Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Securing Admin Page?


griiiiiiiiiin

Recommended Posts

I've used the advice found in this forum for disabling someone from simply going to /oscommerce/catalog/admin page and just having access to my admin. This, for me was a great leap forward. However; I have no way of assuring that someone knowing to go to oscommerce/catalog/admin/configuration.php does not have access to my admin panel.

 

I've visited a few sites done with OsCommerce and have asked for help from store owners and have received no replies. What I am hoping to find is a way to prevent access to this link without a password.

 

Please don't mis-understand my request by thinking that I am asking how to prevent oscommerce/admin from going straight to my admin page; but that I am actually asking how to prevent someone that knows the correct address from accessing it without a password.

 

Whew. That was pulling teeth.

 

Dana. HELLLLLLLLLLLLLLLLLLLLLP!!!

Link to comment
Share on other sites

What method did you use to prevent access to the /catalog/admin? If you used the .htaccess method, any file or directory (folder) below the admin directory should be protected as well.

Link to comment
Share on other sites

I downloaded the "sun" module. or whatever you call it, from John Faller. Instructions were followed to the letter, I'm sure: 1. Cut and paste sql from admin.sql file into phpmyadmin or in similar fashion.

2. Copy application_top.php and header.php into \catalog\admin\includes folder

3. Copy adminLogin.php, adminProcesslogin.php and adminLogout.php into \catalog\admin\

 

This allowed me to assure that people who visited mysite/com/oscommerce/admin had to login. But it does not assure that no one can access my admin panel by typing in mysite.com/oscommerce/admin/configure.php.

 

Help me.

Link to comment
Share on other sites

i have found that people who have used that have had a problem in understanding how it works. your best bet is to use your host control panel and set your access password there, which in effect blocks the directory from any access, asks for a name and password. it also stores the password outside of the document root, which is another added safety factor.

Link to comment
Share on other sites

Well you don't have to store your htpasswd file in the web document root; not all hosts have web control panels either. I'm using my own server so I don't have one. :)

 

If the webserver is running Apache (which is quite common on Unix or Linux servers) and offers no customer control panel, .htaccess files are probably the best way to go.

Link to comment
Share on other sites

if you run your own server, then you have access to the root, which most people do not have. the control panel sets up an htaccess file, which the majority of the hosts use.

 

if you have access to your control panel, there is also a contribution which shows how to setup an htaccess file, just search on htaccess in contribution

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...