Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Strange .htaccess behavior.... can someone help?


Guest

Recommended Posts

I've added the .htaccess information into my admin area as recommended.... I even added in a check to make sure the connection was coming in from HTTPS rather than in the clear. Finally, I modified the configure.php to force all links to be the HTTPS address.

 

Here's the rub.... it seems that the directory itself is protected, as are all the subdirectories and files in them.... but the PHP files in the /catalog/admin directory are not???

 

Examples:

 

I browse to http://www.yaddayadda.com/admin and I get the page not found error (perfect)

https://www.yaddayadda.com/admin and I get the login as I expect, and all flows correctly from there.

 

on the other hand....

 

I go to http://www.yaddayadda.com/admin/index.php, and it pops up the password prompt(?!) and worse... if I just ignore it and hit cancel over and over... it brings up the admin screens without graphics. What's more, when I go to any link, if I keep ignoring the password prompts, all of the admin screens work... just with no images.

 

It appears that while .htaccess is working as designed on most cases.... it's not protecting the PHP files in the same directory as the .htaccess file resides.

 

Any insights???

 

D.

Link to comment
Share on other sites

Try this in the 'admin' .htaccess file. It does not work on all servers.

 

SSLRequireSSL
ErrorDocument 403 https://www.yourdomain.com/admin/

 

This will only work if you have a full ssl cert. If it does work it should stop having to log in more than once.

 

Vger

Link to comment
Share on other sites

Try this in the 'admin' .htaccess file. It does not work on all servers.

 

It's in there and it works..... but that wasn't the question or the problem.

 

If I browse to www.yaddayadda.com/catalog/admin it works fine

 

If I browse to www.yaddayadda.com/catalog/admin/index.php it doesn't even ask for the password until it tries to load the images.

 

D.

Link to comment
Share on other sites

If it was in there and working then you wouldn't be able to access your site via an http connection at all - so it's not working.

 

Remember that .htaccess only works on Apache servers and not on Windows. Even if it is an Apache server there could be interference with the .htaccess file if you have FrontPage extensions installed.

 

Vger

Link to comment
Share on other sites

If it was in there and working then you wouldn't be able to access your site via an http connection at all - so it's not working.

 

Remember that .htaccess only works on Apache servers and not on Windows. Even if it is an Apache server there could be interference with the .htaccess file if you have FrontPage extensions installed.

 

Vger

 

Exactly my point.... I must be doing something wrong....

 

The pertinent portion of my .htaccess file:

<IfModule mod_ssl.c>
 SSLRequireSSL
</IfModule>


AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/content/... /html/adir/pwd
AuthGroupFile /home/content/ ... html/adir/groups
require group admingroup

 

Note.... I changed part of the path to the ellipses to avoid unecessary details. Again..... if I call the PHP file directly, I get past the authentication... to repeat:

http://www.yaddayadda.com/catalog/admin = OK.... password protected.

http://www.yaddayadda.com/catalog/admin/index.php = NOT OK... NOT PROTECTED.

 

and as an experiment I threw a dummy HTML page in there, so when I do:

 

http://www.yaddayadda.com/catalog/admin/BOO.htm = OK.... protected.

 

So the point is that it seems when Apache (On Linux, No FrontPage extensions) is opening any file it works fine, but when it opens a PHP file specifically, it ignores the .htaccess file altogether.

 

D.

Link to comment
Share on other sites

More data comes....

 

It's only like this on a GoDaddy hosted site. the exact same htaccess file works as it should on another system.... although it's BSD based it's still Apache.

 

Interesting. Any other GoDaddy hosted users out there.... try going to your admin panel and add the index.php onto the end of the URL and cancel the password dialog. Bet you can get in without a password.

 

D.

Link to comment
Share on other sites

:blink: :angry: :angry: :angry:

 

I just found it...

 

It's damned GoDaddy

 

they've got a problem that htaccess won't affect any PHP files on their site. Now I have to tell the client that they have to move everything to another hosting service (Fortunatly they decided on GoDaddy without me!!!)

 

D.

Link to comment
Share on other sites

Oh-oh! I just moved all of my sites over to GoDaddy Virtual Dedicated Hosting. I hope this is not going to be an issue. But my problem is that with copying over the files from my previous host, I seemed to have moved over an .htaccess file somewhere thats kept my old permissions. I tried to access it through the hosting control panel but now I actually made a new password required pop-up. This one works, but after I login the old one pops up again. I know there are several htaccess files in my directors but I can not find any username/password combo in any of them.

 

Am I doomed because I am with godaddy, or am I just missing something. Your help is greatly appreciated!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...