Encrypted Master Password support

[carlwhat]

lat9,
i want to further state how great i think this add-on is. i'm rolling it out to a couple of customers soon and i'm sure i will get more feedback. i wanted to document a couple of small changes that i made to make this add-on a little easier for someone to use.

as the basis for the admin to login is the email address in YOUR_ADMIN/customers, i added the following line right after one of your comments:

PHP Code:

 //-eof-a-EMP login link *** 1 of 1 ***
        $contents[] = array('text' => '<br />Customers Email Address: ' . $cInfo->customers_email_address); 


its just easier to have the customers email address right there.

in the same vein, i changed one line to automatically fill in the email address when selecting to place an order (almost makes the previous code irrelevant). the code is in includes/templates/YOUR_TEMPLATE/templates/tpl_login_default:

PHP Code:

//original
   <?php echo zen_draw_input_field('email_address', '', 'size="30" id="login-email-address"'); ?>
// new line
   <?php echo zen_draw_input_field('email_address', (($_POST['email_address'] !== null) ? $_POST['email_address']: ''), 'size="30" id="login-email-address"'); ?>

finally as i think the admin would like to see who they might be logged in as, i modified my templates header to include this information. where someone might want to put this bit in their template is up to them, but again i think it's just something that makes life easier for the admin entering the order (or whatever they might be doing on the customer account):

PHP Code:

<?php if (($_SESSION['customer_id']) && ($_SESSION['emp_admin_login'] == true)) { ?>
    <li><a href="<?php echo zen_href_link(index, '', 'NONSSL'); ?>">Logged in as <? echo $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] ?></a></li>
<?php } else { ?>
    <li><a href="<?php echo zen_href_link(index, '', 'NONSSL'); ?>"><?php echo 'Home'; ?></a></li>
<?php } ?>

if these ideas were already documented somewhere, and i missed them, i apologize for being redundant!

best.

[lat9]

@carlwhat, thanks for the suggestions; I'll take the complement on behalf of all the authors!

I've opened a change-request on the EMP GitHub repository (https://github.com/lat9/encrypted_ma...word/issues/12) to track your suggestions.

Note that the second one should be redundant; the built-in Zen Cart handling performed by zen_draw_input_field automatically populates the field value if either a $_POST or $_GET variable with the field's name is present.

[hubert]

Hello,

This module is great but I would like to modify its behavior so that it bypasses the login page, i.e. clicking on Place Order directly gets you on the home page (in a new tab) as the customer with no admin password to type.

Lat9 told me that this was its first behavior and that it has been changed for security reasons. I understand but as I'm planning on doing this on a local machine, the risks are far less to be hacked.

Lat9 suggested me to compare the files with the former version, which I did with the 1.6 but it doesn't work so I'm quite sure it's not the right version to look at. As there's a tenth of versions, if someone is kind enough to direct me to the right one the would very kind.

Last, that is on ZC154 with EMP 2.1

Thanks for your help

Hubert

[lat9]

@hubert, the change requires some code-merging since EMP v1.6.0 uses an older Zen Cart version as its code-base.

First, remove all remnants of EMP v2.1.0 from your store. The changes vary significantly from v1.6.0 to v2.1.0 of this plugin.

Now, using the EMP v1.6.0 zip-file:

1. Merge the single block of code that adds the "Place Order" button into /YOUR_ADMIN/customers.php.
2. Merge the single block of code within /includes/modules/pages/login/header_php.php. This isn't going to be pretty, since the login code changed significantly from Zen Cart v1.5.1 (which is the code-base used by the plugin) to v1.5.4 (which your store is using). You'll need to review the code structure in the two versions of the module to determine where to place the EMP-specific code.
3. Once the merges are complete, the remaining code (all EMP-specific) can simply be copied to your store's file system.

[hubert]

@hubert, the change requires some code-merging since EMP v1.6.0 uses an older Zen Cart version as its code-base.

First, remove all remnants of EMP v2.1.0 from your store. The changes vary significantly from v1.6.0 to v2.1.0 of this plugin.

Now, using the EMP v1.6.0 zip-file:

1. Merge the single block of code that adds the "Place Order" button into /YOUR_ADMIN/customers.php.
2. Merge the single block of code within /includes/modules/pages/login/header_php.php. This isn't going to be pretty, since the login code changed significantly from Zen Cart v1.5.1 (which is the code-base used by the plugin) to v1.5.4 (which your store is using). You'll need to review the code structure in the two versions of the module to determine where to place the EMP-specific code.
3. Once the merges are complete, the remaining code (all EMP-specific) can simply be copied to your store's file system.

1 is done
2- In /includes/modules/pages/login/header_php.php there is not only one modification but several, some by you lat9 and some by stagebrace. Even if I downloaded the 1.6 version the comment says

//-bof-Encrypted Master Password by stagebrace *** 1/1
//- Start modifications by lat9:
//-bof-a-v1.7.0

and that is the only the fist one. So I added all of them as it seems to me its the code I'm looking for to get the automatic login.

3- I understood that I had to add the remaining files and modifications from 2.1. What I did.

Now when I click the Place Order button it gets me to a login page saying Whoops your session has expired.

Sorry. I'm stuck. I need a bit more help.

[lat9]

@hubert, for step#3 you should be using the files from the 1.6.0 version, not v2.1.0.

[hubert]

@hubert, for step#3 you should be using the files from the 1.6.0 version, not v2.1.0.

OK, OK, I just understood, so it was just "install 1.6 instead of 2.1". LOL

Thanks a lot for your patience.

It works, it's great. I just noticed something.
Choose customer X, click Place Order, you get a new tab acting as X.
Don't close your tab, just go back to the customer list tab.
Choose customer Y, click Place Order, you get a new tab acting as X.

If you do not logout X I can't act as Y.
Just curiosity, would it be possible to have a customer by tab, acting as X in a tab and at the same time as Y in another tab ?

[hubert]

Next step...

As I'm planning to give a restricted access to the one who is going to take orders on the phone using EMP... I just noticed that I have no way to give access to the Place Order button in an Admin Profile.

I've setup a "Cashier" admin account, given access to the customers page, but when I log as the Cashier the Place Order button disappears...

How can I add the option in the admin profiles settings ?

[hubert]

Following...

I've dug a bit : admin profiles gives access to admin pages, since EMP has not its own page (its settings are in Configuration->My Store), seems impossible to give access to EMP.
More, even if you/we move the EMP settings to a separate page, that would makes us give access to this settings page which is not what I'm looking for.

There must be a trick, but the problem seems to me to give access to customer side page from a admin profile system which is built only to give access to admin side pages.

The thing I don't understand is how the profile system can sort out a button in a page...

[hubert]

Here is the trick which is not really one, I was looking too far :
in /admin/customers.php

around line 1212

Code:

if (!$emp_result->EOF && ($_SESSION['admin_id'] == EMP_LOGIN_ADMIN_ID || $emp_result->fields['admin_profile'] == EMP_LOGIN_ADMIN_PROFILE_ID) ) {  /*v1.7.0c*/

should be

Code:

if (!$emp_result->EOF && ( $_SESSION['admin_id'] == EMP_LOGIN_ADMIN_ID || in_array ($emp_result->fields['admin_profile'], explode (',', EMP_LOGIN_ADMIN_PROFILE_ID)) )) {

And now my cashier has the button and everything is fine.