Post by multishop » Wed Dec 17, 2014 9:00 am

Please help me, I do not understand!

1) Site is not in maintenance mode
2) In htacces no lock
3) User ADMIN is group ADMINISTRATOR (in group all checkboxes selected)
4) In table Api api_id = 3, username = admin
5) In table Setting config_api_id = 3
6) In /catalog/controller/api/login.php:26 i get $api_info['api_id'] = 3
7) For this http://forum.opencart.com/viewtopic.php ... 20#p531632
I get

Code: Select all

Array ( [api_id] => 3 [username] => admin [firstname] => [lastname] => [password] => bnBv0WtyTiCgzgNtjXfs6eRLmBHi4O2MhixhUM45g1f3cduvxJSevsdep2q1coADhTQqRWiRD6hpFm8Kp3vVny8LiyNJyLR7rg5ZXPBJQlL5pDLnkW0MGQHKGfOAgbDN5EPhxyfIujMkn33kxq2V4ixRphO2fi1CToqkMgEOvKvQgJqjRwiFT4DOkWDzAbCFaBsTUxRwjWmybLX0ltMYVmdt5TSpZ6JyM7JoHl87XJQOCPfTfAREdjJVw6jbCxEw [status] => 1 [date_added] => 2014-12-17 02:09:17 [date_modified] => 2014-12-17 02:09:17 ) Array ( [cookie] => 1981ondgq92hjp5oq3d0a7mjd7 [success] => Success: API session successfully started! )
And all the same. If I want to change the order, add the order to change the status of the order. I still get:
Warning: You do not have permission to access the API!

:(

Newbie

Posts

Joined
Wed Dec 17, 2014 8:51 am

Post by Selective555 » Thu Dec 18, 2014 5:04 pm

How are you trying to access it?

Are you trying to log in?

Code: Select all

yourStoreDomain.com/admin
or some other way?

What were the last things you did last time you were logged in?

Do you have access to the database, and can you access the database to change and fix files?

Active Member

Posts

Joined
Wed Nov 26, 2014 1:29 pm

Post by multishop » Thu Dec 18, 2014 6:06 pm

How are you trying to access it?
I open the page "Orders" and try to change their status.
Open: /admin/index.php?route=sale/order&token=64cea163f4340900be523bc6fef900b1
Next: /admin/index.php?route=sale/order/info&token=64cea163f4340900be523bc6fef900b1&order_id=5
Next: Change tab to "History"
Next: Add order status and get an error.

Are you trying to log in?
I go to the page of my shop
myshopdomain.com/admin
Enter my "admin" username and password.

What were the last things you did last time you were logged in?
Trivia: add categories, setting of delivery and payment, etc.

Do you have access to the database, and can you access the database to change and fix files?
Yes, I have full access to everything.

Newbie

Posts

Joined
Wed Dec 17, 2014 8:51 am

Post by Selective555 » Thu Dec 18, 2014 6:24 pm

I'm looking over my shop.

I see three different pages for "Orders"

Sales > Orders
Reports > Sales > Orders
Reports > Customers > Orders

Trying comparing the different Order pages while trying to do what you are doing.

Active Member

Posts

Joined
Wed Nov 26, 2014 1:29 pm

Post by multishop » Thu Dec 18, 2014 6:39 pm

I open Sales > Orders

Newbie

Posts

Joined
Wed Dec 17, 2014 8:51 am

Post by multishop » Fri Dec 19, 2014 7:44 pm

Anyone help?

Newbie

Posts

Joined
Wed Dec 17, 2014 8:51 am

Post by jfer3 » Tue Apr 14, 2015 7:47 pm

i am having exactly the same problem.

all permissions etc seam to be set right.

I am working on OpenCart 2.0.1.1

I am running a multi store, one the main default store I don't get the permissions problem on the order page. But for the secondary store I get this problem.

Any help would be much appreciated.

Web designer at http://www.3rddesign.com. Specializing in Joomla and creative marketing.


New member

Posts

Joined
Tue Mar 05, 2013 2:59 pm

Post by pje56 » Thu Apr 16, 2015 3:19 am

I'm having the same problem. I've deleted the admin group record from the user_group table and installed a clean record but still have the problem.

Newbie

Posts

Joined
Thu Apr 16, 2015 3:17 am

Post by pje56 » Thu Apr 16, 2015 4:08 am

I too am having exactly the same problem.
I'm running 2.0.2.0

1. All permissions are set for my admin user group
2. I've even deleted the admin user_group record in the database and added a record from a working 2.x
3. I've checked the API key and generated a new one also.

Nothing works. I still get the "You do not have permission to access the API!" when I try to edit an order.

I recently installed PDF Invoice Pro. I've written the developer but no answer yet.

Newbie

Posts

Joined
Thu Apr 16, 2015 3:17 am

Post by studio1982 » Tue May 12, 2015 7:53 pm

I'm having exactly the same issue. I've tried all previous comments...does anyone have any insight into this issue?

Newbie

Posts

Joined
Tue May 12, 2015 7:52 pm

Post by Philtrum » Sun Jul 19, 2015 11:48 pm

Hi

I also have this issue

I've been through the api settings and checked the database to ensure that the settings/api table match up

odd thing is I can sometimes update the status of one order if I ctrl F5 the orders page, then when i come to do the next one it wont let me

same "you do not have permissions to access the API", but it let me do the one earlier .... this is not only hurting my head, but also my business

if anyone has any ideas, I would be very greatful
thanks
Phil

Newbie

Posts

Joined
Fri May 16, 2014 2:32 am

Post by TomasT » Sun Aug 16, 2015 6:53 pm

Hi, I have same problem.... still no solution?

Newbie

Posts

Joined
Sun Aug 16, 2015 6:52 pm

Post by Skawty » Wed Dec 02, 2015 10:15 pm

Anyone manage to fix this issue?

User avatar
New member

Posts

Joined
Thu Nov 26, 2015 5:31 pm
Location - UK

Post by chmarwin » Thu Jan 14, 2016 5:47 pm

Hi, I also facing the same problem.
So I decide to temporary close an API authentication via hardcode. ( It is not the best practice, however it can make you progress with your work )

This is my solution.
I have edited 1 files in :
(1) catalog/controller/api/login.php : line 20 , comment the code out, so it should be.
// $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

( This will not check your IP anymore, however there is still security on Post['key'] )

**** Again, this is not the best practice ****
It will help your work to progress.

Best
Marwin C.

Newbie

Posts

Joined
Fri Jul 24, 2015 4:08 pm

Post by Skawty » Fri Jan 15, 2016 1:42 am

chmarwin wrote:Hi, I also facing the same problem.
So I decide to temporary close an API authentication via hardcode. ( It is not the best practice, however it can make you progress with your work )

This is my solution.
I have edited 1 files in :
(1) catalog/controller/api/login.php : line 20 , comment the code out, so it should be.
// $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

( This will not check your IP anymore, however there is still security on Post['key'] )

**** Again, this is not the best practice ****
It will help your work to progress.

Best
Marwin C.


Thanks of the solution I figured it out though in the end you have to go into Settings-API and then creat a new api key for yourself or what ever user needs it then select enable and then thats it fixed.

oh and enable API in Store Settings as well.

i hope this helps
Kind regards

User avatar
New member

Posts

Joined
Thu Nov 26, 2015 5:31 pm
Location - UK

Post by onaldo » Wed Jul 13, 2016 1:59 pm

Skawty wrote:


Thanks of the solution I figured it out though in the end you have to go into Settings-API and then creat a new api key for yourself or what ever user needs it then select enable and then thats it fixed.

oh and enable API in Store Settings as well.

i hope this helps
Kind regards
Tried this and it does not work because in one session, my IP address changes several times (probably due to my DSL connection). What's the purpose of this API IP checking? This is very stressful. I tried chmarwin's solution and it worked. FInding for a better solution.

_______
Opencart Philippines - http://www.beanebiz.com/


Newbie

Posts

Joined
Fri Feb 15, 2013 11:35 pm
Location - Philippines

Post by straightlight » Wed Jul 13, 2016 6:42 pm

onaldo wrote:
Skawty wrote:


Thanks of the solution I figured it out though in the end you have to go into Settings-API and then creat a new api key for yourself or what ever user needs it then select enable and then thats it fixed.

oh and enable API in Store Settings as well.

i hope this helps
Kind regards
Tried this and it does not work because in one session, my IP address changes several times (probably due to my DSL connection). What's the purpose of this API IP checking? This is very stressful. I tried chmarwin's solution and it worked. FInding for a better solution.
I would have to agree here that IP restrictions over API would not be the best methodology against dynamic IP addresses provided by your host instead of static IPs.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by labeshops » Wed Jul 13, 2016 7:19 pm

chmarwin wrote:Hi, I also facing the same problem.
So I decide to temporary close an API authentication via hardcode. ( It is not the best practice, however it can make you progress with your work )

This is my solution.
I have edited 1 files in :
(1) catalog/controller/api/login.php : line 20 , comment the code out, so it should be.
// $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

( This will not check your IP anymore, however there is still security on Post['key'] )

**** Again, this is not the best practice ****
It will help your work to progress.

Best
Marwin C.
anyone know how to do this is 2.2? I tried removing this line, but it didn't help with 2.2.

Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.


User avatar
Expert Member

Posts

Joined
Thu Aug 04, 2011 4:41 am
Location - Florida, USA

Post by straightlight » Wed Jul 13, 2016 7:24 pm

On the same file, find:

Code: Select all

if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
			}
replace with:

Code: Select all

/*if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
			}*/
until you re-accessed the page and made the changes. However, I would highly recommend a cron job to do this, also by using a static token for each users to that only a specific token could replace the IP address without re-opening the doors like this.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by labeshops » Wed Jul 13, 2016 8:20 pm

straightlight wrote:On the same file, find:

Code: Select all

if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
			}
replace with:

Code: Select all

/*if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
			}*/
until you re-accessed the page and made the changes. However, I would highly recommend a cron job to do this, also by using a static token for each users to that only a specific token could replace the IP address without re-opening the doors like this.
yeah, that's what I tried from th original post. Doesn't solve it. I still get the permissions error trying to edit order status :(

Only way I can keep things straight right now is to change the status directly in the database in the order table. A total pain.

Running Opencart v3.0.3.2 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.


User avatar
Expert Member

Posts

Joined
Thu Aug 04, 2011 4:41 am
Location - Florida, USA
Who is online

Users browsing this forum: No registered users and 105 guests