Hello,
I wrote a mini extension code for my opencart (3.0.3.1)
This extension must be execute everyday but it is required admin password.
I tried many codes like cron,opencart api but I failed.I could not access to extension in proper way.
After than I realized there are two files in admin\controller\startup... login.php and permission.php
I wrote my extension path in ignore arrays both in two files and yes it is working now.
But I don't know what I did.I can access it from outside without any token and password.I think it is not a big security problem unless known the full path
Is there a proper way to achive it?
Yes, by rather creating event files in your catalog/controller/extension/module folder and initiate the task from the event table of your database. This way, despite of any customers who will visit a specific page, the task will be automatically launched at the same time. You could do the same for your admin users from the admin-end.Is there a proper way to achive it?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I'm trying to accomplish the same thing here. I have a cron that I want to run on a controller in the admin and I don't want to bother with events or create a duplicate file in another directory. Is this method of putting the path in the ignore array of the login and permissions file still valid.
What I've done:
Added
to the ignore array of login and permissions
and have:
as my url.
Its not working with or without the parameter.
What I've done:
Added
Code: Select all
'extension/module/custom_backup'and have:
Code: Select all
https://website.com/admin/index.php?route=extension/module/custom_backup&function=databaseIts not working with or without the parameter.
v3.0.4.0 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
How is it not working? Are you getting a not found, not logged in, invalid token or permission error?Joe1234 wrote: ↑Wed Mar 27, 2024 10:45 amI'm trying to accomplish the same thing here. I have a cron that I want to run on a controller in the admin and I don't want to bother with events or create a duplicate file in another directory. Is this method of putting the path in the ignore array of the login and permissions file still valid.
What I've done:
Addedto the ignore array of login and permissionsCode: Select all
'extension/module/custom_backup'
and have:as my url.Code: Select all
https://website.com/admin/index.php?route=extension/module/custom_backup&function=database
Its not working with or without the parameter.
This is a common question, please search the forum before posting in future.
I won't lock the topic right now as you're in the middle of a discussion, but please search see if your question is already answered.
I won't lock the topic right now as you're in the middle of a discussion, but please search see if your question is already answered.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
@add creative, It stays on the admin login page and the function doesn't execute.
I also removed the parameter and put an index function with a log write in the file just to make sure and that isn't being executed either.
@paul, that's a genius idea, wish I thought of that...wait, I probably did since I'm replying in a 5 year old thread
and not starting a new thread (also note this seems to state the solution works). I guess I didn't search with the right query for you, so it might be more helpful to provide a link to the many clear threads you know already exist or share a better query to search with instead of telling me about locking the thread.
I also removed the parameter and put an index function with a log write in the file just to make sure and that isn't being executed either.
@paul, that's a genius idea, wish I thought of that...wait, I probably did since I'm replying in a 5 year old thread
and not starting a new thread (also note this seems to state the solution works). I guess I didn't search with the right query for you, so it might be more helpful to provide a link to the many clear threads you know already exist or share a better query to search with instead of telling me about locking the thread.v3.0.4.0 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
Just tested by adding extension/module/account to the 3 lists and I was able to access that page without logging in or having a token.
I would still advise using a controller in the catalog side if you can or at least protect with some sort of token.
Try Googling "opencart forum access admin code from cron" and you'll find there are loads.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Who is online
Users browsing this forum: Bing [Bot] and 18 guests
