Andy's Blog » simple admin, simple, admin orders.php » OSC简单后台保护Simple Admin Access Control 1.3

OSC简单后台保护Simple Admin Access Control 1.3

Simple Admin Access Control 1.3
Sept 15, 2005
Author: Jared Call

Changelog:
v1.1 :
- Minor rework of the logic to make the code easier to read
- Added example for just one administrative user
- Added troubleshooting tip

v1.2 :
- fixed typo in readme
- changed $PHP_SELF statements so that this references the store configuration rather than assume an install into the root of your webserver's document root

v1.3 :
- added $_SERVER[REMOTE_USER] to the logic for those servers that need it.

What this contrib does:
========================

This contribution very simply adds the ability to limit sub-admin users to access only certain areas of the osCommerce administrative area. It assumes that you have already created these users in your host's control panel, requiring login to the /admin area with one of these usernames.

Installation:
==============

1 file is edited (admin/includes/header.php).

=======================
STEP 1 (edit the file)
=======================

In admin/includes/header.php, find this:

if ($messageStack->size > 0) {
  
echo $messageStack->output();
 
}

If you want to give "full" access to 2 admin users, named admin1 and admin2, add the following code immediately below (right before the ?>):

if ( ($PHP_AUTH_USER==admin1) || ($PHP_AUTH_USER==admin2) ||
      
($_SERVER[REMOTE_USER]==admin1) || ($_SERVER[REMOTE_USER]==admin2) )
  
{;
  
} else {
      
if ( ($PHP_SELF != DIR_WS_ADMIN . "orders.php") &&
          
($PHP_SELF != DIR_WS_ADMIN . "invoice.php") &&
          
($PHP_SELF != DIR_WS_ADMIN . "packing_slip.php") &&
          
($PHP_SELF != DIR_WS_ADMIN . "customers.php") )
        
{ die("<br><br><center>You are not authorized to view this page.\n\n</center>"); }
  
}
 
 
If you only want to give "full" access to a single admin user, and limited access to other users, use the following code:
 
 
if ($PHP_AUTH_USER==admin1)
  
{;
  
} else {
      
if ( ($PHP_SELF != DIR_WS_ADMIN . "orders.php") &&
          
($PHP_SELF != DIR_WS_ADMIN . "invoice.php") &&
          
($PHP_SELF != DIR_WS_ADMIN . "packing_slip.php") &&
          
($PHP_SELF != DIR_WS_ADMIN . "customers.php") )
        
{ die("<br><br><center>You are not authorized to view this page.\n\n</center>"); }
  
}

==================
FINISHED
==================

====================
TROUBLESHOOTING
====================

See the support thread at http://forums.oscommerce.com/index.php?showtopic=125058 .

End notes: The first code example assumes that you have 2 "full-rights" administrative users, named adminuser1 and adminuser2. The second example assumes a single "full-rights" administrative user. Any other user that logs in (i.e. users that you've created in your webhost's control panel) will only have rights to the files listed in this code paragraph. You should be able to see how to limit it to one user, or grant total rights to a third or fourth user.

The example grants access to only a few admin pages. You should be able to see how to add access for admin pages from other contributions, like CCGV, Page Cache, or others.

If you're wondering where $PHP_SELF and $PHP_AUTH_USER came from, they are PHP environment variables. You can see these and others at http://your_server/admin/server_info.php.

Support for this contribution is provided at the following URL: http://forums.oscommerce.com/index.php?showtopic=125058

Disclaimer: This contrib has been designed for and tested with osCommerce 2.2 MS2. While it should easily work, perhaps with minor modifications, with other versions of osCommerce, it has not been tested as such.

If you find this contribution useful, please support the osCommerce project by becoming an osCommerce Community Sponsor. At the time of this writing, details of Community Sponsorship can be found at http://www.oscommerce.com/about/news,111 .

Incoming search terms:

Tags:

本文地址: http://blog.21andy.com/20050916/75.html