[ic] Disable / Bypass Administration Login

Jonathan Clark interchange-users@icdevgroup.org
Wed Jan 29 03:01:01 2003


> I asked a question yesterday on how to disable or get around the login
> for the administration module.  I wanted to grab the order_view page
> without authorization (because I am doing it from PHP and fopen).  So
> below is what worked for me, YMMV.  Also, you are disabling security
> for this page so this is not at all recommended.  You might make the
> admin directory be protected by .htaaccess just in case.
>
> To try this simply:
>
> 1. su to root
> 2. edit /usr/lib/interchange/lib/UI/pages/admin/order_view.html and add
> [set no_login_required]1[/set] to the line above @_UI_STD_HEAD_@ .
> 3. Restart Interchange /etc/init.d/interchange restart
> 4. Test. Something like:
> http://www.myICStore.com/cgi-bin/myICStore/admin/
> order_view?order=MIC4988  should bring up the order with no
> authorization required.
>
> I would assume this would work on other pages also, but this could
> cause some potential problems with the permissions IC sets up for its
> users and of course your changes to order_view.html will go away when
> you upgrade IC at any point.

I suggest you make a copy of the order_view.html page and copy it to
<catalog_root>/pages/admin/ and then revert the original UI page back at
/usr/lib/interchange/... That way, you have overridden the UI page for only
one catalog, not all catalogs. Also, your page will remain when you upgrade
the core.

Of course, you could use a different name for your page and then users in
the UI would have access to the core UI page and your PHP routine would use
another.

Jonathan
www.webmaint.net