricted product. It'll throw a simple one line note of "OOPS - ILLEGAL ACCESS !".
However, if I am logged in as a valid user, but this user is NOT a privileged user, I was able to view and add the product to the user's shopping basket.
I've attempted to apply the hot fix codes in post #9 by replacing the first part of tpl_document_product_info_display.php. Didn't seem to change any of the behavior. But I figured it shouldn't be, since the post is very old, and looks like its for a versions before 2.0.
Yep, I could reproduce that.
Open the file /includes/templates/MY_TEMPLATE/templates/tpl_product_info_display.php, find
Code:
if (!$_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($result->fields['master_categories_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
// block access to this product
echo TEXT_ILLEGAL_ACCESS ;
removed the part in red, change to
Code:
if (!$_SESSION['customers_privileges'] > 0 && in_array($result->fields['master_categories_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
// block access to this product
echo TEXT_ILLEGAL_ACCESS ;
It is marked for the next updated version.

Originally Posted by
chibipaw
......
Lastly, products by Manufacturer doesn't seem to work at all. Which file controls this anyways? Im guessing it is the default_filter.php file.
Sorry, I can't reproduce this, you may want to check for merging errors. Products by manufacturer works fine in a few test sites and also on a live 1.5.5a store.