Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security of Admin Panel


theophilus

Recommended Posts

Most web hosting control panels have a feature for password protecting a folder (directory). You can use that to password protect the admin folder. That is the best, most secure way in my opinion.

 

If your web hosting control panel doesn't offer that then there are several contributions to help you add that functionality. Some offer more features and others are simpler.

 

Administration Access Level Accounts 2.0

 

Admin Authentication with Turning number(Image Verification)

 

Password Protect Admin Area

 

Admin Account with Access Level

 

Admin Login, Password, Manager, Administrator

 

authorize admins using htaccess

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Link to comment
Share on other sites

I'm wondering how to secure the admin panel for oscommerce. It seems that anyone that knows anything about oscommerce could get into anyone's admin panel and mess with their store. Does anyone know a way to make this secure?

 

Here are some steps you can try which shouldn't take too long to implement:

 

1) Visit http://www.tools.dynamicdrive.com/password/

Type in a username and password to be encrypted that you wish to be your login.

 

2) To get the path to the .htpasswd file, look at your OSCommerce set up... something like:

catalog/includes/configure.php

Check out the line that says: define('DIR_FS_CATALOG', '/<name>/<dir>/public_html/catalog/');

 

3) Edit the /catalog/admin/.htaccess file using a PLAIN text editor.

 

Edit that and add something like this to it (generated by dynamicdrive.com above):

 

AuthName "Restricted Area"

AuthType Basic

AuthUserFile /<your home dir>/<other pathname>/public_html/.htpasswd

AuthGroupFile /dev/null

require valid-user

 

4) Create a new .htpasswd file in the root folder or whatever you want to hide it. Paste in the information that was generated by dynamic drive as it's all encrypted.

 

After you upload these, the next time you go to access the directory, a popup will come up asking for a username and password.

 

I just did the above a few minutes ago and it worked like a charm.

 

Good luck!

----------

Robert the school fund raiser guy!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...