Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin panel


DjFx

Recommended Posts

There are a number of contribs to protect your admin panel - depends what you want to do and how far you want to go with it. One of the simplest fixes is a simple .htpassword file and implementation into your .htaccess - this is pretty secure (depending ont he password you choose of course), but wont block particular ip addresses - in fact blocking an ip address could cause you problems if you are away and want to check on things, or if you want someone to help you out remotely.

 

Have a look in the contrib section, or do a google to find out how to implement the .htpassword option.

Please note - if I have suggested a contrib above, it doesnt mean it will work! Most of the contribs are not ones I've used, but may be useful for your particular problem....

Have you tried a refined search? Chances are your problem has already been dealt with elsewhere on the forums.....

if (stumped == true) {

return(square_one($start_over)

} else {

$random_query = tep_fetch_answer($forum_query)

}

Link to comment
Share on other sites

As a newbie to this osCommerce setup, I feel that it is very important to let everybody here who are also new about the LOGOUT thing from the admin panel.

 

 

Here's what I did find and correct me if I am wrong:

 

THERE IS NO LOGOUT from your ADMIN PANEL.

 

Even if you close your web browser, switch off your internet connection, or your computer, the admin panel accessing your Online Store is opened!

 

So don't let people know of your online store existence BEFORE you figure out how to protect this!

 

So what I need to do:

 

PASSWORD PROTECT YOUR /catalog/admin directory

 

Do this from your Domain Admin/Manager.

 

Enter a username and a password.

 

Then open web browser, open your /catalog/admin, and it asks for your password.

 

Once back in, close it and then try to enter again. This is to make sure that the password protection is for real.

 

I tried to do the .htaccess thingy, but it doesn't accept my password. So I think it is better to use the password protection feature from your domain admin.

 

 

**Being new to osComerce, I havent been able to access the Contributions section, but I have benefited from Language Pack contributed by fellow countryman:)

 

So any of you who might know something that we don't know, don't try hijacking other people's catalog!:o

Link to comment
Share on other sites

Tima kasih....thankxx

 

developer_x

post Yesterday, 05:17 AM

Post #2

Irfan

 

 

Group: Community Member

Posts: 234

Joined: 13-October 04

From: Digital Infoway

Member No.: 46,453

 

 

 

 

There are better ways avaiable to make it secure. Like the Admin Access Version 2.2 in the contributions section. Yours is like a fast way to do it. In osCommerce MS 3, the admin panel would be password-protected by default with both login (with password) and logout features.

Link to comment
Share on other sites

Hi!

 

How can I protect my admin panel to be pwd protected and able to view only on my local IP...

 

TnX

 

wel i got the same problem here, i'm looking for like 2 days now but i can't find anything. I have see?n that you can protect your admin file with like a username and password but i don't know how or witch contribution it is or something some maby somebody can teel us that would be nice :)

Link to comment
Share on other sites

Thankx niknak!

 

-----------------------

 

niknakgroup

post Aug 14 2005, 11:58 PM

Post #2

Tony Blacker

 

 

Group Icon

 

Group: Community Sponsor

Posts: 588

Joined: 6-November 03

From: Ipswich, UK

Member No.: 18,773

 

My Live Shop Entry

 

Read My Blog

 

 

 

 

There are a number of contribs to protect your admin panel - depends what you want to do and how far you want to go with it. One of the simplest fixes is a simple .htpassword file and implementation into your .htaccess - this is pretty secure (depending ont he password you choose of course), but wont block particular ip addresses - in fact blocking an ip address could cause you problems if you are away and want to check on things, or if you want someone to help you out remotely.

 

Have a look in the contrib section, or do a google to find out how to implement the .htpassword option.

 

======================

 

I tried using the .htaccess thingy.

 

Go to http://www.webmastertools.com (or org? net?)

 

Go to .htaccess / Protecting your directory using .htaccess

 

*It will ask for your dir URL and your choice of password.

 

Then it generates .htaccess text and .htpassws - copy them and put them in the directory you want to protect.

 

Follow the instruction...

Link to comment
Share on other sites

The quickest and simplest way (by far) of protecting your 'admin' panel is to use your web hosting control panels' Password Protection or Directory Protection feature. It creates the .ht files for you, and it also creates protection if you are on a Windows server where .ht files are not accepted (they are Apache only files).

 

Vger

Link to comment
Share on other sites

  • 3 weeks later...
The quickest and simplest way (by far) of protecting your 'admin' panel is to use your web hosting control panels' Password Protection or Directory Protection feature.  It creates the .ht files for you, and it also creates protection if you are on a Windows server where .ht files are not accepted (they are Apache only files).

 

Vger

 

Agreed. I didn't have a clue about .htaccess even after googling a few sites. Then it occurred to me to try my webhost's web admin panel and within one minute it was setup.

Link to comment
Share on other sites

Agreed.  I didn't have a clue about .htaccess even after googling a few sites.  Then it occurred to me to try my webhost's web admin panel and within one minute it was setup.

How to setup a logout feature for admin pannel?

I have tried looking with my web host in its admin pannel too.

 

Not having much luck here.

Kunal

Link to comment
Share on other sites

How to setup a logout feature for admin pannel?

I have tried looking with my web host in its admin pannel too.

 

Not having much luck here.

Kunal

 

I THINK im right in saying you dont need one if your using .htaccess because it asks you for the username and password each time even if you have closed the window etc etc.

Link to comment
Share on other sites

The only person who can go straight back in without having to use their User Name and Password again is someone using the computer which first signs on - and that should not happen once ALL browsers windows have been closed.

 

Sessions expire after 23 minutes (approximate) of inactivity anyway, so even if you were online and in the admin panel but did nothing for 23 minutes and then clicked again you'd find that you would have to use your User Name and Password to get back in.

 

There is no Login function for the admin panel (just Password Protection) - so how can you have a Logout function if you're not logged in?

 

Vger

Link to comment
Share on other sites

The only person who can go straight back in without having to use their User Name and Password again is someone using the computer which first signs on - and that should not happen once ALL browsers windows have been closed.

 

Sessions expire after 23 minutes (approximate) of inactivity anyway, so even if you were online and in the admin panel but did nothing for 23 minutes and then clicked again you'd find that you would have to use your User Name and Password to get back in.

 

There is no Login function for the admin panel (just Password Protection) - so how can you have a Logout function if you're not logged in?

 

Vger

Vger,

what you say does make sense if there is no login there there cant be a log out.

 

My sessions dont seem to log out - my admin pannel remains logged in some times all night.

The main problem for me is that I access my admin pannel when I am on the move from different locations and have this problem of not having to logout.

I have to shut the pc down to ensure that no one else can log into my admin pannel after i have finished using the PC.

 

Can you suggest a way around this?

Link to comment
Share on other sites

Make sure that sessions are stored in the database and not in files by making the last line of both configure.php file sread 'mysql' where indicated. They should then time out.

 

If this does not work and you have access to a local php.ini file then try reducing the session time allocated in this line (1440 seconds = 24 minutes):

 

session.gc_maxlifetime = 1440

 

Other than that all you could do would be to try and incorporate the Login/Logout function into the admin secton as well - but you're on your own on that one!

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...