Announcement

Collapse
No announcement yet.

MM9 admin problems

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    MM9 admin problems

    Hi folks,

    Having a couple of problems with a module running on MM9. I think some of this has been discussed on the forums, but I couldn't find the posts.

    I have a module that can be triggered to import a big data set by hitting a URL that logs into admin and does some processing. The URL looks about like this:
    Code:
    http://OurDomain.com/mm5/admin.mvc?Store_Code=SSSSS&Action=LOGN&username=UUUUU&
    &password=PPPPP&Screen=SMOD&Module_Type=fulfill&Tab=MAGIC_PRISM&
    PRSM_remote=1&PRSM_keepproc=1&PRSM_procold=&PRSM_proclimit=&PRSM_process=in-manuf
    This works fine under MM5, and it works OK on MM9 when we enter it into a browser. But for some reason it fails when called by a PHP script using the "curl" function. In that case, it gets to the admin page for the correct module, but it doesn't trigger the automatic execution.

    I should mention that the variables whose names start with PRSM_ are simple global variables. There are no form fields on the page with those names. Not sure if that's relevant, but I've noticed that MM9 admin pages have some complex processing for passing data in and out.

    I recall that some other developers have apps that make similar remote calls to admin. Can you tell me what's wrong in this case?

    And a related problem: I tried to view the source code of the admin page, to see if that would give me some clues. But when I use the "View Frame Source" option in Firefox, I always get a "Document Expired" error message. Is there a fix for that?

    Thanks --
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA

    #2
    Re: MM9 admin problems

    The first probability is that the site has 1 admin seat that is already occupied. Log into the admin and specifically log OUT and then try the url.

    Not sure of the specifics here, but that looks like a unsecure way to access the admin since you are passing uname pword on the url line.
    Bruce Golub
    Phosphor Media - "Your Success is our Business"

    Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
    phosphormedia.com

    Comment


      #3
      Re: MM9 admin problems

      The seat limit is something I can look into. But if the Curl result shows the module's admin page, it seems clear that the login was successful.

      The module won't start its automatic processing unless some of those other variables, such as PRSM_remote, are passed in to it. That's why I thought it might be related to the data-passing JavaScript: if there's no form field, the value of PRSM_remote might not be passed to the module -- at least that's my hunch so far. Miva in-house folks, any thoughts?

      And regarding the use of the password in the URL, is there some more secure way to do that? I'm pretty sure there are some 3rd-party apps that routinely auto-login to admin. Do they have a way to do it that's more secure?

      Thanks --
      Kent Multer
      Magic Metal Productions
      http://TheMagicM.com
      * Web developer/designer
      * E-commerce and Miva
      * Author, The Official Miva Web Scripting Book -- available on-line:
      http://www.amazon.com/exec/obidos/IS...icmetalproducA

      Comment


        #4
        Re: MM9 admin problems

        But if the Curl result shows the module's admin page, it seems clear that the login was successful.
        The login will be successful (technically) even if you hit the limit, so Bruce is probably right.

        Bruce is also 100% right that you should NEVER pass the password in the login screen, and you should find a fix for that now and go back and fix any store in which you've done that.
        Thanks,

        Rick Wilson
        CEO
        Miva, Inc.
        [email protected]
        https://www.miva.com

        Comment


          #5
          Re: MM9 admin problems

          First, you should pass the Username and Password as POST parameters, otherwise they will get logged to the webserver's activity log and can potentially be leaked through the Referrer header.

          Second, the MM9 interface intercepts the parameters and passes them through to an internal iframe. When you open the window in a browser, the browser loads the iframe content and your script executes. curl is probably not loading the internal iframe, so your code is never being executed.

          You have the following options in MM9 to solve this:

          1. Use an Action parameter to trigger your processing, rather than Screen. (Actions are processed before the iframe redirect)
          2. Route your request through json.mvc
          3. Route your request through a custom StoreUtilityModule_Screen function, and either don't use the BeginScreen()/EndScreen() functions, or call v58_BeginScreen passing it the "no_mmscreen_intercept" flag.

          Of the three, using an Action is likely the simplest and most backwards compatible solution.

          Comment


            #6
            Re: MM9 admin problems

            Hi Burch, thanks for the detailed reply.

            How would I use an Action code in this case? I'm used to doing that on the shopping pages, of course, but not in admin. How do I write a module to be triggered by an Action code before the admin page starts rendering? What function do I put the code in?

            Thanks --
            Kent Multer
            Magic Metal Productions
            http://TheMagicM.com
            * Web developer/designer
            * E-commerce and Miva
            * Author, The Official Miva Web Scripting Book -- available on-line:
            http://www.amazon.com/exec/obidos/IS...icmetalproducA

            Comment


              #7
              Re: MM9 admin problems

              Just move your code to Module_Fulfillment_Update and change the Action parameter in your URL from LOGN (which is a non-existent action code, BTW) to SMOD.

              Comment


                #8
                Re: MM9 admin problems

                That did the trick, thanks.

                I just wish that the admin was included in the LSK; then I could get these answers myself.
                Kent Multer
                Magic Metal Productions
                http://TheMagicM.com
                * Web developer/designer
                * E-commerce and Miva
                * Author, The Official Miva Web Scripting Book -- available on-line:
                http://www.amazon.com/exec/obidos/IS...icmetalproducA

                Comment


                  #9
                  Re: MM9 admin problems

                  Hi folks, one more question please. My module is now working correctly when triggered by the remote server, but I need to make it log out when it's finished, because of the seat limit. Is there way to do that from within the module?

                  Thanks again --
                  Kent Multer
                  Magic Metal Productions
                  http://TheMagicM.com
                  * Web developer/designer
                  * E-commerce and Miva
                  * Author, The Official Miva Web Scripting Book -- available on-line:
                  http://www.amazon.com/exec/obidos/IS...icmetalproducA

                  Comment


                    #10
                    Re: MM9 admin problems

                    Kent:

                    There is a new parameter to pass on the URL that Brennan has been posting about for a few months:

                    temporarysession=1

                    That forces the session to expire when you are done.
                    Gordon Currie
                    Phosphor Media - "Your Success is our Business"

                    Improve Your Customer Service | Get MORE Customers | Edit Any Document Easily | Free Modules | Follow Us on Facebook
                    phosphormedia.com

                    Comment


                      #11
                      Re: MM9 admin problems

                      OK, that's working better. But I've noticed one odd thing that happens when you use temporarysession. When I try it from my browser, after my module finishes its run, the page refreshes, and I get about five of those little pop-ups asking me to confirm that I want to re-submit a form. It's as if I clicked the Refresh button five time, but of course I didn't.

                      The remote app that's triggering my module is trying to capture a report of the module's activities, which the module outputs while it's running. This pseudo-refresh behavior at the end of the session seems to be interfering with that: the report file just contains a copy of the login page. Is there a way to prevent that?

                      Thanks --
                      Kent Multer
                      Magic Metal Productions
                      http://TheMagicM.com
                      * Web developer/designer
                      * E-commerce and Miva
                      * Author, The Official Miva Web Scripting Book -- available on-line:
                      http://www.amazon.com/exec/obidos/IS...icmetalproducA

                      Comment


                        #12
                        Re: MM9 admin problems

                        Another thing I've just noticed today, after adding a log-file feature to my module, is that when I enter the remote URL into my browser, the module runs twice. I suppose this is a side-effect of the same JS that's generating all those confirmation pop-ups. This could be a problem for debugging, if the module runs twice when I only want it to run once. Does anyone have a fix or work-around for this?

                        Thanks --
                        Kent Multer
                        Magic Metal Productions
                        http://TheMagicM.com
                        * Web developer/designer
                        * E-commerce and Miva
                        * Author, The Official Miva Web Scripting Book -- available on-line:
                        http://www.amazon.com/exec/obidos/IS...icmetalproducA

                        Comment


                          #13
                          Hi folks, I have some new questions about this today. I'm adding a remote-trigger feature to another module, using Action=SMOD as discussed above, but it doesn't seem to be working. This one happens to be a payment module. Is there something about these that's different from other types of modules?

                          It seems that the Module_Payment_Update function is not being called at all. I've put in some debugging messages with MvEVAL's to confirm this, and even a plain-text log file, in case some MvEVAL text was being lost or hidden from my browser.

                          As a fallback, I switched my code to be triggered from Movule_Payment_Content, instead of _Update. That worked ... too well. The auto-run code gets executed twice. I only see debug messages from the second one, but the log file confirms that the code ran twice.

                          As a brute-force fix, I tried adding a global variable as an already-processed flag, to prevent the auto-run code from running twice in the same script execution. But that didn't work either; the log file confirms that the variable is null when the code is executed for the second time. This suggests that the browser is actually calling the URL twice, so that the second execution is completely separate from the first one, and setting a global variable in the first one has no effect on the second.

                          Does anyone recognize these symptoms? Got a cure? I need to get this working one way or the other ... or some other way altogether. In this case, I don't really need to use an admin.mvc URL. I might just switch the module to look for a merchant.mvc call with a custom Action code, and some password protection for security. But having come this far, I'd like to the admin approach working if it won't take too much longer ...

                          Thanks --
                          Kent Multer
                          Magic Metal Productions
                          http://TheMagicM.com
                          * Web developer/designer
                          * E-commerce and Miva
                          * Author, The Official Miva Web Scripting Book -- available on-line:
                          http://www.amazon.com/exec/obidos/IS...icmetalproducA

                          Comment

                          Working...
                          X