OpenCart Community

Please help me, I do not understand!

1) Site is not in maintenance mode
2) In htacces no lock
3) User ADMIN is group ADMINISTRATOR (in group all checkboxes selected)
4) In table Api api_id = 3, username = admin
5) In table Setting config_api_id = 3
6) In /catalog/controller/api/login.php:26 i get $api_info['api_id'] = 3
7) For this http://forum.opencart.com/viewtopic.php ... 20#p531632
I get And all the same. If I want to change the order, add the order to change the status of the order. I still get:
Warning: You do not have permission to access the API!

How are you trying to access it?

Are you trying to log in?
or some other way?

What were the last things you did last time you were logged in?

Do you have access to the database, and can you access the database to change and fix files?

How are you trying to access it?
I open the page "Orders" and try to change their status.
Open: /admin/index.php?route=sale/order&token=64cea163f4340900be523bc6fef900b1
Next: /admin/index.php?route=sale/order/info&token=64cea163f4340900be523bc6fef900b1&order_id=5
Next: Change tab to "History"
Next: Add order status and get an error.

Are you trying to log in?
I go to the page of my shop
myshopdomain.com/admin
Enter my "admin" username and password.

What were the last things you did last time you were logged in?
Trivia: add categories, setting of delivery and payment, etc.

Do you have access to the database, and can you access the database to change and fix files?
Yes, I have full access to everything.

I'm looking over my shop.

I see three different pages for "Orders"

Sales > Orders
Reports > Sales > Orders
Reports > Customers > Orders

Trying comparing the different Order pages while trying to do what you are doing.

I open Sales > Orders

Anyone help?

i am having exactly the same problem.

all permissions etc seam to be set right.

I am working on OpenCart 2.0.1.1

I am running a multi store, one the main default store I don't get the permissions problem on the order page. But for the secondary store I get this problem.

Any help would be much appreciated.

I'm having the same problem. I've deleted the admin group record from the user_group table and installed a clean record but still have the problem.

I too am having exactly the same problem.
I'm running 2.0.2.0

1. All permissions are set for my admin user group
2. I've even deleted the admin user_group record in the database and added a record from a working 2.x
3. I've checked the API key and generated a new one also.

Nothing works. I still get the "You do not have permission to access the API!" when I try to edit an order.

I recently installed PDF Invoice Pro. I've written the developer but no answer yet.

I'm having exactly the same issue. I've tried all previous comments...does anyone have any insight into this issue?

Hi

I also have this issue

I've been through the api settings and checked the database to ensure that the settings/api table match up

odd thing is I can sometimes update the status of one order if I ctrl F5 the orders page, then when i come to do the next one it wont let me

same "you do not have permissions to access the API", but it let me do the one earlier .... this is not only hurting my head, but also my business

if anyone has any ideas, I would be very greatful
thanks
Phil

Hi, I have same problem.... still no solution?

Anyone manage to fix this issue?

Hi, I also facing the same problem.
So I decide to temporary close an API authentication via hardcode. ( It is not the best practice, however it can make you progress with your work )

This is my solution.
I have edited 1 files in :
(1) catalog/controller/api/login.php : line 20 , comment the code out, so it should be.
// $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

( This will not check your IP anymore, however there is still security on Post['key'] )

**** Again, this is not the best practice ****
It will help your work to progress.

Best
Marwin C.

chmarwin wrote:Hi, I also facing the same problem.
So I decide to temporary close an API authentication via hardcode. ( It is not the best practice, however it can make you progress with your work )

This is my solution.
I have edited 1 files in :
(1) catalog/controller/api/login.php : line 20 , comment the code out, so it should be.
// $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

( This will not check your IP anymore, however there is still security on Post['key'] )

**** Again, this is not the best practice ****
It will help your work to progress.

Best
Marwin C.

Thanks of the solution I figured it out though in the end you have to go into Settings-API and then creat a new api key for yourself or what ever user needs it then select enable and then thats it fixed.

oh and enable API in Store Settings as well.

i hope this helps
Kind regards

Skawty wrote:


Thanks of the solution I figured it out though in the end you have to go into Settings-API and then creat a new api key for yourself or what ever user needs it then select enable and then thats it fixed.

oh and enable API in Store Settings as well.

i hope this helps
Kind regards

Tried this and it does not work because in one session, my IP address changes several times (probably due to my DSL connection). What's the purpose of this API IP checking? This is very stressful. I tried chmarwin's solution and it worked. FInding for a better solution.

onaldo wrote:

Skawty wrote:


Thanks of the solution I figured it out though in the end you have to go into Settings-API and then creat a new api key for yourself or what ever user needs it then select enable and then thats it fixed.

oh and enable API in Store Settings as well.

i hope this helps
Kind regards

Tried this and it does not work because in one session, my IP address changes several times (probably due to my DSL connection). What's the purpose of this API IP checking? This is very stressful. I tried chmarwin's solution and it worked. FInding for a better solution.

I would have to agree here that IP restrictions over API would not be the best methodology against dynamic IP addresses provided by your host instead of static IPs.

chmarwin wrote:Hi, I also facing the same problem.
So I decide to temporary close an API authentication via hardcode. ( It is not the best practice, however it can make you progress with your work )

This is my solution.
I have edited 1 files in :
(1) catalog/controller/api/login.php : line 20 , comment the code out, so it should be.
// $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);

( This will not check your IP anymore, however there is still security on Post['key'] )

**** Again, this is not the best practice ****
It will help your work to progress.

Best
Marwin C.

anyone know how to do this is 2.2? I tried removing this line, but it didn't help with 2.2.

On the same file, find:
replace with:
until you re-accessed the page and made the changes. However, I would highly recommend a cron job to do this, also by using a static token for each users to that only a specific token could replace the IP address without re-opening the doors like this.

straightlight wrote:On the same file, find:

Code: Select all

if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
			}

replace with:

Code: Select all

/*if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
				$json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']);
			}*/

until you re-accessed the page and made the changes. However, I would highly recommend a cron job to do this, also by using a static token for each users to that only a specific token could replace the IP address without re-opening the doors like this.

yeah, that's what I tried from th original post. Doesn't solve it. I still get the permissions error trying to edit order status

Only way I can keep things straight right now is to change the status directly in the database in the order table. A total pain.