Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

help securing admin


Guest

Recommended Posts

Posted

Can anyone tell me which lines need to be changed so that when I go into my admin file it is secured?

 

Thanks

Posted
Can anyone tell me which lines need to be changed so that when I go into my admin file it is secured?

 

Thanks

 

This has been in many times in the forums. You could have found the answer by searching the forums.

 

Anyway, admin is secured via your server by password protecting the directory or by using htaccess.

 

If you are unsure how to do this you need to contact your server directly.

Backup before making changes. Backup before making changes! Backup before making changes!!

 

You did do a backup? eh?

Posted

I already put a password protection to get into 'admin', its the message that appears once I am in the Admin window that says that "You are not protected by a secure SSL connection". I have a ssl certificate and my shopping cart is secured.

 

I would like to change the status once I am in the admin.

 

Which file and which lines need changes?

Posted
I already put a password protection to get into 'admin', its the message that appears once I am in the Admin window that says that "You are not protected by a secure SSL connection". I have a ssl certificate and my shopping cart is secured.

 

I would like to change the status once I am in the admin.

 

Which file and which lines need changes?

 

Ok that's a different problem.

Have you changed the paths in the catalog/includes/configure.php file to refect your secure path?

The following statements are all assigned in this file.

define('HTTPS_SERVER', 'https://yoursecureserverpath');

define('ENABLE_SSL', true);

define('HTTPS_COOKIE_DOMAIN', 'yoursecureserverpath');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Remember you need to change the permissions on the file to reupload it.

Backup before making changes. Backup before making changes! Backup before making changes!!

 

You did do a backup? eh?

Posted
Ok that's a different problem.

Have you changed the paths in the catalog/includes/configure.php file to refect your secure path?

The following statements are all assigned in this file.

define('HTTPS_SERVER', 'https://yoursecureserverpath');

define('ENABLE_SSL', true);

define('HTTPS_COOKIE_DOMAIN', 'yoursecureserverpath');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Remember you need to change the permissions on the file to reupload it.

 

Yes I did..the shopping cart itself is secured once customer wants to creat, login or purchase. Its my administration window that doesn't show a ssl secured message.

Posted
Yes I did..the shopping cart itself is secured once customer wants to creat, login or purchase. Its my administration window that doesn't show a ssl secured message.

 

What about the other configure file at:

/catalog/admin/includes/configure.php file have you conigured this file?

Backup before making changes. Backup before making changes! Backup before making changes!!

 

You did do a backup? eh?

Posted
What about the other configure file at:

/catalog/admin/includes/configure.php file have you conigured this file?

 

Yes, I made the changes to that file. It didn't change the status. Still says "You are not protected by a secure SSL connection". in the bottom left box.

 

Any other suggestions?

Posted
Yes, I made the changes to that file. It didn't change the status. Still says "You are not protected by a secure SSL connection". in the bottom left box.

 

Any other suggestions?

 

Sorry I don't. Perhaps someone reading this post will.

 

You might want to repost your problem with a post description of something like "want to have admin working on https" or something like that. The heading you posted under sounds like you want to passord protect your admin which is not what you want to do.

Backup before making changes. Backup before making changes! Backup before making changes!!

 

You did do a backup? eh?

Posted

If you are using a shared ssl cert then it's difficult to get rid of that message, without losing the viewing of your images in admin.

 

If you have a full ssl cert then you'll see 3 entries at the top of admin/includes/configure.php - one is https and two are http. Change the two that are http://www.yourdomain.com to https://www.yourdomain.com and you'll get the message 'You are protected by an unknown secure connection'.

 

Vger

Posted
If you are using a shared ssl cert then it's difficult to get rid of that message, without losing the viewing of your images in admin.

 

If you have a full ssl cert then you'll see 3 entries at the top of admin/includes/configure.php - one is https and two are http. Change the two that are http://www.yourdomain.com to https://www.yourdomain.com and you'll get the message 'You are protected by an unknown secure connection'.

 

Vger

 

I do have a full ssl cert.

I tried what you suggested but status still not changed. See below part of my config

 

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'https://www.supplyroom-backtoschool.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'https://www.supplyroom-backtoschool.com');

define('HTTPS_CATALOG_SERVER', 'https://www.supplyroom-backtoschool.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Posted
I do have a full ssl cert.

I tried what you suggested but status still not changed. See below part of my config

Here's another method to accomplish what you are looking to do:

 

This will force the admin interface to use your secure certificate so that potentially sensitive customer data is encrypted between the web server and your browser.

 

Add the following code to the bottom of /catalog/admin/includes/application_top.php just before the final closing "?>"

 

if($_SERVER['SERVER_PORT'] == 80) {
 Header("Location: " . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN);
 exit;
}

 

You'll be prompted twice when you log into your Admin (same as with other option), your session should then show as secure.

Posted

Ok, I'm having the same problem, in my administration area it says:

 

"You are not protected by a secure SSL connection."

 

I did all you guys suggested above and nada worked.

 

I am on shared hosting, my transactions are showing as secure both via the https: and the padlock icon in the browser, and my host verified I have everything correct.

 

It's just annoying seeing that message in my admin area when it's not correct.

 

So, if anyoen can help me fix it that would rock.

 

Thanx,

 

GrogDog

Posted
// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'https://www.supplyroom-backtoschool.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'https://www.supplyroom-backtoschool.com');

define('HTTPS_CATALOG_SERVER', 'https://www.supplyroom-backtoschool.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

That is wrong

You have https address in http fields. I have my own full cert too... Use my example and fill in your info.. pay close attention to the placement or lack of /'s

 

My store is also in the root directory, (as I beleive yours is too, so it should work near identically)

 

 

opps.. I see your store is in the os directory.. you'll need to add the on.. but again, if the current setting doesn't end in a / don't put one

 

If i remember correctly that would be

 

define('HTTP_COOKIE_PATH', '/os');

define('HTTPS_COOKIE_PATH', '/os');

define('DIR_WS_HTTP_CATALOG', '/os');

define('DIR_WS_HTTPS_CATALOG', '/os');

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.memorylaneprimitives.com'); // eg, http://localhost - should not be empty for productive s

ervers

define('HTTPS_SERVER', 'https://www.memorylaneprimitives.com'); // eg, https://localhost - should not be empty for productiv

e servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.memorylaneprimitives.com');

define('HTTPS_COOKIE_DOMAIN', 'www.memorylaneprimitives.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_FS_DOCUMENT_ROOT', '/home/henry/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/henry/public_html/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

My Contributions

 

Henry Smith

Posted

The way you currently have it your entire store is secure... you don't need that, it's only causes more work for your server then what is needs.

 

Locking up the money is a good thing

 

Locking up the rubber bands that you use to hold the money together is a waste of time, effort and resources.

My Contributions

 

Henry Smith

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...