params= new JRegistry(); $this->params->loadString($plugin->params, 'JSON'); $this->_cacheEnabled = $this->params->get('cache_enabled'); if ($this->_cacheEnabled === null) $this->_cacheEnabled == 1; $this->_autoflush = $this->params->get('autoFlush'); if ($this->_autoflush === null) $this->_autoflush = 1; $this->_autoflush3rdParty = $this->params->get('autoFlush-ThirdParty'); if ($this->_autoflush3rdParty === null) $this->_autoflush3rdParty = 1; $this->_autoflushClientSide = $this->params->get('autoFlush-ClientSide'); if ($this->_autoflushClientSide === null) $this->_autoflushClientSide = 0; } /** * Heartbeat cache checking function. Will also monitor $_GET for the jSGCache parameter * (pressing the purge cache button in admin) * * * @access public * @return null */ public function onAfterInitialise() { if (!$this->_cacheEnabled || $this->_isBlacklisted($this->_applicationPath)) { JResponse::setHeader('X-Cache-Enabled','False',true); return; } if ($this->_cacheEnabled) { JResponse::allowCache(true); JResponse::setHeader('X-Cache-Enabled','True',true); } //Init the application url $this->_applicationPath = str_replace(array('administrator/index.php','index.php'),'',str_replace($_SERVER['DOCUMENT_ROOT'],'',$_SERVER['SCRIPT_FILENAME'])); //Check for any admin action and proceed to flushMonitor and 3rd party plugins if ( isset($_POST['task']) || isset($_GET['task']) || isset($_GET['cart_virtuemart_product_id'])) { $this->_flushMonitor(); if ($this->_autoflush3rdParty) $this->_monitorThirdPartyPlugins(); } //Check if we have a logged in user and enable cache bypass cookie 'task' => string 'user.login' $user = JFactory::getUser(); if (!$user->guest || (isset($_POST['task']) && preg_match('/login/i', $_POST['task']))) { $_POST[JSession::getFormToken()] = 1; //Force the correct token, since the login box on the page is cached with the 1st visitors' token //Enable the cache bypass for logged users by setting a cache bypass cookie setcookie('jSGCacheBypass',1,time() + 6000,'/'); } if ($user->guest || (isset($_POST['task']) && $_POST['task'] == 'user.logout')) { //Remove the bypass cookie if not a logged user if (isset($_COOKIE['jSGCacheBypass'])) setcookie('jSGCacheBypass',0, time() - 3600,'/'); } // Handle purge button press when get has jSGCache=purge, but only in admin with a logged user if(isset($_GET['jSGCache']) && $_GET['jSGCache'] == 'purge' && JFactory::getApplication()->isAdmin() && !$user->guest ) $this->_purgeCache(true); } /** * Admin panel icon display * * @access public * @param string $context * @return array */ public function onGetIcons( $context ) { return array(array( 'link'=>'?jSGCache=purge', 'image'=>'refresh', 'text'=>JText::_('Purge jSGCache'), 'id'=>'jSGCache' )); } /** * Calls the cache server to purge the cache * * @access public * @param string|bool $message Message to be displayed if purge is successful. If this param is false no output would be done * @return null */ private function _purgeCache( $message = true ) { $purgeRequest = $this->_applicationPath . '(.*)'; // Construct the PURGE request $hostname = str_replace( 'www.', '', $_SERVER['HTTP_HOST'] ); $purge_method = "PURGE"; $cacheServerSocket = fsockopen($hostname, 80, $errno, $errstr, 2); if(!$cacheServerSocket) { JError::raise(E_ERROR,500,JText::_('Connection to cache server failed!')); JError::raise(E_ERROR,500,JText::_($errstr ($errno))); return; } $request = "$purge_method {$purgeRequest} HTTP/1.0\r\nHost: {$_SERVER['SERVER_NAME']}\r\nConnection: Close\r\n\r\n"; if (preg_match('/^www\./',$_SERVER['SERVER_NAME'])) { $domain_no_www = preg_replace('/^www\./', '', $_SERVER['SERVER_NAME']); $request2 = "$purge_method {$purgeRequest} HTTP/1.0\r\nHost: {$domain_no_www}\r\nConnection: Close\r\n\r\n"; } else $request2 = "$purge_method {$purgeRequest} HTTP/1.0\r\nHost: www.{$_SERVER['SERVER_NAME']}\r\nConnection: Close\r\n\r\n"; fwrite($cacheServerSocket, $request); $response = fgets($cacheServerSocket); fclose($cacheServerSocket); $cacheServerSocket = fsockopen($hostname, 80, $errno, $errstr, 2); fwrite($cacheServerSocket, $request2); fclose($cacheServerSocket); if($message !== false) { if(preg_match('/200/',$response)) { if ($message === true) JFactory::getApplication()->enqueueMessage(JText::_('SG Cache Successfully Purged!')); else JFactory::getApplication()->enqueueMessage(JText::_( $message )); } else { JError::raise(E_NOTICE,501, JText::_('SG Cache: Purge was not successful!')); JError::raise(E_NOTICE,501, jText::_('Error: ' . $response)); } } } /** * Check if url is in caching blacklist * * @param string $applicationPath * * @return bool */ private function _isBlacklisted($applicationPath) { $blacklistArray = explode("\n",$this->params->get('blacklist')); $blacklistRegexArray = array(); $indexIsBlacklisted = false; foreach($blacklistArray as $key=>$row) { $row = trim($row); if ($row != '/' && $quoted = preg_quote($row,'/')) $blacklistRegexArray[$key] = $quoted; if ($row == '/') $indexIsBlacklisted = true; } if ($indexIsBlacklisted && $_SERVER['REQUEST_URI'] == $applicationPath) return true; if (empty($blacklistRegexArray)) return false; $blacklistRegex = '/('.implode('|',$blacklistRegexArray) . ')/i'; return preg_match($blacklistRegex, $_SERVER['REQUEST_URI']); } /** * 3rd party plugin monitor * * @access private * @return null */ private function _monitorThirdPartyPlugins() { // Kunena & K2 if ($this->params->get('autoFlush-ThirdParty') == 1 && isset($_POST['option']) && ($_POST['option']=='com_k2' || $_POST['option' ]== 'com_kunena')) { $this->_purgeCache(false); } // VirtueMart if ( (isset($_POST['option']) && $_POST['option'] == 'com_virtuemart') || ( isset($_GET['option']) && $_GET['option'] == 'com_virtuemart' ) || isset($_GET['cart_virtuemart_product_id']) ) { if($this->params->get('autoFlush-ThirdParty') == 1) $this->_purgeCache(false); } } /** * Action monitor * * @access private * @return null */ private function _flushMonitor() { $user = JFactory::getUser(); if ((!JFactory::getApplication()->isAdmin() && !$this->_autoflushClientSide) || $user->guest) return; $autoflush = $this->params->get('autoFlush'); if ($autoflush === null) $autoflush = 1; if (isset($_POST['task']) && $_POST['task'] && !in_array($_POST['task'],self::$_ignoreTasks) && $autoflush == 1) $this->_purgeCache(false); } } Clients can login to backend

204,593+ downloads

Categories:   All Categories
Suggested keywords
New

Clients can login to backend

Default Category
  Premium Support
Default Avatar
  troy@thirdsun.com
  Saturday, 06 June 2020
  2 Replies
  1.8K Visits
  Subscribe
I did a test as a buyer/client registration, and was able to login to the backend, create products, etc. That user is in the "Default Client Category" and Joomla user level of registered.

I checked permissions for this group, and they were set at "Not Allowed" Changed to "Denied" and still was able to to login. What am I missing?
References
  1. https://utahartandcraft.org/
Oldest First  
Default Avatar
troy@thirdsun.com
3 years ago
·
#4557
In addition to above, I've realized Sellers can login and put the store offline. I don't see a flag for this in permissions. I'm concerned about the security and permissions of this product.
Default Avatar
Rashi
3 years ago
·
#4569
Hi,

We have checked for both the issues on our system and it can't be found. Please make sure following-

1. For backend login, please make sure Registration Menu is assigned to only client category not seller category.
2. Permissions for seller should not be enabled as Shop owner. Please reset to default for seller.

Follow this documentation for permissions: https://www.sellacious.com/documentation-v2#/learn/settings/permission

If the issue still exist pls let us know on live chat.

Thanks
  • Page :
  • 1
There are no replies made for this post yet.
Be one of the first to reply to this post!

Important Links

Company

Important Links

Information

Shortcut Links

Shortcut Links

Important Links

  • 10k Startup
  • Ssl Secure
  • Iso Certified
  • +1 (408) 821-8283
  • Email hello@sellacious.com

Search