Contribution:Admin Profiles

From Zen Cart(tm) Wiki
Jump to: navigation, search

Admin Profiles is a user access control system for the Admin part of your site, allowing you to turn menus on and off and grant or disable access to specific Admin functions for each user. There is a support thread[1] where you can ask questions that are not dealt with below.


Is Admin Profiles compatible with Zen Cart 1.2.7d (or anything earlier)?

No. But there is a contribution called Admin Levels that provides some of the core functionality with a rather more rudimentary user interface.

Is Admin Profiles compatible with Zen Cart 1.3.5 (or anything earlier)?

Yes. It is recommended that you use Admin Profiles v1.0.5 when upgrading or installing Zen Cart 1.3.5.

When I logged in, I got this message - 1146 Table 'MY_DB.admin_menu_headers' doesn't exist - and no headers, so I couldn't go to Tools

This indicates that the tables used by Admin Profiles don't exist in your database. Most likely you have not run (successfully) the Admin Profiles installtion SQL.

Admin Profiles was working fine until I installed Image Handler, now I get an error message telling me that my security clearance does not allow me to access this resource

Step 4 of the Admin Profile installation process describes the need to adjust the "box file" for your add-ons so that Admin Profiles can properly recognise them. There is a separate file entitled "updating box files (a step-by-step guide)" in the release package that actually uses Image Handler as an example.

This step is also recommended when adding new Admin add-ons after Admin Profiles has been installed before they are run for the first time. However, as long as you can still get into Admin, go to Admin Settings and you will probably find that the new add-on has been detected and listed at the bottom of the screen but is not ticked. Tick it, Save and everything should work fine.

I got this message - 1146 Table 'MY_DB.zen_admin_menu_headers' doesn't exist

The zen_ table prefix is offered as a default when Zen Cart is installed. It is really only needed if you want to run several carts or applications from a single database. However, it's not a problem for your tables to start with it. This error message shows that either you did not successfully run the Admin Profiles install SQL, or you ran it by a method other than the Admin > Tools > Install SQL patch facility and did not manually add the prefix. Try running it again using this tool which will automatically add your table prefix.

When I try to change language in the Admin Profiles page I get an error message

I'm afraid that Admin Profiles is resolutely monolingual (though you can change the language of the button on the Admin Settings page that takes you to it!). I could allow the internationalisation of the header text and pick up other language alternatives for the configuration menu. However, at the moment the majority of the text on the page is derived from the names of the executable files that make up Admin.

There is a possible way of amending this, but it would need significant changes to how Admin Profiles works and since the Zen Cart™ Admin area is due for a re-write in release 1.6, this isn't currently a priority as hopefully the Zen Cart™ team will be taking the need for a user access system into account - I will certainly be encouraging them to - and if it is done as part of core Zen Cart™ it will be much easier to deal with issues like the one that you have raised.

As the the error message, I'm going to leave the bug in there. As changing language brings no benefits, taking away the error message would do no more than you could do by clicking on your browser's back button. Not a great solution I know, but happily it will only be an issue for a limited period of time.

Can I use Admin Profiles to restrict access by product?

Sorry, but Admin Profile works by controlling which admin scripts a user has access to. Products are controlled by a script so it might be possible to restrict whether a user could access products or not, but to start placing restrictions at the individual product level would require changing the products script itself, which is beyond the scope of Admin Profiles.

The Admin area is scheduled to be re-written for Zen Cart 1.6 and hopefully this will enable deeper integration of access control functions into the core code.

I have installed Admin Profiles and now all my Admin menus have disappeared

This usually indicates that your user ID is something other than 1. Admin Profiles installs a full set of accesses for one user only and by default that user has ID 1. You have two options: either use phpMyAdmin to change your user ID to 1 and then close down all browser windows to end your session and remove all traces of you having been something else, or run the following script using a utility such as phpMyAdmin

 INSERT INTO `admin_visible_headers` VALUES (8, nnn);
 INSERT INTO `admin_allowed_pages` VALUES (67, nnn);

where nnn = your user ID. remember to add your table prefix if you use one, e.g.

 INSERT INTO `zen_admin_visible_headers` VALUES (8, nnn);
 INSERT INTO `zen_admin_allowed_pages` VALUES (67, nnn);

This will give you access to the Admin Settings menu including the ability to give yourself re-enable your access to any Admin function. However, please note that anybody else who can gain access to your database or even your FTP area can do the same. Please keep these areas secure at all times.

The admin password forgotten function doesn't seem to work when Admin Profiles is installed

This is a bug and is already fixed for the next release of Admin Profiles. To retrofit the fix to currently available versions find the admin/includes/init_includes/overrides/init_admin_auth.php file and change line 15 from

 if (!(basename($PHP_SELF)== FILENAME_DEFAULT . '.php' || basename($PHP_SELF) == 'product.php' || basename($PHP_SELF) == FILENAME_LOGOFF . '.php' || basename($PHP_SELF)== FILENAME_ALT_NAV.'.php' || basename($PHP_SELF)== FILENAME_ADMIN_CONTROL.'.php')){if (check_page($page) == 'false')header("location: denied.php");}


 if (!(basename($PHP_SELF)== FILENAME_DEFAULT . '.php' || basename($PHP_SELF) == 'product.php' || basename($PHP_SELF) == FILENAME_LOGOFF . '.php' || basename($PHP_SELF)== FILENAME_ALT_NAV.'.php' || basename($PHP_SELF)== FILENAME_ADMIN_CONTROL.'.php' || basename($PHP_SELF)== FILENAME_PASSWORD_FORGOTTEN.'.php')){if (check_page($page) == 'false')header("location: denied.php");}
Is there a way that I could see who I am logged on as?

Yes. If you make these two small amendments to your admin/includes/headers.php file ...

Go to the bottom of the file. Find the line that reads

 <td class="headerBarContent" align="center"><?php echo date("r", time()) . 'GMT'  . ' [' .  $_SERVER['REMOTE_ADDR'] . ' ] '; ?></td>

change "center" to "left" then insert the following line immediately afterwards

 <td class="headerBarContent" align="center"><?php $result=$db->Execute("select admin_name from ".TABLE_ADMIN." where admin_id=".$_SESSION['admin_id']); echo $result->fields['admin_name']; ?></td>

Upload the file to your server and enjoy.

What further enhancements are planned for Admin Profiles

The follow features are currently under consideration

1. ability to create and apply generic "profiles"

2. a default index page assigned to each admin users

3. switches to turn off sensitive(?) data in the index screen

4. restrict admin access by IP address