Administration

The administration components let you view orders, change any table, update product information, search for data, add new products, categories, add and delete users.

Users can be added to the database and have different privileges. There are two administrator users defined in the database.

VPASP and ADMIN.
VPASP only has a subset of privileges and ADMIN has the full set.

We strongly recommend that you rename these userids and passwords before starting your production store. A detailed section on security reviews the major security issues involved with VP-ASP and the features VP-ASP provides to protect you and your customers

    

Login to Administration

This is the login screen for shop administration. All the administration routines invoke a subroutine Checkadmin, to verify that the user has logged in. If not then this routine is invoked to display the form. Administrators can add, delete, and alter user privileges.

    

Anti Hacker Facilities

A number of anti hacker facilities are available to protect your store. These include:
1. Totally hiding the administrative side of VP-ASP
2. Using two passwords to login
3. Validating IP address of person trying to login
4. Email on hacker attempts
5. Email on successful login     

Pre Defined User ID's

Two userids are defined when you receive VP-ASP. We recommend you change these through the user control menu. Log in with userid admin to alter, rename or change userids.

userid	password	Description
vpasp	vpasp	A subset of all the possible administration functions
admin	admin	Full set of VP-ASP functions

    

Changing User ID's and Passwords

We recommend you change the VP-ASP defined userids and passwords. This can be done by logging in with userid admin. Then select 'Admin Users' from the 'Occasional Tasks' section. If you do not, any hacker will be able to come in and view your orders and change your site. See also the detailed security section for a complete set of guidelines.     

Security for Shop Administration

The filename for login is shopadmin.asp. Additional security against hackers can be obtained by renaming shopadmin.asp to something else. After you do that, update the following shop configuration options.

xadminpage	newfilename.asp
xshowadmin	No. This means that only you will know the name of the admin page. It will not be referenced if an admin page is entered incorrectly.

    

Menus for Administration

Once a successful login has been done, this routine reads the shop database to determine which menu items are displayed. Each administrative user can be given different menus. An experienced user can bypass the menu and execute any administrative function if they know the script name, by simply typing the script name into the browser once successfully logged in.

 
Adding New menu items
The menu items on this page are dynamically read from the database. Using menu control, you can add/delete and alter what is displayed on this page. Each administrator can be given different menus. For example, one administrator may only be allowed to view orders but not add or alter products.

For more information regarding adding menu items, please see - http://www.vpasp.com/helpnotes/shopexd.asp?id=753

    

Shopa_menu_control.asp

When a merchant logs on to the administrative system, a list of scripts available are displayed. This is controlled through this menu. Menus consist of a description, a comment and a URL. Although the shopping system uses only simple file names, full URLs can be used to invoke any other web sites or pages.

In this version the comment field is no longer used but is required.

    

Administration Shop Statistics

You can now view your sales statistics at a glance with our new Shop Statistics menu which can be found on the administration home page

The Shop Statistics are viewable to administrators with SUPER priveledges and can be switched on or off by changing the value of the xshowstatistics setting in your shop configuration

By default, the Shop Statistics display details for all "Processed" orders that have matched the "xendofordervalidpayments" setting

To remove these restrictions, you will need to edit the shopheaders.asp file.

There are three functions in this file that need to be modified:

• Sub GetTodaysTotal
• Sub GetMonthsTotal
• Sub GetYearsTotal

To remove the restriction that only statistics for processed orders are displayed, comment out (by adding the single quote in front of each line) the following lines from each of the three sub routines:

'---ONLY SHOW PROCESSED ORDERS------------------------------------------------------
' Comment out these line to show all orders
'if (ucase(xdatabasetype)="SQLSERVER") or (getconfig("xmysql")="Yes") OR (instr(ucase(xdatabasetype), "MYSQL") > 0) then
' sql = sql & " AND oprocessed = 1"
'else
' sql = sql & " AND oprocessed = TRUE"
'end if
'
'---END SHOW PROCESSED ORDERS--------------------------------------------------------

To remove the restriction that only statistics for orders that have matched the "xendofordervalidpayments" setting are displayed, comment out (by adding the single quotes in front of each line) the following lines from each of the three sub routines:

'---ONLY SHOW ORDERS MATCHING END OF ORDER VALID PAYMENTS----------------------
'Comment out the lines below to show all orders
'dim validpayments, types
'if instr(Getconfig("xendofordervalidpayments"), ",") > 0 then
' validpayments = split(Getconfig("xendofordervalidpayments"), ",")
' sql = sql & " AND ("
' for each types in validpayments
' sql = sql & " ocardtype = '" & types & "' OR"
' next
' sql = left(sql, len(sql) - 2)
' sql = sql & ")"
'else
' sql = sql & " AND ocardtype = '" & Getconfig("xendofordervalidpayments") & "'"
'end if
'COMMENT ABOVE THIS LINE------------------------------------------------------

    

Merchant Details

Merchant details should be changed to match your system. Each field on the left is the internal name of the configuration option. You cannot change this. But you can change any or all of the values. You MUST change xemail and xemailsystem and possibly xemailtype.