Results 1 to 9 of 9
  1. #1
    Join Date
    Jun 2018
    Posts
    11
    Plugin Contributions
    0

    Default Check for admin flag / admin session on custom page inside admin folder

    Greetings,

    I have made a php script that updates a certain product's description with preconfigured HTML code (products_description where product_id=XXX AND language_id=X) based on a form I fill which configures a few php variables within the very same HTML code and then puts it as as final products_description. I have put it into my admin folder in a subfolder. The problem is that anyone with direct link to it site.com/admin/script/index.php (for example) can access it. Which means he can directly edit the product without any admin access. This script does not have any relation to zencart, nor any includes from it, only a mysql query which updates a products description.

    What is the most basic, but secure way to require the same admin login/flag/session as admin panel requires for any other page within it? What do I need to include for example to check if admin flag "isset"? I do not want to control it with .htacess, because I am browsing from different computer and internet IPs.

    Thanks!

    Click image for larger version. 

Name:	ADMIN1.jpg 
Views:	6 
Size:	11.8 KB 
ID:	19059Click image for larger version. 

Name:	admin2.jpg 
Views:	4 
Size:	6.1 KB 
ID:	19060

  2. #2
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    7,164
    Plugin Contributions
    269

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Quote Originally Posted by honatto View Post
    This script does not have any relation to zencart, nor any includes from it, only a mysql query which updates a products description.
    Just use Zen Cart's built in production for admin pages. At the top of the file,

    <?php
    require 'includes/application_top.php';

    This will ensure you are logged in before any further processing can be done.
    That Software Guy. My Store: Zen Cart Modifications
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.

  3. #3
    Join Date
    Jun 2018
    Posts
    11
    Plugin Contributions
    0

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Quote Originally Posted by swguy View Post
    Just use Zen Cart's built in production for admin pages. At the top of the file,

    <?php
    require 'includes/application_top.php';

    This will ensure you are logged in before any further processing can be done.
    Yeah, I thought so, too. The problem is I kind of struggle with "Admin Page Registration" tool. I have my .php script with name "generator.php" in a folder inside /admin/ and a CSS file in the same folder as well. Where do I have to place the .php file now?

    I've created a corresponding language page name definition, for example "BOX_HEADING_THIRDPARTY" in both English and secondary language. I put the script "generator.php" in my admin folder. And filled the form as follows:
    Page Key - ThirdPartyModule
    Page Name - BOX_HEADING_THIRDPARTY
    Page Filename - generator.php / generator (neither works)
    Page Parameters - empty
    Menu - picked the desired menu and marked display

    And I get "The filename definition entered does not exist. Please check that it has been spelt correctly."
    I am doing something wrong. Mainly because all articles and topics regarding "Admin Page Registration" are related to plugins and not third-party pages / scripts.

  4. #4
    Join Date
    Jul 2012
    Posts
    15,096
    Plugin Contributions
    17

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Although, note that the path for that "require" would need to take into account the current location of the file in relation to the includes folder... or to move this "script" to the root of the admin folder...
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  5. #5
    Join Date
    Jun 2018
    Posts
    11
    Plugin Contributions
    0

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Quote Originally Posted by mc12345678 View Post
    Although, note that the path for that "require" would need to take into account the current location of the file in relation to the includes folder... or to move this "script" to the root of the admin folder...
    Thanks for the note, but I would not mess up that. That is common sense.

  6. #6
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    7,164
    Plugin Contributions
    269

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Quote Originally Posted by honatto View Post
    Yeah, I thought so, too. The problem is I kind of struggle with "Admin Page Registration" tool.
    As long as you always run as a superuser, you can skip this step and just type in the name of the script in your browser's address bar.
    That Software Guy. My Store: Zen Cart Modifications
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.

  7. #7
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    9,641
    Plugin Contributions
    73

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Quote Originally Posted by honatto View Post
    Yeah, I thought so, too. The problem is I kind of struggle with "Admin Page Registration" tool. I have my .php script with name "generator.php" in a folder inside /admin/ and a CSS file in the same folder as well. Where do I have to place the .php file now?

    I've created a corresponding language page name definition, for example "BOX_HEADING_THIRDPARTY" in both English and secondary language. I put the script "generator.php" in my admin folder. And filled the form as follows:
    Page Key - ThirdPartyModule
    Page Name - BOX_HEADING_THIRDPARTY
    Page Filename - generator.php / generator (neither works)
    Page Parameters - empty
    Menu - picked the desired menu and marked display

    And I get "The filename definition entered does not exist. Please check that it has been spelt correctly."
    I am doing something wrong. Mainly because all articles and topics regarding "Admin Page Registration" are related to plugins and not third-party pages / scripts.
    Assuming that the form is that displayed by the Admins::Admin Page Registration tool, you'll need to create a /includes/extra_datafiles/thirdpartymodule.php that contains two defines:
    PHP Code:
    define('BOX_HEADING_THIRDPARTY''The text to display on the menu');
    define('FILENAME_THIRDPARTY''generator'); 
    Then you'll enter FILENAME_THIRDPARTY for the Page Filename and choose the Menu on which the tool's sub-menu-item is to be displayed.

  8. #8
    Join Date
    Jun 2018
    Posts
    11
    Plugin Contributions
    0

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    Okay, I managed. Who would guess "Page Filename" would also be a language definition which was defined in main_dir/includes/filenames.php; And the definifition had to point to the file name without suffix. I didn't see that mentioned anywhere, but it worked. Now I am testing the 2nd part - admin login requirement;

  9. #9
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    7,164
    Plugin Contributions
    269

    Default Re: Check for admin flag / admin session on custom page inside admin folder

    This topic is dealt with in great detail in:
    https://docs.zen-cart.com/dev/code/creating_menu/
    That Software Guy. My Store: Zen Cart Modifications
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.

 

 

Similar Threads

  1. v139h confused about renamed admin folder and new admin files for upgrade
    By Pazaz in forum Upgrading to 1.5.x
    Replies: 8
    Last Post: 4 Jan 2015, 07:44 PM
  2. v139h check if admin logged (for ajax page)
    By sidvizioso in forum General Questions
    Replies: 3
    Last Post: 6 Mar 2012, 02:19 PM
  3. Check for Admin Login or Redirect to Admin page
    By barrow_matt in forum General Questions
    Replies: 0
    Last Post: 2 Jun 2010, 05:22 PM
  4. Replies: 3
    Last Post: 25 Jul 2007, 07:13 AM
  5. Changing 'admin' folder name for security/https admin
    By droptest in forum General Questions
    Replies: 0
    Last Post: 20 Jun 2007, 09:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR