stanleymog Posted July 23, 2005 Share Posted July 23, 2005 Hi there, Sorry if these questions have been repeated but I have looked and cannot find the answers I am looking for. So here goes: 1. My Os admin page is not secure, is there any way to password protect so that no one else can access it? 2. I need to install a SSL certificate, my web host provides one, which is https://web15.secure-secure.co.uk/there is more to it than this but without a secure admin panel I don not want to enter the rest! Where do I insert this or how do I add it? Thanks in advance. Link to comment Share on other sites More sharing options...
mcseguru Posted July 23, 2005 Share Posted July 23, 2005 Hi there, Sorry if these questions have been repeated but I have looked and cannot find the answers I am looking for. So here goes: 1. My Os admin page is not secure, is there any way to password protect so that no one else can access it? 2. I need to install a SSL certificate, my web host provides one, which is https://web15.secure-secure.co.uk/there is more to it than this but without a secure admin panel I don not want to enter the rest! Where do I insert this or how do I add it? Thanks in advance. <{POST_SNAPBACK}> Even im looking for an answer to this vital question without which this is a joke Link to comment Share on other sites More sharing options...
mi_jaiten Posted July 23, 2005 Share Posted July 23, 2005 Hi there, Sorry if these questions have been repeated but I have looked and cannot find the answers I am looking for. So here goes: 1. My Os admin page is not secure, is there any way to password protect so that no one else can access it? 2. I need to install a SSL certificate, my web host provides one, which is https://web15.secure-secure.co.uk/there is more to it than this but without a secure admin panel I don not want to enter the rest! Where do I insert this or how do I add it? Thanks in advance. <{POST_SNAPBACK}> 1)The store admin directory on your server needs to be password protected using .htaccess. Most of the time the server you are hosting your store on has the ability to password protect directories through the server administration area so check with your host. 2)Ok you need to edit 2 files 1 is includes/configure.php & the other is admin/includes/configure.php I'm assuming your files are in the root directory and that you have not added anther file i.e. catalog/osc_store/ if you have then just add them. Having the files in the root directory means you can put in the browser http://myshop.com if your files are saved in lets say catalog then your address will be http://myshop.com/catalog (Of course I think it is easier to put everything in the root directory because, then you have an easy address for your customers to remember) You don't need to put true for SSL in the admin part as there's nothing in there that needs encrypting if you do put true it will only slow down your page loading, but it's up to you. Just change for your site address and your SSL cert https:// address Note: Make sure you do not have any empty spaces before the <?php at the very top of the pages and the ?> at the very bottom. php don't like empty spaces at the beginning or end of a page, (if you do leave spaces it can cause errors). This is a shared SSL set up. includes/configure.php <?php /* $Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.siamsavers.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://blue.host-care.com/~siamsave'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.siamsavers.com'); define('HTTPS_COOKIE_DOMAIN', 'www.blue.host-care.com/~siamsave'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'xxxxxxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxxxxxx'); define('DB_DATABASE', 'siamsave_osc1'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> admin/includes/configure.php <?php /* $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2002 osCommerce Released under the GNU General Public License */ // define our webserver variables // FS = Filesystem (physical) // WS = Webserver (virtual) define('HTTP_SERVER', 'http://www.siamsavers.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://www.siamsavers.com'); define('HTTPS_CATALOG_SERVER', 'https://blue.host-care.com/~siamsave'); define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/admin/'); define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); define('DIR_WS_CATALOG', '/'); define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); // define our database connection define('DB_SERVER', 'localhost'); define('DB_SERVER_USERNAME', 'xxxxxxxxxxxxx'); define('DB_SERVER_PASSWORD', 'xxxxxxxxxxxxx'); define('DB_DATABASE', 'xxxxxxxxxxxx'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> Link to comment Share on other sites More sharing options...
mcseguru Posted July 24, 2005 Share Posted July 24, 2005 thanks jaitan, ur reply is much appreciated but im not able to secure my admin panel, prolly cos im hosting my site on windows server . I have no idea i have spent hours 2day looking for way to secure my admin panel but i cldnt find any answers.??? goodness grief..dunno wat to do if you cld suggest neother way??? thanks in advance , guru Link to comment Share on other sites More sharing options...
GraphicsGuy Posted July 24, 2005 Share Posted July 24, 2005 thanks jaitan, ur reply is much appreciated but im not able to secure my admin panel, prolly cos im hosting my site on windows server . I have no idea i have spent hours 2day looking for way to secure my admin panel but i cldnt find any answers.??? goodness grief..dunno wat to do if you cld suggest neother way??? thanks in advance , guru <{POST_SNAPBACK}> Some Windows servers have the Apache web server installed, in which case the same .htaccess/.htpasswd methods described in the forum and available in a couple of contributions should work. However, since that apparently hasn't worked for you, it is likely that your server is using the IIS web server. In that case you will have to go through the web server admin panel and secure each of the admin files (I could be wrong but I recall another thread in which it was mentioned that IIS doesn't support securing entire folders). I did a Google search and came up with this link, it applies to a Windows 2000 server running IIS 5.0: Password Protect Your IIS 5.0 Web Pages hth Rule #1: Without exception, backup your database and files before making any changes to your files or database. Rule #2: Make sure there are no exceptions to Rule #1. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.