SSL and osCommerce Login

[dcwebcat]

Hello everyone -

 

I am new to the forum. I am more on the design side of things and I am trying to setup my first eCommerce website. I have a developer that configured everything and so the merchant processing is setup. The actual website is not live yet. We are waiting until the eCommerce portion is ready to go.

 

HOWEVER...I noticed that when I go to the osCommerce Admin area, I do not even have to login? I have a link to it such as http://DomainName.com/admin/. It takes me right to the Admin area but does not ask me login. So, really anyone who has the exact URL could go into it right now.

 

My client does have a SSL cert with the hosting company and I have done the following (taken from another post here):

 

"In the includes/configure.php and in admin/includes/configure.php you set enable_ssl to true."

 

However, the Admin area and store are still unsecure? Can anyone help me? I am very appreciative for any guidance. I am about to have a nervous breakdown!

 

Thank you

 

DCWebCat

[mreigle]

I had a the same problem when I first began using osc a few years ago. The problem is not with any of the osc files themselves, but a problem you can easily fix in cpanel. (Access cpanel by going to www.yourdomain.com/cpanel)

 

You'll see a link in there called Web Protect or something to that effect. This allows you to password protect directories by automatically creating a .htaccess file for you. You can also read up on .htaccess files on Google and do it manually.

 

That's how it's done.

 

Regards,

 

Matt

[dcwebcat]

Hi Matt -

 

Thanks. I tried that but it did not work? Does it take a while to take effect? Also, so the osCommerce ADMIN area is not automatically secure then?

 

I might call the web host and see what they can tell me.

 

Thanks so much!

[mreigle]

Hmm, that's really strange. It always does it instantly for me. This page should surely help you out:

 

http://www.javascriptkit.com/howto/htaccess3.shtml

 

Let me know if you're still having trouble.

 

Regards,

 

Matt

[dcwebcat]

Thanks! I will take a look at that.

 

One thing that I think might be an issue is that my developer installed all of the pages under htdocs which is the folder that holds the main website (the web host requires that you place the website under htdocs). So, all of the osCommerce files are under htdocs. If I password protect htdocs, it will password protect the whole site, won't it?

 

I have been designing for over 8 years but I am still lacking very much in the technical department. I can usually figure things out but with this being my first eCommerce project, I outsourced the configuration of the merchant processsing and the osCommerce to someone. But now I have to configure the actual products for sale - there are only 16 items at this point so it is not huge.

 

However, my concern right now is the security of everything.

 

Thanks again! I really appreciate your help.

[♥Vger]

You won't be able to password protect htdocs, and you wouldn't want to anyway.

 

Find out if your hosting company uses one of those rubbish two-folder systems, one for httpdocs and another for httpsdocs - if so you'll have to duplicate files and folders in the httpsdocs folder.

 

First thing to do. FTP to your website and locate the admin folder and then use the FTP programme to rename it to something unique (not admin2 etc). Then download and edit admin/includes/configure.php and edit the two references to /admin/ to /newname/ You've now made it difficult for anyone else to find your admin.

 

Then go to your web hosting control panel and password protect the newly renamed admin folder.

 

Vger

[dcwebcat]

I also just password protected just the /admin directory under the htdocs and when I go to http://DomainName.com/admin/ (of course this is just an example) it does not ask for a login or password. UGH!

[dcwebcat]

Thanka Vger!! I will try that now!

 

Is that your black cat? I have a huge black cat named "Wolfie."

 

Denise