Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How do I secure the admin?


supergeek

Recommended Posts

I was wondering if there is an easy way to secure the admin while the catalog is non-secure?

 

By the way, I do have ssl set to true in my configuration.php files and the checkout and account creation, etc pages are all secure and work great.

 

First, I moved the admin folder and other pages that needed to be secured from my non-secure web folder over to my secure web folder. But when I access the secure admin, all of the links are pointing to the non-secure admin. So, I then changed the

 

define('HTTP_SERVER', 'http://www.domain.com');

to

define('HTTP_SERVER', 'https://www.domain.com');

 

That fixed the links, so that they point to the secure admin, but now when I click on "modules" in the configuration, all I see is that the path to the modules directory is in the non-secure folder, but I don't see the list of payment modules, etc.

 

So, I then changed the DIR_FS_CATALOG directive in the config file to point to my secure folder, which then fixed the problem with the modules...I am able to see them now.

 

Well, everything was working correctly until I tried to add some new categories and products and uploaded some category and product images. The images are uploaded to the secure catalog images folder, and not the non-secure catalog images folder.

 

I'm getting a little frustrated with this. Is there another directive in the config file that I need to change to fix the images problem?

 

I'm sorry about the novel for a simple question, but I had to explain what I have done so far. I have searched these forums and search engines for a similar issue but haven't run across anything yet.

 

Thanks.

Link to comment
Share on other sites

I was wondering if there is an easy way to secure the admin while the catalog is non-secure?

 

By the way, I do have ssl set to true in my configuration.php files and the checkout and account creation, etc pages are all secure and work great.

 

First, I moved the admin folder and other pages that needed to be secured from my non-secure web folder over to my secure web folder. But when I access the secure admin, all of the links are pointing to the non-secure admin. So, I then changed the

 

define('HTTP_SERVER', 'http://www.domain.com');

to

define('HTTP_SERVER', 'https://www.domain.com');

 

That fixed the links, so that they point to the secure admin, but now when I click on "modules" in the configuration, all I see is that the path to the modules directory is in the non-secure folder, but I don't see the list of payment modules, etc.

 

So, I then changed the DIR_FS_CATALOG directive in the config file to point to my secure folder, which then fixed the problem with the modules...I am able to see them now.

 

Well, everything was working correctly until I tried to add some new categories and products and uploaded some category and product images. The images are uploaded to the secure catalog images folder, and not the non-secure catalog images folder.

 

I'm getting a little frustrated with this. Is there another directive in the config file that I need to change to fix the images problem?

 

I'm sorry about the novel for a simple question, but I had to explain what I have done so far. I have searched these forums and search engines for a similar issue but haven't run across anything yet.

 

Thanks.

 

Did you change both configure.php files, yes there are 2.

one is in /Admin/includes/configure.php

the other is /includes/configure.php

 

Having 2 configure file is really awesome for testing purposes, but nothing else.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...