Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Problem with .htaccess file and godaddy


python

Recommended Posts

Hi im new to this and i have the following problem:

 

I have install the oscommerce in my server

and i want to password protect the admin directory

 

so i put the .htaccess file in the admin dir

 

AuthName "Restricted Area"

AuthType Basic

AuthUserFile /catalog/admin/.htpasswd

AuthGroupFile /dev/null

require valid-user

 

and the .htpasswd file as

 

user:test

 

but when i use the user name and password to the prompt nothing happens ... i cant go to the control panel.

Is this goddady problem? or i missing something?

Thanks in advance.

Link to comment
Share on other sites

This should help

 

It is fairly easy.

1. You need to find your server absolute address. (This is the part that gave me the most problems.) It is not the one recorded in your configure.php files. To get the correct one, I had to go to my host-provided control panel and look in CGI information. There is gave my path as usr/local/psa/ etc. Yours may differ.

 

2. Go to http://www.webmaster-toolkit.com/htaccess-generator.shtml Enter a user name and password you want to use and the path from step 1. The path entered needs to include the path to where your password file will be. It needs to be in a secured area as well, so put it in the directory you want to protect. Assuming you are protecting your Admin directory, the path should be the server path from above/yourdomain.com/httpdocs/admin

 

3. The htaccess generator gives you entries for two files, htaccess (which is already in your directory) and htpasswd (which is not in your directory). Add the output for htaccess to that file in the directory you want to protect. The output for htpasswd should be copied and pasted in a text file (the stuff after your login is the encyrpted password). Name the text file htpasswd.txt. Upload the file to the same directory you want to protect. Once it is there, change the name to .htpasswd (add a dot to the front and remove the .txt at the end) You may need to use a couple of different methods to upload and modify the names of the files. I cannot change a name of a file using my host-provided file manager, but I can modify the content. However, I can modify the name of a file using my FTP program (Filezilla) but once I add the leading . to the two files, I can no longer see them.

 

4. You should now be protected.

 

To test things, I had a couple browser windows open at the same time. I had the host-provided file manager open to the .htaccess file in one window and in another I tried to open the now protected file (http://yourdomain.com/admin) to see if it: 1) asks for a password and 2) opens when you type in your login and password. It should work for you. If there is a problem it is probably the path information in htaccess. This is what caused me the biggest problems.

 

Using this, you can easily create other protected directories using the same login and password, or have different ones. You can also have more than one login password in the htpasswd file to allow more than one person in, each with their own login.

Link to comment
Share on other sites

Hello,

 

Thanks for your reply and the informations.

 

Well i cant find the server absolute address i try from control panel but nothing.....

I have upload them to my root dir /catalog/admin/ is this path righ?

Also godaddy Economy plan which im register not support to pass protect a directory from the control panel.

I read from the help that :

"You can also use JavaScript to create a very basic (and non-secure) form of password protection on our Linux-based hosting plans (with the exception of the Economy plan)."

 

Is there any other having the same problem with that program?

 

Thanks again for your time and realy apreciate any help.

Link to comment
Share on other sites

Is there any other having the same problem with that program?

 

I had the exact problem and I also use go Daddy. I just solved it with the help of Avec's post.

 

 

You'll need to know the full server path of your Linux hosting account to create an .htaccess file. It is:

 

/home/content/u/s/e/username/html

 

Replace "u," "s," and "e" with the first three letters of your hosting user name, and "username" with your user name.

 

For some strange reason my correct path was in my configure.php. The user name that works is the one I created for my control panel not the one for Godaddy sign in.

 

Your correct path would look something like this:

 

/home/content/u/s/e/username/html/catalog/admin/.htpasswd

 

I have upload them to my root dir /catalog/admin/ is this path righ?

 

Yes! I put my .htaccess and my .htpasswd in my admin folder that I wanted to protect.

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

another problem just find is when i go from:

 

www.mysite.com/catalog/admin/

 

ask fot user name and password before enter in my control panel

 

but when i type:

www.mysite.com/catalog/admin/index.php

 

 

i get control panel page without asking to add user name and password

 

This happens with Firefox browser with internet explorer load the control panel page but

appear and a dialog box for user name and password.

 

Any idea how to fix that problem?

 

Thanks in advance

Link to comment
Share on other sites

nother problem just find is when i go from:

 

www.mysite.com/catalog/admin/

 

ask fot user name and password before enter in my control panel

 

but when i type:

 

www.mysite.com/catalog/admin/index.php

These are essentially the same place. If there is a file called index.html or htm or php it will be opened when you browse to the directory. If you entered the login and password information on your first visit, depending on your browser settings, the cookie for that is probably still there and therefore the login screen is bypassed.

Link to comment
Share on other sites

i think that something else happens... i have clear the cache from my browser and delete all files and history and i have the same problem.

 

Also i test this from other computer without giving usernames and passwords in first case :

 

www.mysite.com/catalog/admin/

 

The prompt for username and password appear without loading the page

but when i try as:

www.mysite.com/catalog/admin/index.php

 

i had the same problem... the control page load normaly together with the prompt window

 

 

:(

Link to comment
Share on other sites

What happens if you log onto admin/index.php first?

i think that something else happens... i have clear the cache from my browser and delete all files and history and i have the same problem.

Are you clearing cookies as well? The cookies are set to expire at end of session. If any browser is still open, the session is still open and so no login page.

Link to comment
Share on other sites

Wow! I can't believe you brought this to my attention. The same thing happens to me.

 

All I have to do is keep clicking cancel and it lets me in. It seems the only thing I am password protecting

is the pictures and graphics.

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

yes it seems that only files with .php extension dont protected i cant understsand why... :blink:

 

I try severel other file types and all are protected except .php...

 

natewlew please let me know if you find any solution in that problem....

Link to comment
Share on other sites

Based on this, I double-checked my access. Whether I type in admin or admin/index.php the login/password screen opens. If I don't enter the information, I am redirected to an unauthorized access page. I think someone smarter than me needs to help with this.

Link to comment
Share on other sites

It's obvious that being on their 'Economy' plan is the main problem. Is it really worth all of this time and trouble, when you could upgrade your plan and then use their Control Panel to password protect the folder?

 

Vger

Link to comment
Share on other sites

It's obvious that being on their 'Economy' plan is the main problem. Is it really worth all of this time and trouble, when you could upgrade your plan and then use their Control Panel to password protect the folder?

 

Vger

 

I didn't install oscommerce on a site on their Economy plan, and I can't see anything in the Control Panel that is different than the other sites I have with them that are on the Economy plan. And I can't see anything to open to facilitate password protection. If you know, please share - it's very frustrating. Thanks. osmyrna

Link to comment
Share on other sites

This should help

 

It is fairly easy.

1. You need to find your server absolute address. (This is the part that gave me the most problems.) It is not the one recorded in your configure.php files. To get the correct one, I had to go to my host-provided control panel and look in CGI information. There is gave my path as usr/local/psa/ etc. Yours may differ.

 

2. Go to http://www.webmaster-toolkit.com/htaccess-generator.shtml Enter a user name and password you want to use and the path from step 1. The path entered needs to include the path to where your password file will be. It needs to be in a secured area as well, so put it in the directory you want to protect. Assuming you are protecting your Admin directory, the path should be the server path from above/yourdomain.com/httpdocs/admin

 

3. The htaccess generator gives you entries for two files, htaccess (which is already in your directory) and htpasswd (which is not in your directory). Add the output for htaccess to that file in the directory you want to protect. The output for htpasswd should be copied and pasted in a text file (the stuff after your login is the encyrpted password). Name the text file htpasswd.txt. Upload the file to the same directory you want to protect. Once it is there, change the name to .htpasswd (add a dot to the front and remove the .txt at the end) You may need to use a couple of different methods to upload and modify the names of the files. I cannot change a name of a file using my host-provided file manager, but I can modify the content. However, I can modify the name of a file using my FTP program (Filezilla) but once I add the leading . to the two files, I can no longer see them.

 

4. You should now be protected.

 

To test things, I had a couple browser windows open at the same time. I had the host-provided file manager open to the .htaccess file in one window and in another I tried to open the now protected file (http://yourdomain.com/admin) to see if it: 1) asks for a password and 2) opens when you type in your login and password. It should work for you. If there is a problem it is probably the path information in htaccess. This is what caused me the biggest problems.

 

Using this, you can easily create other protected directories using the same login and password, or have different ones. You can also have more than one login password in the htpasswd file to allow more than one person in, each with their own login.

Link to comment
Share on other sites

I followed AVEC's instructions and used http://www.webmaster-toolkit.com/htaccess-generator.shtml to generate the files. I finally found the path (apparently) and ftp'd the files to catalog/admin via ASCII and when I go to the Admin site and click on Configure, up comes the prompt box - but when I enter the username and password, the box just keeps popping back up. Help help help. I've tried different sites for generating the code but it didn't make a difference. Thanks. Osmyrna

Link to comment
Share on other sites

After searching for a while I have found that there is NO solution.

I googled "htaccess security with goddaddy" and found that a lot of people have this problem.

The htaccess does not protect php files and godaddy will not change this.

 

I imagine there are a lot of people who are vulnerable to attacks because

their php files aren't secure and they don't even know it. (I would have been oblivious

if python wouldn't have told me)

 

I think I will have to find a different host. (Blew $8 trying a cheap host)

 

Oh Well! :-"

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

Here is a free open source program I found that will password protect your files

(an alternative to .htaccess). I just tryed it and it seems work.

 

http://www.globalissa.com/downloads.php

 

Download the Admin log-in only (its free).

 

I don't know how secure it is and you have to copy and paste a line

into the top of every page that you want to protect.

 

Maybe this could be a solution for all of us godaddy people?

 

I was wondering why oscommerce has automatic password creation software

built into it for customers, but doesn't have password protection for the admin section?

Why isn't there some kind of password system that uses the database

for the admin section?

 

I'm not trying to complain, I just don't know why.

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

Well, there is a way around the GoDaddy problem with .php files not being protected - but whether it's worth the effort is another matter. You can try this:

 

In a .htaccess file in your admin folder (you may have to repeat in sub-folders in admin) place this piece of code:

 

AddType application/x-httpd-php .php .html

 

This tells the server to parse php code found in html pages.

 

You then rename ALL of the files in the admin folder with .html extensions and not .php

 

I don't know if this will have an impact on the Catalog side of things, so if you try this then backup the whole of your admin folder first.

 

Vger

Link to comment
Share on other sites

Thanks, I will try it!

 

I am having a little trouble with the Admin log-in only.

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

I changed my .htaccess file and my file extentions but it does seem to work. Its only processing the html.

 

Thanks for your help. I'm willing to try anything :thumbsup:

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

  • 2 weeks later...

I actually discovered this flaw very recently as well and I am glad other OSC users posted the problem in this forum. This is a very useful thread as there are quite some users using GoDaddy hosting, unfortunately.

 

For more information (and suggested solutions) on the topic, please visit:

http://forums.devshed.com/apache-developme...les-321868.html

 

I *might* have solved this problem by using the following:

http://www.oscommerce.com/community/contri...h,admin+protect

 

Looks like the developer of this module is no longer available. However, it actually works out pretty well EXCEPT there is something wrong with setting the cookies (I got error: Unable To Set Cookie. You May Need to Enable Cookies Within Your Browser.) The result is I have to type in the password again and again for each page under the admin/ folder. Just to clarify: I put the <? include ("access_control.php"); ?> at the top of admin/includes/header.php because 99% of the admin files calls on that file and I am lazy to put <? include ("access_control.php"); ?> in every admin file.

 

This contribution actually stores the password and stuff in MySQL, which is a plus when comparing to only using the basic .htaccess and related password file.

 

I am going to look further into this and hopefully someone can share her/his experience if she/he has installed this contribution.

 

Ken

Link to comment
Share on other sites

I figured out where to put the last piece of the puzzle!!!

 

Go to admin/includes/functions/sessions.php:

 

Find:

function tep_session_start() {

 

Add this after function tep_session_start() {:

<? include ("access_control.php"); ?>

 

So it should be:

function tep_session_start() {

include ("access_control.php");

return session_start();

}

 

You should adjust the path to access_control.php according to where you put the Password Protect folder.

 

That's it!!! Hurray!

 

Ken

Link to comment
Share on other sites

I have the godaddy linux deluxe hosting.

The problem is they run php as a cgi not a module (i'm still too much of a newbie to understand this).

 

You will notice that sometimes you can cancel through the .htaccess prompts (it may take 10-15 tries) and get your catalog page. then click on a product and cancel your way through(again 10-15 times for each click) and you can modify your product price!

 

I spoke to them yesterday about ssl and they pointed me to php.net with a search for cgi.

Their level 1 tech support does not know about this they have to email their level 2.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...