Totally Zenned
- Join Date:
- Apr 2006
- Posts:
- 10,475
- Plugin Contributions:
- 9
Totally Zenned
Totally Zenned
duncanad:
I am still working with Admin Profiles v1.0 - only discovered last night that this has moved on to 1.0.3 and haven't upgraded yet. Before I do I would like to get to the bottom of a little problem I have. Actually it's not really a problem but the engineer in me doesn't just want it to work - it should work right!
I have added a new Product Type in Admin. I have done this by copying the product_general files as appropriate and renaming them product_property. The list of files is quite long but they include:
admin/product ---> admin/product_property
admin/includes/modules/product/collect_info.php ---> admin/includes/modules/product_property/collect_info.php
admin/includes/modules/product/preview_info.php ---> admin/includes/modules/product_property/preview_info.php
etc.
The following code is included in all the appropriate files
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
I also added the new product_property type to the product_types table in the database.
In Admin Catalog>Categories/Products when I tried to add a new product of the product_property type by choosing this from the product type drop down list I was re-directed to denied.php
I fixed this by inserting '2' into the 'header' field of the admin_files table for the product_property entry which had been added automatically.
In Admin Settings I then found a 'product property' tick box under the 'Catalog Menu' header. A tick in this box and everything worked fine.
My problem is that there are no tick boxes for any of the other product types e.g. product_music. Nor should there be since choosing the product type is just part of the process of setting up a new product, access to which is controlled by the 'Categories' tick box. So why, when I have added a new product type, does this just not work without an additional tick box being required for this product type and no other?
Not a big problem but, as I said, the engineer in me doesn't like it. Any ideas?
Zen Follower
New Zenner
New Zenner
New Zenner
Totally Zenned
cbrantly:
I found the MySQL import tool in the Zen Cart Admin page. After upgrading my cart to 1.3.0.1 it appears to be working!
Totally Zenned
New Zenner
Totally Zenned
Yes that would be a bit worrying. What happens when you go back and look at the Admin Profile for that user, does it come up showing your restrictions? It's very unlikely that this will be the case, as a new user starts with no permissions, you have to deliberately add them in.ddeschn:
Hi Kuroi,
Great contribution to ZenCart - it is going to come in handy.
Here's my problem: I have installed the module as per your instructions and set up a user profile with access to one area of my site. When I log in with that profile username and password I still have full access to everything (where I should only have one menu option).
Thoughts?
-Donovan
duncanad:
With register globals on the Admin identity changes when a new admin is created or an existing admin is deleted. This is not an Admin Profiles problem either. It happens on a virgin install of ZenCart without Admin Profiles installed. Admin Profiles just makes the problem very noticeable.
Setting register globals off solves the problem.
If you don't have access to your server's configuration files just add a .htaccess file to the root directory of your ZenCart with the following line of code:
php_value register_globals 0
Actually you should do this anyway since it makes your Zencart more secure. I always do this for live sites but didn't bother in this instance since I was 'only' testing. Wish I had now!
Hope this helps others from suffering the same grief.
Knowing whether this does reveal a shift in your user identity would be useful to me for supporting Admin Profiles. If it doesn't, we'll have to try to think of some other possible causes.kuroi:
Your suggestion that it would be helpful to show the identity of the currently logged in user is a good one, but not strictly about Admin Profiles. However, as it is clearly relevant to users of AP, what the hell, let's take a look.
When a user logs in a session variable is created containing his or her admin_ID. When they logoff, this variable is unset. So the easy and correct way to do what you ask, would be simply to create and unset a session variable containing the user's admin_name. Then we could simply display it anywhere we wanted. Yes. NOOOOO.
Unfortunately, due to the admin_ID registers_global BUG identified by Duncanad, this approach would show who logged on, but not who Admin thinks the current user is, due to its tendancy under some circumstances to just change user. Ouch.
A solution that showed who it actually thought the current user was would therefore highlight this unfortunate tendancy ... Let's do it anyway.
Go to the bottom of admin/includes/headers.php. Find the line that reads
<td class="headerBarContent" align="center"><b><?php echo date("r", time()) . 'GMT' . '[' . $_SERVER['REMOTE_ADDR'] . ' ]'; ?></b></td>
change "center" to "left" then insert the following line immediately afterwards
<td class="headerBarContent" align="center"><b><?php $result=$db->Execute("select admin_name from ".TABLE_ADMIN." where admin_id=".$_SESSION['admin_id']); echo $result->fields['admin_name']; ?></b></td>
Upload the file to your server and enjoy.
New Zenner
New Zenner
New Zenner
Totally Zenned
New Zenner
Totally Zenned
New Zenner
New Zenner
Totally Zenned
New Zenner
Destination thread ID and reason are required when shown.
Tell staff why this post should be reviewed.
Required for login, security, and core site functionality.
Help us understand how the site is used so we can improve it.
Used for promotion and personalized campaign measurement.