Admin demo in 1.3.0.x is it safe?

[Reesy]

Hi,
I read a post somewhere recently that Ajeh may have forgotten to add something to use this without having to trash the database over and over.
I was wondering is it currently safe to enable this or was I just imagining that post?

[Reesy]

Does anyone know if the admin demo is safe please?

[Kim]

I read a post somewhere recently that Ajeh may have forgotten to add something to use this without having to trash the database over and over.
I was wondering is it currently safe to enable this or was I just imagining that post?

Safe to put a Demonstration Admin available to the public?

[Reesy]

Yes, that is what im asking Kim.
I think the answer is no?

[DrByte]

The Admin "Demo" mode is not intended to put your site on display to unauthorized persons.

If you really want to do that, I suggest one of the admin profile or admin level contributions, at least until Zen Cart rewrites the admin system (a couple major releases away).

[Reesy]

Thanks for the advice, ill try that

[Ajeh]

Safe? I would not trust it myself as it is more or less a guide to making it safe based on your own needs ...

It has a lot of things covered to prevent the final execution of commands by a level 2 Admin ... but ... they are no all in there nor are the ones in there made to prevent everything destructive ...

It will give you an idea of how to use the demo feature ... but assume that anyone can destroy your site with access to the demo version ... it just helps deter the destruction from happening "as easily" ...

Example ... on the /admin/configuration.php there is a safety utilizing the level 2 block ...

Code:

      case 'save':
        // demo active test
        if (zen_admin_demo()) {
          $_GET['action']= '';
          $messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
          zen_redirect(zen_href_link(FILENAME_CONFIGURATION, 'gID=' . $_GET['gID'] . '&cID=' . $cID));
        }

Purpose of that is to intercept the Save in the configuration settings ... and not let them really happen but allow people to peek around as fully as possible ...

[Reesy]

Thanks for the reply Linda.
I was interested because I wanted to give access to people so they could see some Admin contribs I have ported.

I guess screenshots will have to surfice for now.