Understanding Add-On "access Restrictions": Ip-Filter


I have my own PHP pages that run in the same directory as the CS-Cart shop. With the help of CURL requests I use the CS-Cart API to create vendors. Everything works fine: on page x1.php the user makes several form entries. Page x2.php receives the form post and calls (amongst other things) the CS-Cart API.

But after activating the add-on "Access restrictions", the curl request is rejected with the error message that I am not authorized to enter this area.

Okay, I thought I just need to add the server's IP address (Administration > Access restrictions > administration panel).
I made the following entries:

- external IP of the server ($_SERVER['SERVER_ADDR'])

- internal IP of the server

- (localhost)

None of the entries work.The PHP page (more precisely: the CURL post) is still rejected.

Does anyone know which entry would be the right one?

Looking for your answer.

Best regards


[attachment=14534:access restrictions.png]

access restrictions.png

Post your curl request... If you're using the API, it should setup the proper environment if it authtenicates properly. If you're using the admin environment and not properly setting up the $_SESSION['auth'] then you will get those type of failures.


I'm new to CS-Cart and not yet familiar with some things, sorry.

Here is an excerpt from the code

require_once ‘local_conf.php’; //CS-Cart local_conf.php
require_once ‘x_registrierung_conf.php’; //own config file

//Get post data
$language = PreparePostData($_POST[“language”]);
$company = PreparePostData($_POST[“company”], $company_def[“max_length”]);

$vendor_data = array();
$vendor_data[“storefront”] = “api”;
$vendor_data[“status”] = “N”;
$vendor_data[“lang_code”] = $language;
$vendor_data[“company”] = $company;

$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, “POST”);
curl_setopt($ch, CURLOPT_USERPWD, “myuser@mydomain.com:II23Z0UG9BqHj2kzz2s73rFT0o90t3”);
curl_setopt($ch, CURLOPT_URL, ‘https://’.$baseurl.‘/api/vendors/’);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
‘Content-Type: application/json’
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($vendor_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);

I am really happy about any kind of support.

Best regards


The exact error code and message you're getting from your api call?


Thanks tbirnseth for your support.

Now I'm totally confused. Activating and deactivating the add-on makes it work somehow (although I had tried this several times before). It completely depends on the existence of the IP entry "Server itself" (=public IP of the server).

Behaviour before was:

It is the same error message the add-on "access restrictions" throws (e.g. when an admin tries to open the admin.php although he is not on the IP white list).

The error message (in variable $server_output) is: "Es ist Ihnen nicht erlaubt diesen Bereich zu betreten". This is german and means "You are not allowed to enter this area". HTTP code is 200.

What I generally don't understand yet: how can I access the CS-Cart environment such as session variables, functions etc.?

Best regards


No clue. Assume the cache didn't get cleared properly.