Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Admin Panel Security problem....

Guest

By Guest
in General Support

Recommended Posts

Guest

Guest

Posted
Posted

Just heard back from my server.....

 

The reason that the website security application can not be used on the directory /public/catalog/admin/ is that this directory already contains a .htaccess file.  In order for website security to work the directory it is being used on must be free of all .htaccess and .htpasswd files.

 

So - can I go into the /admin and delete those two files? Or am I needing to do some fancy footwork to get my Admin Tool secured?

Link to comment
Share on other sites
bobg7

bobg7

Posted
Posted
Just heard back from my server.....

So - can I go into the /admin and delete those two files?  Or am I needing to do some fancy footwork to get my Admin Tool secured?

 

You can try by making a backup of the .htaccess file and then deleting it and use the webhost's program to create the files.

 

Test it, if it works, :thumbsup: if not, remove the files it created, restore the original .htaccess.

 

If all else fails, there are a few contributions that should help.

 

Bob G.

Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
You can try by making a backup of the .htaccess file and then deleting it and use the webhost's program to create the files.

 

Test it, if it works,  :thumbsup:  if not, remove the files it created, restore the original .htaccess.

 

If all else fails, there are a few contributions that should help.

 

Bob G.

 

 

Thanks Bob! I deleted it, and it now works - when I go to /admin I get an IE password window before it opens up....

 

Thanks!

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

now one more problem.....my Admin security is working great....but on my catalog main page I still have this message:

 

Warning: I am able to write to the configuration file: /services/webpages/2/g/2galsscrappin.com/public/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

So how do I secure this one? My server lets me secure file folders, not the actual file itself.......

 

Here's the file - have I put something wrong in it?

 

<?php

/*

  $Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 

  osCommerce, Open Source E-Commerce Solutions

  http://www.oscommerce.com

 

  Copyright © 2003 osCommerce

 

  Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

  define('HTTP_SERVER', 'http://www.2galsscrappin.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.2galsscrappin.com');

define('HTTPS_COOKIE_DOMAIN', 'www.2galsscrappin.com');

define('HTTP_COOKIE_PATH', '/');

  define('HTTPS_COOKIE_PATH', '/');

  define('DIR_WS_HTTP_CATALOG', '/catalog/');

  define('DIR_WS_HTTPS_CATALOG', '');

  define('DIR_WS_IMAGES', 'images/');

  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

  define('DIR_WS_INCLUDES', 'includes/');

  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

  define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

  define('DIR_FS_CATALOG', '/home/www/2galsscrappin.com/catalog/');

 

 

  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

  define('DB_SERVER', 'XXX.XXXXXX.XXX'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'XXX.XXXXXXX.XXX');

define('DB_SERVER_PASSWORD', 'xxxxxx');

define('DB_DATABASE', 'XXXX_XXXXXX_XXX');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

?>

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Just use your Control Panel and change the permissions on the configure.php file to 444.

 

 

Ok - really stupid question here - the Control Panel on my server? If that's where you mean, there is nowhere to enter a 444 - I just have control of 'r' 'w' and 'x' for Owner, Group and Other.......am I missing something here? Thanks

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Use your FTP client to CHMOD the file to 644.

 

On my ftp software you highlight the file and right click

to get to the CHMOD option.

 

HTH

 

 

Ok - so when I open with FileZilla, and I right click on the /catalog/includes/config.php I get an option "File Attributes" and when I select that, I get a panel that says 'Change File Attributes', and at the bottom there is a spot that says 'Numeric Value' and '600' - I can change this value - is that the one I should change?

 

Thanks!

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Ok - really stupid question here - the Control Panel on my server?  If that's where you mean, there is nowhere to enter a 444 - I just have control of 'r' 'w' and 'x' for Owner,  Group and Other.......am I missing something here?  Thanks

I believe that -r--r--r-- is 444 and -rw-r--r-- would be 644.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I have tried both 444 and 644 for this file....and I still get the message

 

Warning: I am able to write to the configuration file: /services/webpages/2/g/2galsscrappin.com/public/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

So now what?

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
You have two configuration.php files.  Are you changing both?

Also, it would appear that you have changed some of the code and broken the site or neglected to upload some of the necessary files (or something else). I think I'd start over with a clean install.

 

Your Webpage

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Also, it would appear that you have changed some of the code and broken the site or neglected to upload some of the necessary files (or something else).  I think I'd start over with a clean install.

 

Your Webpage

 

 

Do I just re-upload the osCommerce install again? Or do I need to delete the /catalog directory completely to start fresh??

 

I'm beginning to think my main problem is that we had upgraded our server package to use their ecommerce software - it wouldn't do what we wanted, so we created the database and uploaded osCommerce - and then downgraded our server package so we weren't paying for software we couldn't use - problem is, we lost the database ability when we did that (but osCommerce was still running ok)....so we re-upgraded our package yesterday.......and the database we had created was still there........so I assumed all would be ok......

 

Thanks for the advice/help - appreciate it!!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...