Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

2 qusetions - Secure my admin + Inserting SSl


stanleymog

Recommended Posts

Hi there,

 

Sorry if these questions have been repeated but I have looked and cannot find the answers I am looking for.

 

So here goes:

 

1. My Os admin page is not secure, is there any way to password protect so that no one else can access it?

 

2. I need to install a SSL certificate, my web host provides one, which is https://web15.secure-secure.co.uk/there is more to it than this but without a secure admin panel I don not want to enter the rest! Where do I insert this or how do I add it?

 

Thanks in advance.

Link to comment
Share on other sites

Hi there,

 

Sorry if these questions have been repeated but I have looked and cannot find the answers I am looking for.

 

So here goes:

 

1. My Os admin page is not secure, is there any way to password protect so that no one else can access it?

 

2. I need to install a SSL certificate, my web host provides one, which is https://web15.secure-secure.co.uk/there is more to it than this but without a secure admin panel I don not want to enter the rest!  Where do I insert this or how do I add it?

 

Thanks in advance.

Even im looking for an answer to this vital question without which this is a joke

Link to comment
Share on other sites

Hi there,

 

Sorry if these questions have been repeated but I have looked and cannot find the answers I am looking for.

 

So here goes:

 

1. My Os admin page is not secure, is there any way to password protect so that no one else can access it?

 

2. I need to install a SSL certificate, my web host provides one, which is https://web15.secure-secure.co.uk/there is more to it than this but without a secure admin panel I don not want to enter the rest!  Where do I insert this or how do I add it?

 

Thanks in advance.

 

1)The store admin directory on your server needs to be password protected using .htaccess. Most of the time the server you are hosting your store on has the ability to password protect directories through the server administration area so check with your host.

 

2)Ok you need to edit 2 files 1 is includes/configure.php & the other is admin/includes/configure.php

 

I'm assuming your files are in the root directory and that you have not added anther file i.e. catalog/osc_store/ if you have then just add them. Having the files in the root directory means you can put in the browser http://myshop.com if your files are saved in lets say catalog then your address will be http://myshop.com/catalog (Of course I think it is easier to put everything in the root directory because, then you have an easy address for your customers to remember)

 

You don't need to put true for SSL in the admin part as there's nothing in there that needs encrypting if you do put true it will only slow down your page loading, but it's up to you.

 

Just change for your site address and your SSL cert https:// address

 

Note: Make sure you do not have any empty spaces before the <?php at the very top of the pages and the ?> at the very bottom. php don't like empty spaces at the beginning or end of a page, (if you do leave spaces it can cause errors).

 

This is a shared SSL set up.

 

includes/configure.php

 

<?php
/*
 $Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.siamsavers.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://blue.host-care.com/~siamsave'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.siamsavers.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.blue.host-care.com/~siamsave');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'xxxxxxxxxxx');
 define('DB_SERVER_PASSWORD', 'xxxxxxxxxxx');
 define('DB_DATABASE', 'siamsave_osc1');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

admin/includes/configure.php

 

<?php
/*
 $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2002 osCommerce

 Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
 define('HTTP_SERVER', 'http://www.siamsavers.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.siamsavers.com');
 define('HTTPS_CATALOG_SERVER', 'https://blue.host-care.com/~siamsave');
 define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
 define('DB_SERVER', 'localhost');
 define('DB_SERVER_USERNAME', 'xxxxxxxxxxxxx');
 define('DB_SERVER_PASSWORD', 'xxxxxxxxxxxxx');
 define('DB_DATABASE', 'xxxxxxxxxxxx');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');
// leave empty '' for default handler or set to 'mysql'
?>

Link to comment
Share on other sites

thanks jaitan, ur reply is much appreciated but im not able to secure my admin panel, prolly cos im hosting my site on windows server .

 

I have no idea i have spent hours 2day looking for way to secure my admin panel but i cldnt find any answers.???

goodness grief..dunno wat to do

if you cld suggest neother way???

 

thanks in advance ,

guru

Link to comment
Share on other sites

thanks jaitan, ur  reply is much appreciated but im not able to secure my admin panel, prolly cos im hosting my site on windows server .

 

I have no idea i have spent hours 2day looking for way to secure my admin panel but i cldnt find any answers.???

goodness grief..dunno wat to do

if you cld suggest neother way???

 

thanks in advance ,

guru

Some Windows servers have the Apache web server installed, in which case the same .htaccess/.htpasswd methods described in the forum and available in a couple of contributions should work.

 

However, since that apparently hasn't worked for you, it is likely that your server is using the IIS web server. In that case you will have to go through the web server admin panel and secure each of the admin files (I could be wrong but I recall another thread in which it was mentioned that IIS doesn't support securing entire folders). I did a Google search and came up with this link, it applies to a Windows 2000 server running IIS 5.0:

 

Password Protect Your IIS 5.0 Web Pages

 

hth

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...