Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

need to know how to secure my admin page?


azanaz

Recommended Posts

Hi ALL, Sorry started new thread coz i have sorted all my problems...HURRAY. desperately need some help to secure my admin page, I found something earlier in one of the thread, i created a php codein a new folder here: admin/includes/authen.php

here it is:

Maybe there is an error somwhere?

 

<?php

 

if(!isset($PHP_AUTH_USER))

{ header('WWW-Authenticate: Basic realm="' . PUTYOURSHOPNAMEHERE . '"');

header('HTTP/1.0 401 Unauthorized');

echo $SERVER_NAME . ' Authorization Required.';

exit;

}

else

{ if (($PHP_AUTH_USER != YOUR USERNAME) || ($PHP_AUTH_PW != YOUR_PASSWORD))

{ header('WWW-Authenticate: Basic realm="' . SAMENAMEASABOVE. '"');

header('HTTP/1.0 401 Unauthorized');

echo $SERVER_NAME . ' Authorization Required.';

exit;

}

}

 

?>

 

I have done all the required changes but it still is not working. Would really appreciate any help, i am new to php so pls plz help a newbie here..

 

azanaz

Link to comment
Share on other sites

Another Problem , cannot get the backup to work. It;s now not saving anything and i get a parse error: here is the script, can anyone have a look plz???

 

Azanaz

 

 

<?php

/*

$Id: backup.php 6137 2005-05-10 12:59:09Z jim $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

 

if (tep_not_null($action)) {

switch ($action) {

case 'forget':

tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'");

 

$messageStack->add_session(SUCCESS_LAST_RESTORE_CLEARED, 'success');

 

tep_redirect(tep_href_link(FILENAME_BACKUP));

break;

case 'backupnow':

tep_set_time_limit(0);

$backup_file = 'db_' . DB_DATABASE . '-' . date('YmdHis') . '.sql';

$fp = fopen(DIR_FS_BACKUP . $backup_file, 'w');

 

$schema = '# osCommerce, Open Source E-Commerce Solutions' . "n" .

'# http://www.oscommerce.com' . "n" .

'#' . "n" .

'# Database Backup For ' . STORE_NAME . "n" .

'# Copyright © ' . date('Y') . ' ' . STORE_OWNER . "n" .

'#' . "n" .

'# Database: ' . DB_DATABASE . "n" .

'# Database Server: ' . DB_SERVER . "n" .

'#' . "n" .

'# Backup Date: ' . date(PHP_DATE_TIME_FORMAT) . "nn";

fputs($fp, $schema);

 

$tables_query = tep_db_query('show tables');

while ($tables = tep_db_fetch_array($tables_query)) {

list(,$table) = each($tables);

 

$schema = 'drop table if exists ' . $table . ';' . "n" .

'create table ' . $table . ' (' . "y";

 

$table_list = array();

$fields_query = tep_db_query("show fields from " . $table);

while ($fields = tep_db_fetch_array($fields_query)) {

$table_list[] = $fields['Field'];

 

$schema .= ' ' . $fields['Field'] . ' ' . $fields['Type'];

 

if (strlen($fields['Default']) > 0) $schema .= ' default '' . $fields['Default'] . ''';

 

if ($fields['Null'] != 'YES') $schema .= ' not null';

 

if (isset($fields['Extra'])) $schema .= ' ' . $fields['Extra'];

 

$schema .= ',' . "n";

}

 

$schema = ereg_replace(",n$", '', $schema);

 

// add the keys

$index = array();

$keys_query = tep_db_query("show keys from " . $table);

while ($keys = tep_db_fetch_array($keys_query)) {

$kname = $keys['Key_name'];

 

if (!isset($index[$kname])) {

$index[$kname] = array('unique' => !$keys['Non_unique'],

'columns' => array());

}

 

$index[$kname]['columns'][] = $keys['Column_name'];

}

 

while (list($kname, $info) = each($index)) {

$schema .= ',' . "n";

 

$columns = implode($info['columns'], ', ');

 

if ($kname == 'PRIMARY') {

$schema .= ' PRIMARY KEY (' . $columns . ')';

} elseif ($info['unique']) {

$schema .= ' UNIQUE ' . $kname . ' (' . $columns . ')';

} else {

$schema .= ' KEY ' . $kname . ' (' . $columns . ')';

}

}

 

$schema .= "n" . ');' . "nn";

fputs($fp, $schema);

 

// dump the data

$rows_query = tep_db_query("select " . implode(',', $table_list) . " from " . $table);

while ($rows = tep_db_fetch_array($rows_query)) {

$schema = 'insert into ' . $table . ' (' . implode(', ', $table_list) . ') values (';

 

reset($table_list);

while (list(,$i) = each($table_list)) {

if (!isset($rows[$i])) {

$schema .= 'NULL, ';

} elseif (tep_not_null($rows[$i])) {

$row = addslashes($rows[$i]);

$row = ereg_replace("n#", "n".'#', $row);

 

$schema .= ''' . $row . '', ';

} else {

$schema .= ''', ';

}

}

 

$schema = ereg_replace(', $', '', $schema) . ');' . "n";

fputs($fp, $schema);

 

}

}

 

fclose($fp);

 

if (isset($HTTP_POST_VARS['download']) && ($HTTP_POST_VARS['download'] == 'yes')) {

switch ($HTTP_POST_VARS['compress']) {

case 'gzip':

exec(LOCAL_EXE_GZIP . ' ' . DIR_FS_BACKUP . $backup_file);

$backup_file .= '.gz';

break;

case 'zip':

exec(LOCAL_EXE_ZIP . ' -j ' . DIR_FS_BACKUP . $backup_file . '.zip ' . DIR_FS_BACKUP . $backup_file);

unlink(DIR_FS_BACKUP . $backup_file);

$backup_file .= '.zip';

}

header('Content-type: application/x-octet-stream');

header('Content-disposition: attachment; filename=' . $backup_file);

 

readfile(DIR_FS_BACKUP . $backup_file);

unlink(DIR_FS_BACKUP . $backup_file);

 

exit;

} else {

switch ($HTTP_POST_VARS['compress']) {

case 'gzip':

exec(LOCAL_EXE_GZIP . ' ' . DIR_FS_BACKUP . $backup_file);

break;

case 'zip':

exec(LOCAL_EXE_ZIP . ' -j ' . DIR_FS_BACKUP . $backup_file . '.zip ' . DIR_FS_BACKUP . $backup_file);

unlink(DIR_FS_BACKUP . $backup_file);

}

 

$messageStack->add_session(SUCCESS_DATABASE_SAVED, 'success');

}

 

tep_redirect(tep_href_link(FILENAME_BACKUP));

break;

case 'restorenow':

case 'restorelocalnow':

tep_set_time_limit(0);

 

if ($action == 'restorenow') {

$read_from = $HTTP_GET_VARS['file'];

 

if (file_exists(DIR_FS_BACKUP . $HTTP_GET_VARS['file'])) {

$restore_file = DIR_FS_BACKUP . $HTTP_GET_VARS['file'];

$extension = substr($HTTP_GET_VARS['file'], -3);

 

if ( ($extension == 'sql') || ($extension == '.gz') || ($extension == 'zip') ) {

switch ($extension) {

case 'sql':

$restore_from = $restore_file;

$remove_raw = false;

break;

case '.gz':

$restore_from = substr($restore_file, 0, -3);

exec(LOCAL_EXE_GUNZIP . ' ' . $restore_file . ' -c > ' . $restore_from);

$remove_raw = true;

break;

case 'zip':

$restore_from = substr($restore_file, 0, -4);

exec(LOCAL_EXE_UNZIP . ' ' . $restore_file . ' -d ' . DIR_FS_BACKUP);

$remove_raw = true;

}

 

if (isset($restore_from) && file_exists($restore_from) && (filesize($restore_from) > 15000)) {

$fd = fopen($restore_from, 'rb');

$restore_query = fread($fd, filesize($restore_from));

fclose($fd);

}

}

}

} elseif ($action == 'restorelocalnow') {

$sql_file = new upload('sql_file');

 

if ($sql_file->parse() == true) {

$restore_query = fread(fopen($sql_file->tmp_filename, 'r'), filesize($sql_file->tmp_filename));

$read_from = $sql_file->filename;

}

}

 

if (isset($restore_query)) {

$sql_array = array();

$sql_length = strlen($restore_query);

$pos = strpos($restore_query, ';');

for ($i=$pos; $i<$sql_length; $i++) {

if ($restore_query[0] == '#') {

$restore_query = ltrim(substr($restore_query, strpos($restore_query, "n")));

$sql_length = strlen($restore_query);

$i = strpos($restore_query, ';')-1;

continue;

}

if ($restore_query[($i+1)] == "n") {

for ($j=($i+2); $j<$sql_length; $j++) {

if (trim($restore_query[$j]) != '') {

$next = substr($restore_query, $j, 6);

if ($next[0] == '#') {

// find out where the break position is so we can remove this line (#comment line)

for ($k=$j; $k<$sql_length; $k++) {

if ($restore_query[$k] == "n") break;

}

$query = substr($restore_query, 0, $i+1);

$restore_query = substr($restore_query, $k);

// join the query before the comment appeared, with the rest of the dump

$restore_query = $query . $restore_query;

$sql_length = strlen($restore_query);

$i = strpos($restore_query, ';')-1;

continue 2;

}

break;

}

}

if ($next == '') { // get the last insert query

$next = 'insert';

}

if ( (eregi('create', $next)) || (eregi('insert', $next)) || (eregi('drop t', $next)) ) {

$next = '';

$sql_array[] = substr($restore_query, 0, $i);

$restore_query = ltrim(substr($restore_query, $i+1));

$sql_length = strlen($restore_query);

$i = strpos($restore_query, ';')-1;

}

}

}

 

tep_db_query("drop table if exists address_book, address_format, banners, banners_history, categories, categories_description, configuration, configuration_group, counter, counter_history, countries, currencies, customers, customers_basket, customers_basket_attributes, customers_info, languages, manufacturers, manufacturers_info, orders, orders_products, orders_status, orders_status_history, orders_products_attributes, orders_products_download, products, products_attributes, products_attributes_download, prodcts_description, products_options, products_options_values, products_options_values_to_products_options, products_to_categories, reviews, reviews_description, sessions, specials, tax_class, tax_rates, geo_zones, whos_online, zones, zones_to_geo_zones");

 

for ($i=0, $n=sizeof($sql_array); $i<$n; $i++) {

tep_db_query($sql_array[$i]);

}

 

tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'DB_LAST_RESTORE'");

tep_db_query("insert into " . TABLE_CONFIGURATION . " values ('', 'Last Database Restore', 'DB_LAST_RESTORE', '" . $read_from . "', 'Last database restore file', '6', '', '', now(), '', '')");

 

if (isset($remove_raw) && ($remove_raw == true)) {

unlink($restore_from);

}

 

$messageStack->add_session(SUCCESS_DATABASE_RESTORED, 'success');

}

 

tep_redirect(tep_href_link(FILENAME_BACKUP));

break;

case 'download':

$extension = substr($HTTP_GET_VARS['file'], -3);

 

if ( ($extension == 'zip') || ($extension == '.gz') || ($extension == 'sql') ) {

if ($fp = fopen(DIR_FS_BACKUP . $HTTP_GET_VARS['file'], 'rb')) {

$buffer = fread($fp, filesize(DIR_FS_BACKUP . $HTTP_GET_VARS['file']));

fclose($fp);

 

header('Content-type: application/x-octet-stream');

header('Content-disposition: attachment; filename=' . $HTTP_GET_VARS['file']);

 

echo $buffer;

 

exit;

}

} else {

$messageStack->add(ERROR_DOWNLOAD_LINK_NOT_ACCEPTABLE, 'error');

}

break;

case 'deleteconfirm':

if (strstr($HTTP_GET_VARS['file'], '..')) tep_redirect(tep_href_link(FILENAME_BACKUP));

 

tep_remove(DIR_FS_BACKUP . '/' . $HTTP_GET_VARS['file']);

 

if (!$tep_remove_error) {

$messageStack->add_session(SUCCESS_BACKUP_DELETED, 'success');

 

tep_redirect(tep_href_link(FILENAME_BACKUP));

}

break;

}

}

 

// check if the backup directory exists

$dir_ok = false;

if (is_dir(DIR_FS_BACKUP)) {

if (is_writeable(DIR_FS_BACKUP)) {

$dir_ok = true;

} else {

$messageStack->add(ERROR_BACKUP_DIRECTORY_NOT_WRITEABLE, 'error');

}

} else {

$messageStack->add(ERROR_BACKUP_DIRECTORY_DOES_NOT_EXIST, 'error');

}

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">

<script language="javascript" src="includes/general.js"></script>

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

 

<!-- body //-->

<table border="0" width="100%" cellspacing="2" cellpadding="2">

<tr>

<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">

<!-- left_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>

<!-- left_navigation_eof //-->

</table></td>

<!-- body_text //-->

<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>

<td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr class="dataTableHeadingRow">

<td class="dataTableHeadingContent"><?php echo TABLE_HEADING_TITLE; ?></td>

<td class="dataTableHeadingContent" align="center"><?php echo TABLE_HEADING_FILE_DATE; ?></td>

<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_FILE_SIZE; ?></td>

<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td>

</tr>

<?php

if ($dir_ok == true) {

$dir = dir(DIR_FS_BACKUP);

$contents = array();

while ($file = $dir->read()) {

if (!is_dir(DIR_FS_BACKUP . $file)) {

$contents[] = $file;

}

}

sort($contents);

 

for ($i=0, $n=sizeof($contents); $i<$n; $i++) {

$entry = $contents[$i];

 

$check = 0;

 

if ((!isset($HTTP_GET_VARS['file']) || (isset($HTTP_GET_VARS['file']) && ($HTTP_GET_VARS['file'] == $entry))) && !isset($buInfo) && ($action != 'backup') && ($action != 'restorelocal')) {

$file_array['file'] = $entry;

$file_array['date'] = date(PHP_DATE_TIME_FORMAT, filemtime(DIR_FS_BACKUP . $entry));

$file_array['size'] = number_format(filesize(DIR_FS_BACKUP . $entry)) . ' bytes';

switch (substr($entry, -3)) {

case 'zip': $file_array['compression'] = 'ZIP'; break;

case '.gz': $file_array['compression'] = 'GZIP'; break;

default: $file_array['compression'] = TEXT_NO_EXTENSION; break;

}

 

$buInfo = new objectInfo($file_array);

}

 

if (isset($buInfo) && is_object($buInfo) && ($entry == $buInfo->file)) {

echo ' <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)">' . "n";

$onclick_link = 'file=' . $buInfo->file . '&action=restore';

} else {

echo ' <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)">' . "n";

$onclick_link = 'file=' . $entry;

}

?>

<td class="dataTableContent" onclick="document.location.href='<?php echo tep_href_link(FILENAME_BACKUP, $onclick_link); ?>'"><?php echo '<a href="' . tep_href_link(FILENAME_BACKUP, 'action=download&file=' . $entry) . '">' . tep_image(DIR_WS_ICONS . 'file_download.gif', ICON_FILE_DOWNLOAD) . '</a> ' . $entry; ?></td>

<td class="dataTableContent" align="center" onclick="document.location.href='<?php echo tep_href_link(FILENAME_BACKUP, $onclick_link); ?>'"><?php echo date(PHP_DATE_TIME_FORMAT, filemtime(DIR_FS_BACKUP . $entry)); ?></td>

<td class="dataTableContent" align="right" onclick="document.location.href='<?php echo tep_href_link(FILENAME_BACKUP, $onclick_link); ?>'"><?php echo number_format(filesize(DIR_FS_BACKUP . $entry)); ?> bytes</td>

<td class="dataTableContent" align="right"><?php if (isset($buInfo) && is_object($buInfo) && ($entry == $buInfo->file)) { echo tep_image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); } else { echo '<a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $entry) . '">' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . '</a>'; } ?> </td>

</tr>

<?php

}

$dir->close();

}

?>

<tr>

<td class="smallText" colspan="3"><?php echo TEXT_BACKUP_DIRECTORY . ' ' . DIR_FS_BACKUP; ?></td>

<td align="right" class="smallText"><?php if ( ($action != 'backup') && (isset($dir)) ) echo '<a href="' . tep_href_link(FILENAME_BACKUP, 'action=backup') . '">' . tep_image_button('button_backup.gif', IMAGE_BACKUP) . '</a>'; if ( ($action != 'restorelocal') && isset($dir) ) echo '  <a href="' . tep_href_link(FILENAME_BACKUP, 'action=restorelocal') . '">' . tep_image_button('button_restore.gif', IMAGE_RESTORE) . '</a>'; ?></td>

</tr>

<?php

if (defined('DB_LAST_RESTORE')) {

?>

<tr>

<td class="smallText" colspan="4"><?php echo TEXT_LAST_RESTORATION . ' ' . DB_LAST_RESTORE . ' <a href="' . tep_href_link(FILENAME_BACKUP, 'action=forget') . '">' . TEXT_FORGET . '</a>'; ?></td>

</tr>

<?php

}

?>

</table></td>

<?php

$heading = array();

$contents = array();

 

switch ($action) {

case 'backup':

$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_NEW_BACKUP . '</b>');

 

$contents = array('form' => tep_draw_form('backup', FILENAME_BACKUP, 'action=backupnow'));

$contents[] = array('text' => TEXT_INFO_NEW_BACKUP);

 

$contents[] = array('text' => '<br>' . tep_draw_radio_field('compress', 'no', true) . ' ' . TEXT_INFO_USE_NO_COMPRESSION);

if (file_exists(LOCAL_EXE_GZIP)) $contents[] = array('text' => '<br>' . tep_draw_radio_field('compress', 'gzip') . ' ' . TEXT_INFO_USE_GZIP);

if (file_exists(LOCAL_EXE_ZIP)) $contents[] = array('text' => tep_draw_radio_field('compress', 'zip') . ' ' . TEXT_INFO_USE_ZIP);

 

if ($dir_ok == true) {

$contents[] = array('text' => '<br>' . tep_draw_checkbox_field('download', 'yes') . ' ' . TEXT_INFO_DOWNLOAD_ONLY . '*<br><br>*' . TEXT_INFO_BEST_THROUGH_HTTPS);

} else {

$contents[] = array('text' => '<br>' . tep_draw_radio_field('download', 'yes', true) . ' ' . TEXT_INFO_DOWNLOAD_ONLY . '*<br><br>*' . TEXT_INFO_BEST_THROUGH_HTTPS);

}

 

$contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_backup.gif', IMAGE_BACKUP) . ' <a href="' . tep_href_link(FILENAME_BACKUP) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');

break;

case 'restore':

$heading[] = array('text' => '<b>' . $buInfo->date . '</b>');

 

$contents[] = array('text' => tep_break_string(sprintf(TEXT_INFO_RESTORE, DIR_FS_BACKUP . (($buInfo->compression != TEXT_NO_EXTENSION) ? substr($buInfo->file, 0, strrpos($buInfo->file, '.')) : $buInfo->file), ($buInfo->compression != TEXT_NO_EXTENSION) ? TEXT_INFO_UNPACK : ''), 35, ' '));

$contents[] = array('align' => 'center', 'text' => '<br><a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=restorenow') . '">' . tep_image_button('button_restore.gif', IMAGE_RESTORE) . '</a> <a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');

break;

case 'restorelocal':

$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_RESTORE_LOCAL . '</b>');

 

$contents = array('form' => tep_draw_form('restore', FILENAME_BACKUP, 'action=restorelocalnow', 'post', 'enctype="multipart/form-data"'));

$contents[] = array('text' => TEXT_INFO_RESTORE_LOCAL . '<br><br>' . TEXT_INFO_BEST_THROUGH_HTTPS);

$contents[] = array('text' => '<br>' . tep_draw_file_field('sql_file'));

$contents[] = array('text' => TEXT_INFO_RESTORE_LOCAL_RAW_FILE);

$contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_restore.gif', IMAGE_RESTORE) . ' <a href="' . tep_href_link(FILENAME_BACKUP) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');

break;

case 'delete':

$heading[] = array('text' => '<b>' . $buInfo->date . '</b>');

 

$contents = array('form' => tep_draw_form('delete', FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=deleteconfirm'));

$contents[] = array('text' => TEXT_DELETE_INTRO);

$contents[] = array('text' => '<br><b>' . $buInfo->file . '</b>');

$contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_DELETE) . ' <a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');

break;

default:

if (isset($buInfo) && is_object($buInfo)) {

$heading[] = array('text' => '<b>' . $buInfo->date . '</b>');

 

$contents[] = array('align' => 'center', 'text' => '<a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=restore') . '">' . tep_image_button('button_restore.gif', IMAGE_RESTORE) . '</a> <a href="' . tep_href_link(FILENAME_BACKUP, 'file=' . $buInfo->file . '&action=delete') . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a>');

$contents[] = array('text' => '<br>' . TEXT_INFO_DATE . ' ' . $buInfo->date);

$contents[] = array('text' => TEXT_INFO_SIZE . ' ' . $buInfo->size);

$contents[] = array('text' => '<br>' . TEXT_INFO_COMPRESSION . ' ' . $buInfo->compression);

}

break;

}

 

if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) {

echo ' <td width="25%" valign="top">' . "n";

 

$box = new box;

echo $box->infoBox($heading, $contents);

 

echo ' </td>' . "n";

}

?>

</tr>

</table></td>

</tr>

</table></td>

<!-- body_text_eof //-->

</tr>

</table>

<!-- body_eof //-->

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

Re securing your admin - do you have access to a control panel of sorts, provided by your webhost ?

 

Virtually all of the server operating systems (eg Plesk, cPanel, xtend, etc) have a facility where you can secure a whole folder (ie catalog/admin).

 

Give that a whirl ?

Link to comment
Share on other sites

Try the above first...

 

then if you cant do that do a search for using : .htaccess files to secure directory

 

..

 

Tip: Please dont post entire code in your post. People will not want to help when you do that. Its better to actually post the error :-" than to post the entire code.

 

by default the backup directory doesnt exist, you have to create it.

Link to comment
Share on other sites

Sorry for pasting the whole thing but don't

know what's wrong with it, all i get now is:

 

Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/sites/anzz-fashions.co.uk/public_html/XX_XXXX/admin/backup.php on line 57

 

I'v had to xxx the page name coz i still cannot get the admin secured. I feel very stupid coz a lot of you guys is trying to help and i still don't get it. I ran a search in all the forums but i did not find anything.

 

 

Many thanks

Azanaz

Link to comment
Share on other sites

ok now i'v really done it!! I have managed to block myself from the admin page now what? Here is the error code:

 

Warning: mysql_connect(): Access denied for user 'web14_a_shopp_29'@'localhost' (using password: YES) in /home/sites/anzz-fashions.co.uk/public_html/catalogue/admin/includes/functions/database.php on line 19

Unable to connect to database server!

Link to comment
Share on other sites

Thank you for all your help so far, i have been able to get back into the administration panel and i have tried to correct the line that was wrong now i get this:

 

Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/sites/anzz-fashions.co.uk/public_html/my_shop/admin/backup.php on line 114

 

 

Also i hane been able to locate the control panel on my webhosts, but i still don't know how to secure the admin page on oscommerce.

 

Many Thanks All

azanaz

Link to comment
Share on other sites

You should use an FTP Program & Good Text Editor.

 

Im not sure if we are allowed to say them here..although if you do a search about text editors you will find results in the forum.

 

Sending PM-->

 

 

Ok I am back!! Trying to follow your advice TCwho...will let you know,

 

I just really need to secure that admin thing!! If Anyone at all can help me plzzzzz!!!

 

Azanaz

Link to comment
Share on other sites

It would help if you could tell us what system your webhost uses (i.e. do you have access to an admin control panel for your site eg Plesk, cPanel etc ?) Once we know this we can point you in the right direction, regarding securing your admin folder.

 

As TCwho suggests, the other alternative is to create a file in Notepad named .htaccess (ie no file name, just the filename extension .htaccess) and then add your log in details to another file named .htpasswd - this article explains all. You'll need an FTP program (do a google for Filezilla, Cute FTP or Smart FTP - all free) to do this.

Link to comment
Share on other sites

It would help if you could tell us what system your webhost uses (i.e. do you have access to an admin control panel for your site eg Plesk, cPanel etc ?) Once we know this we can point you in the right direction, regarding securing your admin folder.

 

As TCwho suggests, the other alternative is to create a file in Notepad named .htaccess (ie no file name, just the filename extension .htaccess) and then add your log in details to another file named .htpasswd - this article explains all. You'll need an FTP program (do a google for Filezilla, Cute FTP or Smart FTP - all free) to do this.

 

 

Many Thanks, I got the answer from Matti. Just need someone to try and see if it's secure now. Can I pm you with the address please?

 

azanaz

Link to comment
Share on other sites

Many Thanks, I got the answer from Matti.  Just need someone to try and see if it's secure now.  Can I pm you with the address please?

 

azanaz

 

 

Just in case if anyone else gets the same problem, i used the webservers' control panel. In the account utilities section( I use heart internet) there is an option to password protect the directories you want. Just remember the password and user details you will be using.

 

azanaz.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...