Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin logon problem with new install


fiedlerh

Recommended Posts

This seems to be a popular topic, but none of the answers address my issue

 

How do I access the admin section? All I get is

 

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

--------------------------------------------------------------------------------

Apache/1.3.34 Server at order.mywebsite.com Port 80

the admin .htaccess file seems to be pointing to the right place for the .htpasswds file

Noticed the .htpasswds pasword was appaerntly a random string made up during the install.

This was an auto-install using Fantasctico thru my host.

The non-admin side opens OK

Installed the Global_Registers patch files, these are the only changes I made, but that didn't affect this admin logon issue.

 

I have no problems editing .htaccess or .htpasswds files, just need to know what to put there.

 

Thanks for your help!

>_<

Link to comment
Share on other sites

Oh yes,

admin is a protected directory with my host. I reset the password and it changed in the .htpasswds file, so I assume it is encrypting it there.

 

This is just a test system, not live

Link to comment
Share on other sites

I second that...

I get the same message and now I start to feel like Donald Duck when he was photgraphing colibri?s. ( at least alll swedish user know what I meen, he does it every cristmas)

 

I tryed so many different ways to put the files that I can?t remember what I have or not have done.

Please tell me in witch dir to put .htaccess and were to put .htpasswd.

 

Freya

Link to comment
Share on other sites

Your webhost determines where the .htpasswds folder is. It is usually in the root directory.

The OSC installation creates an .htaccess file in the catalog directory and a different one in the catalog/admin directory The .htaccess file in admin directory contains the admin login information and points to the encrypted password in the .htpasswds folder. The path to the password file must be correct.

Go to your web host and log in to your website's control panel (Cpanel or whatever).

The /admin directory should be protected though your password protection option.

 

If all goes well, entering the /admin directory from your browser should bring up the admin login page. But it apparently is troublesome for new users and most get an error message.

Link to comment
Share on other sites

Have you tried something like that :

 

Step 1

 

Open a notepad blank: and paste this in it !

 

<title>Generating a .htpasswd password</title>

<h1>Password Generator</h1>

This page lets you create the passwords that you need for restricting

access to certain people on your WWW pages.<br>

 <hr>

<form action="http://www.rekka.net/cgi-bin/htpasswd.cgi" method="post">

<input type="text" name="username"> username<p>

<input type="password" name="password"> password<p>

<input type="password" name="password2"> re-enter password<p>

<input type="submit" value="Generate"> <input type="reset" value="Clear fields">

</form>

 

 

Step 2

 

Do:

 

File >>> save as >>> and give it anyname.htm

(not .txt file but .htm)

 

It create an htm file where ever you saved it.

 

Step 3

 

Double click this newly created page and follow instructions:

 

 

 

This page lets you specify a user name and password in clear and when you press generate it creates an HTACCESS code that you can copy and paste in in your HTACCESS File. I did it myself and it debuged me !!!

 

SORRY !

 

If you just insert the address in the address bar in IE it does the same, but i like having the page handy because I change my passwords once in while.

 

http://www.rekka.net/cgi-bin/htpasswd.cgi

 

 

Hope it helps !

Link to comment
Share on other sites

Have you tried something like that :

 

Step 1

 

Open a notepad blank: and paste this in it !

 

<title>Generating a .htpasswd password</title>

<h1>Password Generator</h1>

This page lets you create the passwords that you need for restricting

access to certain people on your WWW pages.<br>

?<hr>

<form action="http://www.rekka.net/cgi-bin/htpasswd.cgi" method="post">

<input type="text" name="username"> username<p>

<input type="password" name="password"> password<p>

<input type="password" name="password2"> re-enter password<p>

<input type="submit" value="Generate"> <input type="reset" value="Clear fields">

</form>

Step 2

 

Do:

 

File >>> save as >>> and give it anyname.htm

(not .txt file but .htm)

 

It create an htm file where ever you saved it.

 

Step 3

 

Double click this newly created page and follow instructions:

This page lets you specify a user name and password in clear and when you press generate it creates an HTACCESS code that you can copy and paste in in your HTACCESS File. I did it myself and it debuged me !!!

 

SORRY !

 

If you just insert the address in the address bar in IE it does the same, but i like having the page handy because I change my passwords once in while.

 

http://www.rekka.net/cgi-bin/htpasswd.cgi

Hope it helps !

 

 

--------------------------------------------------------------------------------------------------------------------

 

Hi! Raymond, thanks for the info. But may i ask you that do i need to have SSL secure server or something to be able to use this. Because i tried to encrypt my password, but when it ask for the user and password, it doesn't accept my password (let say it is abc), but it only takes the one that is encrypted!

 

So i'm a bit stuck, could you please give any advice. Thanks in advance.

 

Regards

 

 

Kevin Doan

Link to comment
Share on other sites

My problem is I can't even get the admin logon screen to come up, just the error message in my first post above.

 

The other strange thing I get in the catalog screen is the security warning "Warning: I am able to write to the configuration file: /home/mysite/public_html/order/includes/configure.php. This is a potential security risk - please set the right user permissions on this file."

 

but when I CHMOD to 444 it is back to 644 the next time I check. I noticed lots of conflicting info on this forum as to what CHMOD should be set to for various files, but I guess that is to be expected with open source software on a thousand different servers.

Link to comment
Share on other sites

Okay, if your web hosting control panel uses the address http://www.yourdomain.com/admin then you need to FTP to your osCommerce website and rename the osCommerce 'admin' folder (if installed in the root of your website). You then need to download and edit the admin/includes/configure.php file to change the two pathways to 'admin' e.g. /admin/ to /newname/

 

This is a good thing to do anyway, because if hackers can't find your osC admin folder then they can't get into it or hack it.

 

To use password protection it is not the osCommerce admin folder that you need to go to, but your Web Hosting Control Panel. Do this after you have renamed the osC admin folder and edited the admin/includes/configure.php file.

 

To change the permisisons on your includes/configure.php file, open a new text document on your Desktop and change the name to chmod.php (ignore the warning about changing the extension). Put the code below into the file, save it, upload it to the root of your website, and then go to http://www.yourdomain.com/chmod.php. You won't see anything on the screen but the permissions should be changed. After doing this delete the file from your website.

 

<?php
chmod ("includes/configure.php", 0444);
?>

 

Vger

Link to comment
Share on other sites

Thanks Vger for you kind help!

varie-vger.jpg

 

Anyway, I changed /admin to /adm and changed the 2 references in the adm/includes/configure.php file

The changes make no difference.

 

The only unconventional thing I did was to create a subdomain and install osC there. This is just an evaluation setup on a live site and I wanted to make it little bit harder for people to find. Do you see any problems with that?

 

I'll worry about the CHMOD later after the admin issue is resolved. It's the first time i've run into a file I couldn't chmod.

 

BTW, using Cute FTP Pro and it's got a pretty good feature set and text editor.

Link to comment
Share on other sites

You cannot use automatic (web hosting control panel) Password Protection on a true subdomain! Password Protection will always revert to the main domain - at least that's the way it works on our servers.

 

What you can do is to set up a sub-domain which is actually an alias for a folder on your main domain e.g. shop.yourdomain.com is an alias of yourdomain.com/shop. Of course if you do that then you may as well install into a folder anyway, and make the whole folder for the test site password protected - so that no one but yourself can access it while it's in development.

 

Vger

Link to comment
Share on other sites

The subdomain appears to be an alias as you described.

 

i uninstalled osC and reinstlalled it using Fantastico in a /catalog directory like most people do.

 

Temporarily I created a php.ini file for register_globals = on until I install the patch.

 

The catalog opens up just fine. No CHMOD error this time!

 

catalog/admin has the same "Authorization Required" problem as in my first post.

 

In other words, I'm getting nowhere.

Link to comment
Share on other sites

I have solved the problem by uninstalling OSC and installing ZenCart instead.

 

I got this prosedure from my host b-one, but maybe you can use the same. I did this to solve the password in admin problem:

 

Go to this site:

http://jr.testdomainet.com/index.php?optio...&id=13&Itemid=1

 

Use the codes described and paste into these to files:

 

.htaccess (this already exist in your catalog/admin folder). Paste the described code into this file and change the settings with your www.yoursite.com name. Save the file in /catalog/admin folder. It is not sure you will see this file in all ftp, but it is there. I can only see mine in smartftp program.

 

.htpasswd you create in notepad and paste the encrypted password code into it.

On this page you will find a link to a site for encrypting your password. Open this and encrypt your password. Paste this into the .htpasswd file. Save the file in catalog/admin folder.

 

Be sure that you use the same username and and password as when you log in to your webhotell/server.

be sure to remove whitespaces in the beginning and end og your codes in these two files before saving.

 

Best luck!

Kjolebutikken:-)

Best regards

Kjolebutikken

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...