azanaz Posted July 25, 2005 Share Posted July 25, 2005 Hi ALL, Sorry started new thread coz i have sorted all my problems...HURRAY. desperately need some help to secure my admin page, I found something earlier in one of the thread, i created a php codein a new folder here: admin/includes/authen.php here it is: Maybe there is an error somwhere? <?php if(!isset($PHP_AUTH_USER)) { header('WWW-Authenticate: Basic realm="' . PUTYOURSHOPNAMEHERE . '"'); header('HTTP/1.0 401 Unauthorized'); echo $SERVER_NAME . ' Authorization Required.'; exit; } else { if (($PHP_AUTH_USER != YOUR USERNAME) || ($PHP_AUTH_PW != YOUR_PASSWORD)) { header('WWW-Authenticate: Basic realm="' . SAMENAMEASABOVE. '"'); header('HTTP/1.0 401 Unauthorized'); echo $SERVER_NAME . ' Authorization Required.'; exit; } } ?> I have done all the required changes but it still is not working. Would really appreciate any help, i am new to php so pls plz help a newbie here.. azanaz Link to comment Share on other sites More sharing options...
azanaz Posted July 25, 2005 Author Share Posted July 25, 2005 Another Problem , cannot get the backup to work. It;s now not saving anything and i get a parse error: here is the script, can anyone have a look plz??? Azanaz <?php /* $Id: backup.php 6137 2005-05-10 12:59:09Z jim $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : ''); if (tep_not_null($action)) { switch ($action) { case 'forget': tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); $messageStack->add_session(SUCCESS_LAST_RESTORE_CLEARED, 'success'); tep_redirect(tep_href_link(FILENAME_BACKUP)); break; case 'backupnow': tep_set_time_limit(0); $backup_file = 'db_' . DB_DATABASE . '-' . date('YmdHis') . '.sql'; $fp = fopen(DIR_FS_BACKUP . $backup_file, 'w'); $schema = '# osCommerce, Open Source E-Commerce Solutions' . "n" . '# http://www.oscommerce.com' . "n" . '#' . "n" . '# Database Backup For ' . STORE_NAME . "n" . '# Copyright © ' . date('Y') . ' ' . STORE_OWNER . "n" . '#' . "n" . '# Database: ' . DB_DATABASE . "n" . '# Database Server: ' . DB_SERVER . "n" . '#' . "n" . '# Backup Date: ' . date(PHP_DATE_TIME_FORMAT) . "nn"; fputs($fp, $schema); $tables_query = tep_db_query('show tables'); while ($tables = tep_db_fetch_array($tables_query)) { list(,$table) = each($tables); $schema = 'drop table if exists ' . $table . ';' . "n" . 'create table ' . $table . ' (' . "y"; $table_list = array(); $fields_query = tep_db_query("show fields from " . $table); while ($fields = tep_db_fetch_array($fields_query)) { $table_list[] = $fields['Field']; $schema .= ' ' . $fields['Field'] . ' ' . $fields['Type']; if (strlen($fields['Default']) > 0) $schema .= ' default '' . $fields['Default'] . '''; if ($fields['Null'] != 'YES') $schema .= ' not null'; if (isset($fields['Extra'])) $schema .= ' ' . $fields['Extra']; $schema .= ',' . "n"; } $schema = ereg_replace(",n$", '', $schema); // add the keys $index = array(); $keys_query = tep_db_query("show keys from " . $table); while ($keys = tep_db_fetch_array($keys_query)) { $kname = $keys['Key_name']; if (!isset($index[$kname])) { $index[$kname] = array('unique' => !$keys['Non_unique'], 'columns' => array()); } $index[$kname]['columns'][] = $keys['Column_name']; } while (list($kname, $info) = each($index)) { $schema .= ',' . "n"; $columns = implode($info['columns'], ', '); if ($kname == 'PRIMARY') { $schema .= ' PRIMARY KEY (' . $columns . ')'; } elseif ($info['unique']) { $schema .= ' UNIQUE ' . $kname . ' (' . $columns . ')'; } else { $schema .= ' KEY ' . $kname . ' (' . $columns . ')'; } } $schema .= "n" . ');' . "nn"; fputs($fp, $schema); // dump the data $rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table); while ($rows = tep_db_fetch_array($rows_query)) { $schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values ('; reset($table_list); while (list(,$i) = each($table_list)) { if (!isset($rows[$i])) { $schema .= 'NULL, '; } elseif (tep_not_null($rows[$i])) { $row = addslashes($rows[$i]); $row = ereg_replace("n#", "n".'#', $row); $schema .= ''' . $row . '', '; } else { $schema .= ''', '; } } $schema = ereg_replace(', $', '', $schema) . ');' . "n"; fputs($fp, $schema); } } fclose($fp); if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) { switch ($HTTP_POST_VARS['compress']) { case 'gzip': exec(LOCAL_EXE_GZIP . ' ' . DIR_FS_BACKUP . $backup_file); $backup_file .= '.gz'; break; case 'zip': exec(LOCAL_EXE_ZIP . ' -j ' . DIR_FS_BACKUP . $backup_file . '.zip ' . DIR_FS_BACKUP . $backup_file); unlink(DIR_FS_BACKUP . $backup_file); $backup_file .= '.zip'; } header('Content-type: application/x-octet-stream'); header('Content-disposition: attachment; filename=' . $backup_file); readfile(DIR_FS_BACKUP . $backup_file); unlink(DIR_FS_BACKUP . $backup_file); exit; } else { switch ($HTTP_POST_VARS['compress']) { case 'gzip': exec(LOCAL_EXE_GZIP . ' ' . DIR_FS_BACKUP . $backup_file); break; case 'zip': exec(LOCAL_EXE_ZIP . ' -j ' . DIR_FS_BACKUP . $backup_file . '.zip ' . DIR_FS_BACKUP . $backup_file); unlink(DIR_FS_BACKUP . $backup_file); } $messageStack->add_session(SUCCESS_DATABASE_SAVED, 'success'); } tep_redirect(tep_href_link(FILENAME_BACKUP)); break; case 'restorenow': case 'restorelocalnow': tep_set_time_limit(0); if ($action == 'restorenow') { $read_from = $HTTP_GET_VARS['file']; if (file_exists(DIR_FS_BACKUP . $HTTP_GET_VARS['file'])) { $restore_file = DIR_FS_BACKUP . $HTTP_GET_VARS['file']; $extension = substr($HTTP_GET_VARS['file'], -3); if ( ($extension == 'sql') || ($extension == '.gz') || ($extension == 'zip') ) { switch ($extension) { case 'sql': $restore_from = $restore_file; $remove_raw = false; break; case '.gz': $restore_from = substr($restore_file, 0, -3); exec(LOCAL_EXE_GUNZIP . ' ' . $restore_file . ' -c > ' . $restore_from); $remove_raw = true; break; case 'zip': $restore_from = substr($restore_file, 0, -4); exec(LOCAL_EXE_UNZIP . ' ' . $restore_file . ' -d ' . DIR_FS_BACKUP); $remove_raw = true; } if (isset($restore_from) && file_exists($restore_from) && (filesize($restore_from) > 15000)) { $fd = fopen($restore_from, 'rb'); $restore_query = fread($fd, filesize($restore_from)); fclose($fd); } } } } elseif ($action == 'restorelocalnow') { $sql_file = new upload('sql_file'); if ($sql_file->parse() == true) { $restore_query = fread(fopen($sql_file->tmp_filename, 'r'), filesize($sql_file->tmp_filename)); $read_from = $sql_file->filename; } } if (isset($restore_query)) { $sql_array = array(); $sql_length = strlen($restore_query); $pos = strpos($restore_query, ';'); for ($i=$pos; $i<$sql_length; $i++) { if ($restore_query[0] == '#') { $restore_query = ltrim(substr($restore_query, strpos($restore_query, "n"))); $sql_length = strlen($restore_query); $i = strpos($restore_query, ';')-1; continue; } if ($restore_query[($i+1)] == "n") { for ($j=($i+2); $j<$sql_length; $j++) { if (trim($restore_query[$j]) != '') { $next = substr($restore_query, $j, 6); if ($next[0] == '#') { // find out where the break position is so we can remove this line (#comment line) for ($k=$j; $k<$sql_length; $k++) { if ($restore_query[$k] == "n") break; } $query = substr($restore_query, 0, $i+1); $restore_query = substr($restore_query, $k); // join the query before the comment appeared, with the rest of the dump $restore_query = $query . $restore_query; $sql_length = strlen($restore_query); $i = strpos($restore_query, ';')-1; continue 2; } break; } } if ($next == '') { // get the last insert query $next = 'insert'; } if ( (eregi('create', $next)) || (eregi('insert', $next)) || (eregi('drop t', $next)) ) { $next = ''; $sql_array[] = substr($restore_query, 0, $i); $restore_query = ltrim(substr($restore_query, $i+1)); $sql_length = strlen($restore_query); $i = strpos($restore_query, ';')-1; } } } tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones"); for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) { tep_db_query($sql_array[$i]); } tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'"); tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')"); if (isset($remove_raw) && ($remove_raw == true)) { unlink($restore_from); } $messageStack->add_session(SUCCESS_DATABASE_RESTORED, 'success'); } tep_redirect(tep_href_link(FILENAME_BACKUP)); break; case 'download': $extension = substr($HTTP_GET_VARS['file'], -3); if ( ($extension == 'zip') || ($extension == '.gz') || ($extension == 'sql') ) { if ($fp = fopen(DIR_FS_BACKUP . $HTTP_GET_VARS['file'], 'rb')) { $buffer = fread($fp, filesize(DIR_FS_BACKUP . $HTTP_GET_VARS['file'])); fclose($fp); header('Content-type: application/x-octet-stream'); header('Content-disposition: attachment; filename=' . $HTTP_GET_VARS['file']); echo $buffer; exit; } } else { $messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error'); } break; case 'deleteconfirm': if (strstr($HTTP_GET_VARS['file'], '..')) tep_redirect(tep_href_link(FILENAME_BACKUP)); tep_remove(DIR_FS_BACKUP . '/' . $HTTP_GET_VARS['file']); if (!$tep_remove_error) { $messageStack->add_session(SUCCESS_BACKUP_DELETED, 'success'); tep_redirect(tep_href_link(FILENAME_BACKUP)); } break; } } // check if the backup directory exists $dir_ok = false; if (is_dir(DIR_FS_BACKUP)) { if (is_writeable(DIR_FS_BACKUP)) { $dir_ok = true; } else { $messageStack->add(ERROR_BACKUP_DIRECTORY_NOT_WRITEABLE, 'error'); } } else { $messageStack->add(ERROR_BACKUP_DIRECTORY_DOES_NOT_EXIST, 'error'); } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <link rel="stylesheet" type="text/css" href="includes/stylesheet.css"> <script language="javascript" src="includes/general.js"></script> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <!-- body_text //--> <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?></td> <td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="dataTableHeadingRow"> <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_TITLE; ?></td> <td class="dataTableHeadingContent" align="center"><?php echo TABLE_HEADING_FILE_DATE; ?></td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_FILE_SIZE; ?></td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td> </tr> <?php if ($dir_ok == true) { $dir = dir(DIR_FS_BACKUP); $contents = array(); while ($file = $dir->read()) { if (!is_dir(DIR_FS_BACKUP . $file)) { $contents[] = $file; } } sort($contents); for ($i=0, $n=sizeof($contents); $i<$n; $i++) { $entry = $contents[$i]; $check = 0; if ((!isset($HTTP_GET_VARS['file']) || (isset($HTTP_GET_VARS['file']) && ($HTTP_GET_VARS['file'] == $entry))) && !isset($buInfo) && ($action != 'backup') && ($action != 'restorelocal')) { $file_array['file'] = $entry; $file_array['date'] = date(PHP_DATE_TIME_FORMAT, filemtime(DIR_FS_BACKUP . $entry)); $file_array['size'] = number_format(filesize(DIR_FS_BACKUP . $entry)) . ' bytes'; switch (substr($entry, -3)) { case 'zip': $file_array['compression'] = 'ZIP'; break; case '.gz': $file_array['compression'] = 'GZIP'; break; default: $file_array['compression'] = TEXT_NO_EXTENSION; break; } $buInfo = new objectInfo($file_array); } if (isset($buInfo) && is_object($buInfo) && ($entry == $buInfo->file)) { echo ' <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)">' . "n"; $onclick_link = 'file=' . $buInfo->file . '&action=restore'; } else { echo ' <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)">' . "n"; $onclick_link = 'file=' . $entry; } ?> <td class="dataTableContent" onclick="document.location.href='<?php echo tep_href_link(FILENAME_BACKUP, $onclick_link); ?>'"><?php echo '<a href="' . tep_href_link(FILENAME_BACKUP, 'action=download&file=' . $entry) . '">' . tep_image(DIR_WS_ICONS . 'file_download.gif', ICON_FILE_DOWNLOAD) . '</a> ' . $entry; ?></td> <td class="dataTableContent" align="center" onclick="document.location.href='<?php echo tep_href_link(FILENAME_BACKUP, $onclick_link); ?>'"><?php echo date(PHP_DATE_TIME_FORMAT, filemtime(DIR_FS_BACKUP . $entry)); ?></td> <td class="dataTableContent" align="right" onclick="document.location.href='<?php echo tep_href_link(FILENAME_BACKUP, $onclick_link); ?>'"><?php echo number_format(filesize(DIR_FS_BACKUP . $entry)); ?> bytes</td> <td class="dataTableContent" align="right"><?php if (isset($buInfo) && is_object($buInfo) && ($entry == $buInfo->file)) { echo tep_image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); } else { echo '<a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $entry) . '">' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . '</a>'; } ?> </td> </tr> <?php } $dir->close(); } ?> <tr> <td class="smallText" colspan="3"><?php echo TEXT_BACKUP_DIRECTORY . ' ' . DIR_FS_BACKUP; ?></td> <td align="right" class="smallText"><?php if ( ($action != 'backup') && (isset($dir)) ) echo '<a href="' . tep_href_link(FILENAME_BACKUP, 'action=backup') . '">' . tep_image_button('button_backup.gif', IMAGE_BACKUP) . '</a>'; if ( ($action != 'restorelocal') && isset($dir) ) echo ' <a href="' . tep_href_link(FILENAME_BACKUP, 'action=restorelocal') . '">' . tep_image_button('button_restore.gif', IMAGE_RESTORE) . '</a>'; ?></td> </tr> <?php if (defined('DB_LAST_RESTORE')) { ?> <tr> <td class="smallText" colspan="4"><?php echo TEXT_LAST_RESTORATION . ' ' . DB_LAST_RESTORE . ' <a href="' . tep_href_link(FILENAME_BACKUP, 'action=forget') . '">' . TEXT_FORGET . '</a>'; ?></td> </tr> <?php } ?> </table></td> <?php $heading = array(); $contents = array(); switch ($action) { case 'backup': $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_NEW_BACKUP . '</b>'); $contents = array('form' => tep_draw_form('backup', FILENAME_BACKUP, 'action=backupnow')); $contents[] = array('text' => TEXT_INFO_NEW_BACKUP); $contents[] = array('text' => '<br>' . tep_draw_radio_field('compress', 'no', true) . ' ' . TEXT_INFO_USE_NO_COMPRESSION); if (file_exists(LOCAL_EXE_GZIP)) $contents[] = array('text' => '<br>' . tep_draw_radio_field('compress', 'gzip') . ' ' . TEXT_INFO_USE_GZIP); if (file_exists(LOCAL_EXE_ZIP)) $contents[] = array('text' => tep_draw_radio_field('compress', 'zip') . ' ' . TEXT_INFO_USE_ZIP); if ($dir_ok == true) { $contents[] = array('text' => '<br>' . tep_draw_checkbox_field('download', 'yes') . ' ' . TEXT_INFO_DOWNLOAD_ONLY . '*<br><br>*' . TEXT_INFO_BEST_THROUGH_HTTPS); } else { $contents[] = array('text' => '<br>' . tep_draw_radio_field('download', 'yes', true) . ' ' . TEXT_INFO_DOWNLOAD_ONLY . '*<br><br>*' . TEXT_INFO_BEST_THROUGH_HTTPS); } $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_backup.gif', IMAGE_BACKUP) . ' <a href="' . tep_href_link(FILENAME_BACKUP) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'); break; case 'restore': $heading[] = array('text' => '<b>' . $buInfo->date . '</b>'); $contents[] = array('text' => tep_break_string(sprintf(TEXT_INFO_RESTORE, DIR_FS_BACKUP . (($buInfo->compression != TEXT_NO_EXTENSION) ? substr($buInfo->file, 0, strrpos($buInfo->file, '.')) : $buInfo->file), ($buInfo->compression != TEXT_NO_EXTENSION) ? TEXT_INFO_UNPACK : ''), 35, ' ')); $contents[] = array('align' => 'center', 'text' => '<br><a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=restorenow') . '">' . tep_image_button('button_restore.gif', IMAGE_RESTORE) . '</a> <a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'); break; case 'restorelocal': $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_RESTORE_LOCAL . '</b>'); $contents = array('form' => tep_draw_form('restore', FILENAME_BACKUP, 'action=restorelocalnow', 'post', 'enctype="multipart/form-data"')); $contents[] = array('text' => TEXT_INFO_RESTORE_LOCAL . '<br><br>' . TEXT_INFO_BEST_THROUGH_HTTPS); $contents[] = array('text' => '<br>' . tep_draw_file_field('sql_file')); $contents[] = array('text' => TEXT_INFO_RESTORE_LOCAL_RAW_FILE); $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_restore.gif', IMAGE_RESTORE) . ' <a href="' . tep_href_link(FILENAME_BACKUP) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'); break; case 'delete': $heading[] = array('text' => '<b>' . $buInfo->date . '</b>'); $contents = array('form' => tep_draw_form('delete', FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=deleteconfirm')); $contents[] = array('text' => TEXT_DELETE_INTRO); $contents[] = array('text' => '<br><b>' . $buInfo->file . '</b>'); $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>'); break; default: if (isset($buInfo) && is_object($buInfo)) { $heading[] = array('text' => '<b>' . $buInfo->date . '</b>'); $contents[] = array('align' => 'center', 'text' => '<a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=restore') . '">' . tep_image_button('button_restore.gif', IMAGE_RESTORE) . '</a> <a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=delete') . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a>'); $contents[] = array('text' => '<br>' . TEXT_INFO_DATE . ' ' . $buInfo->date); $contents[] = array('text' => TEXT_INFO_SIZE . ' ' . $buInfo->size); $contents[] = array('text' => '<br>' . TEXT_INFO_COMPRESSION . ' ' . $buInfo->compression); } break; } if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) { echo ' <td width="25%" valign="top">' . "n"; $box = new box; echo $box->infoBox($heading, $contents); echo ' </td>' . "n"; } ?> </tr> </table></td> </tr> </table></td> <!-- body_text_eof //--> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Link to comment Share on other sites More sharing options...
Guest Posted July 25, 2005 Share Posted July 25, 2005 Re securing your admin - do you have access to a control panel of sorts, provided by your webhost ? Virtually all of the server operating systems (eg Plesk, cPanel, xtend, etc) have a facility where you can secure a whole folder (ie catalog/admin). Give that a whirl ? Link to comment Share on other sites More sharing options...
TCwho Posted July 25, 2005 Share Posted July 25, 2005 Try the above first... then if you cant do that do a search for using : .htaccess files to secure directory .. Tip: Please dont post entire code in your post. People will not want to help when you do that. Its better to actually post the error :-" than to post the entire code. by default the backup directory doesnt exist, you have to create it. Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
azanaz Posted July 25, 2005 Author Share Posted July 25, 2005 Sorry for pasting the whole thing but don't know what's wrong with it, all i get now is: Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/sites/anzz-fashions.co.uk/public_html/XX_XXXX/admin/backup.php on line 57 I'v had to xxx the page name coz i still cannot get the admin secured. I feel very stupid coz a lot of you guys is trying to help and i still don't get it. I ran a search in all the forums but i did not find anything. Many thanks Azanaz Link to comment Share on other sites More sharing options...
TCwho Posted July 25, 2005 Share Posted July 25, 2005 Line 57 should be this: if (strlen($fields['Default']) > 0) $schema .= ' default \'' . $fields['Default'] . '\''; You have this: if (strlen($fields['Default']) > 0) $schema .= ' default '' . $fields['Default'] . '''; Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
azanaz Posted July 25, 2005 Author Share Posted July 25, 2005 ok now i'v really done it!! I have managed to block myself from the admin page now what? Here is the error code: Warning: mysql_connect(): Access denied for user 'web14_a_shopp_29'@'localhost' (using password: YES) in /home/sites/anzz-fashions.co.uk/public_html/catalogue/admin/includes/functions/database.php on line 19 Unable to connect to database server! Link to comment Share on other sites More sharing options...
azanaz Posted July 25, 2005 Author Share Posted July 25, 2005 Thank you for all your help so far, i have been able to get back into the administration panel and i have tried to correct the line that was wrong now i get this: Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/sites/anzz-fashions.co.uk/public_html/my_shop/admin/backup.php on line 114 Also i hane been able to locate the control panel on my webhosts, but i still don't know how to secure the admin page on oscommerce. Many Thanks All azanaz Link to comment Share on other sites More sharing options...
TCwho Posted July 25, 2005 Share Posted July 25, 2005 Your welcome. Are you using the FileManager to edit your files? Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
azanaz Posted July 25, 2005 Author Share Posted July 25, 2005 Your welcome. Are you using the FileManager to edit your files? <{POST_SNAPBACK}> Yes from the oscommerce administration page. Thanks..TCwho Link to comment Share on other sites More sharing options...
TCwho Posted July 25, 2005 Share Posted July 25, 2005 Dont use it..it will cause more problems for you . It is buggy and will sometimes strip your code of ' \ ' Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
azanaz Posted July 25, 2005 Author Share Posted July 25, 2005 Dont use it..it will cause more problems for you . It is buggy and will sometimes strip your code of ' \ ' <{POST_SNAPBACK}> Huh? I'm confused, so what is to be used? azanaz Link to comment Share on other sites More sharing options...
TCwho Posted July 25, 2005 Share Posted July 25, 2005 You should use an FTP Program & Good Text Editor. Im not sure if we are allowed to say them here..although if you do a search about text editors you will find results in the forum. Sending PM--> Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00 Link to comment Share on other sites More sharing options...
azanaz Posted July 26, 2005 Author Share Posted July 26, 2005 You should use an FTP Program & Good Text Editor. Im not sure if we are allowed to say them here..although if you do a search about text editors you will find results in the forum. Sending PM--> <{POST_SNAPBACK}> Ok I am back!! Trying to follow your advice TCwho...will let you know, I just really need to secure that admin thing!! If Anyone at all can help me plzzzzz!!! Azanaz Link to comment Share on other sites More sharing options...
Guest Posted July 26, 2005 Share Posted July 26, 2005 It would help if you could tell us what system your webhost uses (i.e. do you have access to an admin control panel for your site eg Plesk, cPanel etc ?) Once we know this we can point you in the right direction, regarding securing your admin folder. As TCwho suggests, the other alternative is to create a file in Notepad named .htaccess (ie no file name, just the filename extension .htaccess) and then add your log in details to another file named .htpasswd - this article explains all. You'll need an FTP program (do a google for Filezilla, Cute FTP or Smart FTP - all free) to do this. Link to comment Share on other sites More sharing options...
azanaz Posted July 26, 2005 Author Share Posted July 26, 2005 It would help if you could tell us what system your webhost uses (i.e. do you have access to an admin control panel for your site eg Plesk, cPanel etc ?) Once we know this we can point you in the right direction, regarding securing your admin folder. As TCwho suggests, the other alternative is to create a file in Notepad named .htaccess (ie no file name, just the filename extension .htaccess) and then add your log in details to another file named .htpasswd - this article explains all. You'll need an FTP program (do a google for Filezilla, Cute FTP or Smart FTP - all free) to do this. <{POST_SNAPBACK}> Many Thanks, I got the answer from Matti. Just need someone to try and see if it's secure now. Can I pm you with the address please? azanaz Link to comment Share on other sites More sharing options...
azanaz Posted July 26, 2005 Author Share Posted July 26, 2005 Many Thanks, I got the answer from Matti. Just need someone to try and see if it's secure now. Can I pm you with the address please? azanaz <{POST_SNAPBACK}> Just in case if anyone else gets the same problem, i used the webservers' control panel. In the account utilities section( I use heart internet) there is an option to password protect the directories you want. Just remember the password and user details you will be using. azanaz. Link to comment Share on other sites More sharing options...
Guest Posted July 26, 2005 Share Posted July 26, 2005 Anyone can do it - www.yoursite.com/catalog/admin - they should get the log in prompt :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.