Admin Profiles (for v1.3.x only!) Support Thread

[thomasharding]

The recently-released Admin security patch adds a security token to most forms that update the database. More security is a good thing. However in this case the new security token prevents current versions of Admin Profiles from updating admin user profiles.

Attached is a patch that makes Admin Profiles files compatible with the Zen Cart patch. Simply replace your admin/admin_control.php file with the one in the zip archive below. The Admin Profiles patch will work whether or not you have the Zen Cart security patch installed, and so is recommended.

Attachment 5960

A full updated version of Admin Profiles will be submitted to the downloads area for approval within the next few minutes.

Thanks for this, you saved my bacon! We had the security issue on one of our most important client sites.

SO glad it's fixed.

Actually... 3rd Party Mods - they won't save any changes made to them. I click 'Save' and it stays on the page as expected, but it doesn't remember that the box is ticked.

Has that issue alread

[SirBuck]

I just realized something..
On the admin login page, access is denied to the "resend password" page. You get this message:

Sorry, your security clearance does not allow you to access this resource...

I didn't see this listed in the thread but I could have missed it. Any suggestions on how to correct?

thanks

[chelgeson]

Kuroi,

Thank you for the response! I know this was covered for the admin profiles...and I read through that. But I couldnt find anything on the user restrict addition so thank you for clarifying both for me.

Cody

[kuroi]

I just realized something..
On the admin login page, access is denied to the "resend password" page. You get this message:

Sorry, your security clearance does not allow you to access this resource...

I didn't see this listed in the thread but I could have missed it. Any suggestions on how to correct?

thanks

Which version of Zen Cart? Which version of Admin Profiles?

[kuroi]

Kuroi,

Thank you for the response! I know this was covered for the admin profiles...and I read through that. But I couldnt find anything on the user restrict addition so thank you for clarifying both for me.

Cody

You're welcome. I think it was worth bringing the relevant comments for both together into a single post for a complete answer, even if it's not the one people are hoping for.

[Vortex12]

Doesn't sound like an Admin Profiles issue, more likely there was a problem installing the Zen Cart security patch and your admin/includes/functions/html_output.php file didn't get over-written with the patched version.

WoW, Thank you very much your a genius, sorry for my late reply. I downloaded the security patch again and uploaded it , walla, that was all it was that fixed my problem with not bieng able to save my admin settings which stuffed around all my other options i was trying to work with.

Thank you heaps for your time and knowledge, great work
double
bigups:

[Muzz]

Hi,

I have installed the admin Module..

I am editing the box files as suggested in the instructions so 3rd party mods can work in the admin.

I was wondering about one file though: linkpoint_api_payment_module

Here is the box file edit I have edited so far:

<?php
/**
* @package admin
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: product_music_extras_dhtml.php - amendment for Admin Profiles 2006-04-17 by kuroi
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}

$options = array( array('box' => BOX_CATALOG_AJAX_IMAGE_SWAPPER, 'page' => FILENAME_AJAX_IMAGE_SWAPPER),
array('box' => BOX_TOOLS_IMAGE_HANDLER, 'page' => FILENAME_IMAGE_HANDLER),
array('box' => BOX_CATALOG_PRODUCTS_WITH_ATTRIBUTES_STOCK, 'page' => FILENAME_PRODUCTS_WITH_ATTRIBUTES_STOCK),
array('box' => BOX_CUSTOMERS_SUBSCRIPTION_MANAGER, 'page' => FILENAME_SUBSCRIPTION_MANAGER),
array('box' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'page' => FILENAME_LINKPOINT_REVIEW)
);

foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true') $za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>


My concern is with this: array('box' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'page' => FILENAME_LINKPOINT_REVIEW

In the original file there is an If statement as I don't know if this is required or not or where to add it if it is:

?>
<?php
if (defined('MODULE_PAYMENT_LINKPOINT_API_STATUS') && MODULE_PAYMENT_LINKPOINT_API_STATUS == 'True')
$za_contents[] = array('text' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'link' => zen_href_link(FILENAME_LINKPOINT_REVIEW, '', 'NONSSL'));
?>

Any help is appreciated.

[Muzz]

After re-reading I realised these should all be in separate files not the one.

I;m still not certain how to add if statement though:

if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}

$options = array( array('box' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'page' => FILENAME_LINKPOINT_REVIEW)
);

foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true') $za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>


THIS is what original file is:

<?php
if (defined('MODULE_PAYMENT_LINKPOINT_API_STATUS') && MODULE_PAYMENT_LINKPOINT_API_STATUS == 'True')
$za_contents[] = array('text' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'link' => zen_href_link(FILENAME_LINKPOINT_REVIEW, '', 'NONSSL'));
?>

[kuroi]

After re-reading I realised these should all be in separate files not the one.

I;m still not certain how to add if statement though:

if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}

$options = array( array('box' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'page' => FILENAME_LINKPOINT_REVIEW)
);

foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true') $za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>


THIS is what original file is:

<?php
if (defined('MODULE_PAYMENT_LINKPOINT_API_STATUS') && MODULE_PAYMENT_LINKPOINT_API_STATUS == 'True')
$za_contents[] = array('text' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'link' => zen_href_link(FILENAME_LINKPOINT_REVIEW, '', 'NONSSL'));
?>

@Muzz

It looks ot me as if you are basing your new box files on the wrong file. Please re-read the step-by-step guide.

[Muzz]

Hi Kuroi,

Thanks for getting back to me.

I ended up getting things working on the Local TEST site by creating an individual file for each 3rd party mod in extra boxes folder.

I then had tick box options available in the admin settings to allow user access to mods etc..

This one below works.. however, does it work in full.?. I'm not sure.

From the original file in extra boxes:

<?php
if (defined('MODULE_PAYMENT_LINKPOINT_API_STATUS') && MODULE_PAYMENT_LINKPOINT_API_STATUS == 'True')
$za_contents[] = array('text' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'link' => zen_href_link(FILENAME_LINKPOINT_REVIEW, '', 'NONSSL'));
?>

It states in the instructions that you add

BOX_CUSTOMERS_LINKPOINT_REVIEW

and

FILENAME_LINKPOINT_REVIEW

To bottom of page code and overrite original file etc.. Thats fine.

BUT with all my other additional boxes, IH2, AJAX image swapper etc.. There NO if statement in the original code. So the edit is simple.

My concern is that this part won't work:

if (defined('MODULE_PAYMENT_LINKPOINT_API_STATUS') && MODULE_PAYMENT_LINKPOINT_API_STATUS == 'True') <-- does this need to be included to work correctly?


Below is what I have in the file and yes I can select it in admin settings in option box to allow mod. It is that something else may not function if the if statement is not included? Is this case or am I worried about nothing?

if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}

$options = array( array('box' => BOX_CUSTOMERS_LINKPOINT_REVIEW, 'page' => FILENAME_LINKPOINT_REVIEW)
);

foreach ($options as $key => $value)
if (page_allowed($value['page'])=='true') $za_contents[] = array('text' => $value['box'], 'link' => zen_href_link($value['page'], '', 'NONSSL'));
?>