Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

.htaccess your /catalog/admin directory

Milierkovic

By Milierkovic
in General Support

Recommended Posts

Milierkovic

Milierkovic

Posted
Posted

Hello people,

 

I have a question, and i am new to osCommerce, but last night i was able to install and

run the osCommerce software, only the final security step is not working.

 

".htaccess your /catalog/admin directory" etc.

 

I searched the forum over and over and googled for hours to make htaccess work on catalog/admin dir.

But till now still no luck.

 

I tried the normal way, by editting the existing htacces file, like this:

 

AuthType Basic

AuthName "NO ACCESS"

AuthUserFile catalog/admin/.htpasswd

AuthGroupFile /dev/null

<Limit GET>

require valid-user

</Limit>

 

and the .htpasswd:

 

test:1$0oXPT/FKWnY

 

This way it gave me a popup (htacces screen) when trying to access the admin page, but

when filling in username and password i get "internal server error 500" etc.

 

I also tied different ways, and used some contributions, changed locations etc.....

 

My situation is as followed:

 

I host my own osCommerce shop, i have XAMPP 1.5.3a installed, and i already host a vBulletin board, which is also .htaccess protected and working perfecty, all files are in "htdocs"

 

I installed osCommerce using the "Register Globals Patch Files" contribution, can this have anything

to do with the problem?

 

Also i checked if "AllowOverride" (apache server) option in httpd.conf is set to "All" and that is the case.

 

So also no problem there, bu i still want to secure my catalog/admin dir

 

Can i maybe rename/change the admin dir, and if yes what config files, do i need to edit,

to still be able to log on to the administration panel?

 

If you need more information to understand my situation please let me know.

 

I hope someone is able to help me with this issue

 

regards,

Vger

♥Vger

Posted
Posted

You need to look at this section of httpd.conf to get .htaccess working. Then you need to stop and restart the service to get it to work:

 

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
AllowOverride AuthConfig Limit Indexes FileInfo Options

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from localhost 127.0.0.1

</Directory>

 

Take a backup of the file before you start editing it.

 

Vger

Milierkovic

Milierkovic

Posted
  • Author
Posted

Thans for your quick answer,

 

However the htaccess now is only working (which is much safer) when trying to connect to 127.0.0.1/catalog/admin

 

BUT

 

when i login with my temp created test/test credetials again the internal server error pops up.

 

and i did stop the services and restarted it after changing the settings

 

What more can it be ?

Milierkovic

Milierkovic

Posted
  • Author
Posted

FINALLY!

 

I just solved my problem,

 

What i did was the following:

 

At first i did not understand why i did get the htaccess login screen but after filling in my username and password, all the time i received internal server error 500

 

I found out the the answer was in my apache logs, located here:

C:\Program Files\xampp\apache\logs\error.log

 

Here it simply said: The system cannot find the path specified. : Could not open password file: C:/dir/to/.htpasswd

 

After hitting myself a couple of times in the head, i corrected the path, i still do not understand why it could find the dir, i thought it would be htdocs(my rootdir/wwwdir) in xampp followed by the subdirs to htpasswd file, in stead i had to fill in the full dir startinf from c:\etc.

 

But who cares now afterwoods :)

 

BUT after fixing this problem the next occured, now after filling in username/password the htaccess screen would pop up back with password field empty? I was a 100% sure i typed in the correct password.

 

After some googling and reading i found the solution, in stead of an online htaccess script generator, use the apache htpasswd.exe tool, this will do the job for you, and you are sure it is able to correctly read the htpasswd file.

 

Usage: htpasswd.exe -c .htpasswd username

Automatically using MD5 format on Windows.

New password: ********

Re-type new password: ********

Adding password for user username

 

Now all went well, and i have htaccess secure my admin dir at last!

 

Till my next problem :-)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...