Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ADMIN - New product insertion fail!


BYGino

Recommended Posts

Hi folks, I'm stumped!

 

You see, I have been having problems recently adding new items to my catalog. The fault seems to be fairly random in that it works sometimes but not all the time. Worst case seems to be about 4 or 5 attempts to add an item.

 

What is happening is this. I go to the category I want, click "New Product" fill out all the information and when I hit "Preview" I get a 403 error!!!

 

I can't find a pattern to this problem except that I cannot seem to get it to fail if I set my configure file to define('HTTP_SERVER', 'http... instead of HTTPS

 

Anyone any ideas why this could be happening?

 

One thing that I should probably mention is that I have made quite a few alterations to my admin/categories.php file to do various tasks (i.e. added stockroom location, used item condition, advertising options etc) so if anyone wants me to paste this just ask!

 

Please, please, please, please, please, help as I've been trying to work this out for well over a week now and don't seem to be getting anywhere!!!! :'(

Link to comment
Share on other sites

Actually, I've just realised, the error is a "Cannot find server or DNS Error" not a 403 sorry!

 

 

Do you have an SSL certificate installed on your server.. If not you need to set the configure.php file from 'HTTP_SERVER', 'https to 'HTTP_SERVER', 'http

this will fix it.. as it seems to be looking for SSL and its not setup..

 

Mike

Link to comment
Share on other sites

Do you have an SSL certificate installed on your server.. If not you need to set the configure.php file from 'HTTP_SERVER', 'https    to 'HTTP_SERVER', 'http

this will fix it.. as it seems to be looking for SSL and its not setup..

 

Mike

Sorry, should have made clear, yes I do have a dedicated cert. If it wasn't working at all, I could understand that it could be something to do with the cert or perhaps a bit of bad code but I'm starting to think this is some kind of bug or server problem, but the thing is it does sometimes work. :-?

Link to comment
Share on other sites

Sounds like your host is a bit flakey. Contact them, and if you get no joy, choose a better one.

 

It's funny, that's probably the most common response I get to any questions I ask on here! :) Thing is though, it's not my website, I'm doing it as a favour and the shop owner doesn't want to change. To give the host credit, he's been very helpfull so far and has always complied with any requests.

 

Also, the problem only seems to happen at this one point wich suggests it probably isn't a server problem. Any other ideas anyone?

Link to comment
Share on other sites

I've tried going back to the standard admin/categories.php and the problem still happens. Does this mean that the problem is related to the host or can anyone think of any other reason before I try to convince the shop owner to change host?

Link to comment
Share on other sites

Well, I'm still having trouble with this! Any of the experts out there any ideas?

 

As the site isn't live yet, I'm willing to set up a temporary admin password for anyone who doesn't understand what I mean.

At the moment, I've switched the HTTP_SERVER back to non secure so that the shop owner can continue to insert products, but when the shop goes live, this won't be possible. Is it possible even to unsecure only this part of the admin panel - this would at least be a short term work around?

Link to comment
Share on other sites

Is it possible even to unsecure only this part of the admin panel - this would at least be a short term work around?

 

Why do you think it's so important to run admin under ssl anyway? Remember that ssl only supplies an encrypted path for data in transit between the store owner and the server. I'd guess that 99.9% of that traffic is of no interest to anyone but the owner and/or publically available on the site anyway (product info). Are there hacker dweebs out there excited about snagging the price and description of a candle or skateboard while it's being transferred to the server?

 

I know that people will say "but they might snag customer info". What? Names and addresses? Those are in the phone book.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

You know, if it's a comfort thing for the owner you could always create another copy of /admin somewhere on the server which was ssl and tell them to use that one for payment info and the first for general use.

 

If you wanted to get fancy you could remove access to order info from the "general" admin.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Or you could try EZ Secure Order...which only secures viewing and editing of order and customer details in admin.

 

http://www.oscommerce.com/community/contributions,2274/

 

That's pretty cool (and elegant). I didn't know about that contribution.

 

I added it to my little db of fixes.

 

I just tried that, the edit took about 5 minutes and it seems to work just fine so far. It should, it's dead simple.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

WOW! Thanks for the reply folks.

 

I guess I was being a little paranoid about securing the Admin panel. My main worry was customer details and CC info (partial)

 

I must have missed the EZ secure order contribution but this definately looks like the best option.

 

Can't wait to go live soon!!!! Although I've been saying that for weeks now!!!

 

:rolleyes: :D

 

Once again, thanks you all for your help.

Link to comment
Share on other sites

I know that people will say "but they might snag customer info". What? Names and addresses? Those are in the phone book.

 

Do you not think you have a duty of care to protect your customers data? Would all your customers be happy to know you couldnt care less about the security of their information.

 

Do you all have privacy policy statements on your sites, anyone care to post a link for us to look at them.

Link to comment
Share on other sites

Do you not think you have a duty of care to protect your customers data?  Would all your customers be happy to know you couldnt care less about the security of their information.

 

Do you all have privacy policy statements on your sites, anyone care to post a link for us to look at them.

 

I knew someone would start this rant again.

 

Get over it, it's old.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I knew someone would start this rant again.

 

Get over it, it's old.

 

:lol: :lol:

 

Aye, very good mate.

 

So you got a privacy policy from your store for us to look at then.

Link to comment
Share on other sites

Do you not think you have a duty of care to protect your customers data?  Would all your customers be happy to know you couldnt care less about the security of their information.

Well, that's the good thing about the contribution posted above, it allows you to secure whatever pages you like within the admin section. I have a few additional pages which also required securing and this was done within minutes. Now I have a nice slick admin panel with SSL on only the pages that need it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...