Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

admin directory needs to be password protected


Wanwan

Recommended Posts

Hi,

I am in the post-installation page. I am stuck at this step

 

" The store admin directory on your server needs to be password protected using .htaccess. Most of the time the server you are hosting your store on has the ability to password protect directories through the server administration area so check with your host."

 

 

Ok, I know where to get .htaccess in my file directory. Somehow, I don't know what program can be use to open this .htaccess files, thus I cannot have my admin directory password protected.

 

I am using XAMPPwebserver, and Windows XP OS....

 

Anyone know how to open the .htaccess file and write the code for password?

 

Newbie

Wanwan -- %_%_

Link to comment
Share on other sites

Link to comment
Share on other sites

Alright,

I have done something to it, using one of the contribution for setting the admin password protection. I don't know that is working or not, because I don't know how to open the Aministraiton Tools from my localhost, after my catalog/index.php has been setup and has successfully get rids of the warning message.

Wanwan -- %_%_

Link to comment
Share on other sites

 

I ends up this error message

 

Warning: session_start() [function.session-start]: open(/tmp\sess_6409e0971bf3ae7ae03dc6a35c151bad, O_RDWR) failed: No such file or directory (2) in C:\XAMPP\apachefriends\xampp\htdocs\catalog\admin\includes\functions\sessions.php on line 67

 

Fatal error: Cannot re-assign $this in C:\XAMPP\apachefriends\xampp\htdocs\catalog\admin\includes\classes\upload.php on line 31

 

Warning: Unknown: open(/tmp\sess_6409e0971bf3ae7ae03dc6a35c151bad, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

 

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

Wanwan -- %_%_

Link to comment
Share on other sites

To get rid of the 'tmp' warning message store sessions in the database. make the last line of BOTH configure.php files read 'mysql' where indicated.

 

catalog\admin\includes\classes\upload.php on line 31

 

edit:

 

$this = null;

 

to this:

 

unset($this);

 

Vger

Link to comment
Share on other sites

To get rid of the 'tmp' warning message store sessions in the database.  make the last line of BOTH configure.php files read 'mysql' where indicated.

 

catalog\admin\includes\classes\upload.php on line 31

 

edit:

 

$this = null;

 

to this:

 

unset($this);

 

Vger

 

Vger,

 

I got the "catalog\admin\includes\classes\upload.php on line 31" fixed and the admin page is displayed with last warning message.

 

Warning: session_start() [function.session-start]: open(/tmp\sess_6409e0971bf3ae7ae03dc6a35c151bad, O_RDWR) failed: No such file or directory (2) in C:\XAMPP\apachefriends\xampp\htdocs\catalog\admin\includes\functions\sessions.php on line 67

 

so, what do you think? and thanks for your initial help : )

Wanwan -- %_%_

Link to comment
Share on other sites

 

 

 

Vger, you mean

 

edit:

 

define('STORE_SESSIONS', '');

 

To:

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

In Configure.php the very last line, I have set to 'mysql' long time ago, but it seems like doesn't work now. It solve the problem last time for catalog/index.php

Wanwan -- %_%_

Link to comment
Share on other sites

You need to also edit catalog/admin/includes/configure.php

 

Vger

 

I got that now, My warning message has gone. Ok, thank you so much Vger, you help me another problem .... :-"

 

I now realized what you mean "BOTH" here! :D

Wanwan -- %_%_

Link to comment
Share on other sites

Guys, got a question related to this subject.

I followed this link as suggested: http://www.oscommerce.com/community/contri...search,htaccess

 

Now, it seems to be working alright, as I am being asked for the password and username when I start the admin page. However, I have not added yet a user or password...

The instructions say that there is supposed to be a user: test, pass: asdf. I've tried that, didn't work. Also tried using blank user and password, and a few other combinations...neither do the trick.

So, what did I miss?

 

Some more info: FreeBSD shared hosting server, running apache.

Link to comment
Share on other sites

OK, nevermind about that problem...I copied a few files from the zip file that were supposed to be generated automatically by the new script.

However, when I try to create the new user I get this errors:

 

Warning: fopen(/www/n/e/net506.com/htdocs/catalog/admin/passwd): failed to open stream: Is a directory in /www/m/master506/htdocs/catalog/admin/includes/classes/htaccess.php on line 77

 

Warning: fputs(): supplied argument is not a valid stream resource in /www/m/master506/htdocs/catalog/admin/includes/classes/htaccess.php on line 80

 

Warning: fclose(): supplied argument is not a valid stream resource in /www/m/master506/htdocs/catalog/admin/includes/classes/htaccess.php on line 81

Link to comment
Share on other sites

I dont understand what direction this thing goes :)

 

 

 

OK the objective is to password protect your /admin right?

 

 

It's beacuase the current version of osCommerce did not have the LOGOUT feature from the admin panel.

 

 

It will stay opened, and other people around the world can access your /catalog/admin!

 

So password-protection directory is aMUST!

 

 

I did from my DirectAdmin (domain manager) - just click on the menu, choose the directory to be protected int this case ../catalog/admin

 

Then point your browser to the /catalog/admin and a pop up window asks for the name and password.

 

That's it - the easy way, or the hard way, or the `dumb way' of which me as a novice did not know something that advance users know :0

Link to comment
Share on other sites

I dont understand  what direction this thing goes :)

OK the objective is to password protect your /admin  right?

It's beacuase the current version of osCommerce did not have the LOGOUT feature from the admin panel.

It will stay opened, and other people around the world can access your /catalog/admin!

 

So password-protection directory is aMUST!

I did from my DirectAdmin (domain manager) - just click on the menu, choose the directory to be protected  int this case ../catalog/admin

 

Then point your browser to the /catalog/admin and a pop up window asks for the name and password.

 

That's it - the easy way, or the hard way, or the `dumb way' of which me as a novice did not know something that advance users know :0

 

FYI, I tried the hard way, which I didn't get it and of coz it doesn't work. So, May I know what DirectAmin (domain manager) mean here? where I can find it?

 

Wanwan

Wanwan -- %_%_

Link to comment
Share on other sites

I did it for my site the following way:

 

Create a file in the "/DIRECTORYofOSC/admin" directory called ".htaccess", insert this code:

 

AuthType Basic
AuthName "Password Required"
AuthUserFile /DIRECTORYofOSC/admin/.htpasswd
Require valid-user

 

And then you need to open shell and login to your server, and do the following:

 

cd /DIRECTORYofOSC/admin <enter>
htpasswd -c .htpasswd username <enter>
<will ask for password>
<will ask to verify password>

 

Then to add another user, do this also in shell and in the "/DIRECTORYofOSC/admin" directory:

 

htpasswd .htpasswd username <enter>
<will ask for password>
<will ask to verify password>

 

Hope this helps. :thumbsup:

My Current osCommerce Stores:

http://www.CountryCreekFarm.com **

http://www.WOTTuning.com **

 

** These are live stores, please do not make test orders!

Link to comment
Share on other sites

Guys, got a question related to this subject.

I followed this link as suggested: http://www.oscommerce.com/community/contri...search,htaccess

 

Now, it seems to be working alright, as I am being asked for the password and username when I start the admin page. However, I have not added yet a user or password...

The instructions say that there is supposed to be a user: test, pass: asdf. I've tried that, didn't work. Also tried using blank user and password, and a few other combinations...neither do the trick.

So, what did I miss?

 

Some more info: FreeBSD shared hosting server, running apache.

 

Hi DarkoneCR,

You are better then I did. I have follow the installation guide same as yours, I don't even get a screen that asked for password and username, there is an error somewhere .. I am still looking for solution, too bad

 

;)

Wanwan -- %_%_

Link to comment
Share on other sites

I don't get what you mean by "open shell and login to my server"

 

I am using XAMPP and the webserver is running now, and where to type the following code? in the .htaccess files?

 

And then you need to open shell and login to your server, and do the following:

cd /DIRECTORYofOSC/admin <enter>

htpasswd -c .htpasswd username <enter>

<will ask for password>

<will ask to verify password>

Wanwan -- %_%_

Link to comment
Share on other sites

By following Manmade Design guide, I got stuck in step 2.

 

I got my admin page opened, and it is asking username and password message shown.

I don't get where to put the following code

 

cd /DIRECTORYofOSC/admin <enter>

htpasswd -c .htpasswd username <enter>

<will ask for password>

<will ask to verify password>

 

help

Wanwan -- %_%_

Link to comment
Share on other sites

If you are using XAMPP on Windows XP on a computer, but are not running it as a store that is online to the internet - then you have no need of password protecting the osCommerce admin panel.

 

Vger

Link to comment
Share on other sites

If you are using XAMPP on Windows XP on a computer, but are not running it as a store that is online to the internet - then you have no need of password protecting the osCommerce admin panel.

 

Vger

 

 

ok.... :blush:

Wanwan -- %_%_

Link to comment
Share on other sites

May I know what DirectAmin (domain manager) mean here? where I can find it?

 

 

 

==============

 

You as the webmaster has full control of your domain, right?

 

I use DirectAdmin as the admin panel of my website and its contents.

 

 

The first thing that you find after login into your domain manager is the Menu for lotsa things, and one is the Password Protected Directories. So klik it and it will enlist password-protected directory (none if you never done before).

 

Then klik on

 

`Find a Directory to Password Protect '

 

You will choose yourdomain/catalog/admin

 

Give username and password.

 

Then with your browser try accessing your /catalog/admin.

 

It will ask for username and password, DONE!

 

If you forget, or wanna change username and password, do this from the DOmainManager.

 

 

-----------------------

 

Honestly I donno if this is sufficient or whether the .htaccess thing can better protect my /admin?

Link to comment
Share on other sites

If your Web host doesn?t provide shell access, you might try the directions and code generated at this link: http://www.htmlbasix.com/passwordprotect.shtml

 

Make sure that you know the correct server path to the .htpasswd password file you upload. If you are going to upload the .htpasswd file to the admin folder, the path should look something like /www/?/???/htdocs/catalog/admin. Just replace the ??? and ????? in the path with your Web host account user name info: /www/u/username/htdocs/catalog/admin. For example, if your username is ?wanwan,? then the path should be entered as /www/w/wanwan/htdocs/catalog/admin

 

 

Sample HTML Basix Form Input:

 

username: thechosenone

password: allbowandworship

path to password file: /www/w/wanwan/htdocs/catalog/admin

message for popup: Login Required

<Click generate>

 

Generated code to copy to the .htaccess file in the Admin folder:

AuthType Basic
AuthUserFile /www/w/wanwan/htdocs/catalog/admin/.htpasswd
AuthName "Login Required"
require valid-user

Generated code to copy to the .htpasswd file you create and upload:

thechosenone:d9eWb77x84UtE

 

IbizDesigns

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...