Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin not secured??


kn1ght

Recommended Posts

Godaddy does not have password protection in their control panel. You have to use .htaccess and .htpasswrd or the contribution for login admin.

The contribution in my sig below will help with creating .htaccess and .htpasswrd files.

 

this info is found in your oscommerce admin->tools->file manager.

you can put your .htpasswrd file anywhere in the site as long as thepath to it is specified correctly in your .htaccess.

At godaddy you cannot put it above your root directory so put it in another directory; say the includes directory.

then in your file manager browse to the .htpasswrd file and the path will be displayed at the top of the page.

 

If this is the case then in your admin directory you have a .htaccess file that you will need to edit with the info you create for the new password and the path to the .htpasswrd file

 

 

Hi, thank you very much for all the advice. I thought I was supposed to look at file manager on my hosts pages. Sorry about that confusion on my part. Yes, I did everything as instructed. Patched it up and everything, and now I am working on the admin directory security, my only prob was what to write in the "path" section. ... AuthUserFile /your/server

 

I will keep at it and will most likely find success now with your detailed answers. Thanks!!

Link to comment
Share on other sites

  • 3 weeks later...
  • Replies 50
  • Created
  • Last Reply
IN the contribs is this

 

Secure Admin Login - Logout 1.5_1

 

worked great

 

I have been trying it out the whole night and it doesn't seem to work...keeps me in the login page...

does it work for you? what is there to do? htacces and htpasswd do not work for me, damned Windows server!!!

Can anyone help? how can I make my admin diretory secure...

Link to comment
Share on other sites

If you are on a Windows server then you will have to have FrontPage extensions installed and use FrontPage to secure the admin folder.

 

.htaccess is specific to Apache servers.

 

Vger

Link to comment
Share on other sites

If you are on a Windows server then you will have to have FrontPage extensions installed and use FrontPage to secure the admin folder.

 

.htaccess is specific to Apache servers.

 

Vger

 

how do I do that?

Link to comment
Share on other sites

  • 3 weeks later...
Change the admin folder to something else then "admin" and password protect it.

You can also protect it so only your ip can enter the admin folder but I think thats kinda unnecessary.

 

OK, I am having the same problem. I am with Go Daddy and cannot find where to password protect my admin. I renamed the folder, but I'm not sure how to password protect it.

 

BB

Link to comment
Share on other sites

OK, I am having the same problem. I am with Go Daddy and cannot find where to password protect my admin. I renamed the folder, but I'm not sure how to password protect it.

 

BB

 

 

Also, I have uploaded my catalog and it has an Index page. When I try to upload my main site, it asks me if I want to overwrite my "index" page, this is a definite problem. I would like my catalog to be mysite.com/catalog to get to it.

 

Thanks in advance,

Bb

Link to comment
Share on other sites

  • 3 weeks later...
Change the admin folder to something else then "admin" and password protect it.

You can also protect it so only your ip can enter the admin folder but I think thats kinda unnecessary.

 

 

I changed the name of the folder from 'admin' to 'somethingelse' and then I was unable to access certain section in admin like the catalog, tools..etc. Any idea why...?

Link to comment
Share on other sites

Did you make changes in your "/admin/includes/configure.php" file to reflect the folder name change?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If you rename the 'admin' folder to 'somethingelse', then you need to change anything in there that references any '/admin' folder to '/somethingelse'.

 

You can't do one without the other as they are inextricably linked.

;)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If you rename the 'admin' folder to 'somethingelse', then you need to change anything in there that references any '/admin' folder to '/somethingelse'.

 

You can't do one without the other as they are inextricably linked.

;)

 

That is the problem..i cant find any reference to /admin folder in the configure.php file.

Link to comment
Share on other sites

I was thinking the "/admin/includes/configure.php" file had two references to "admin":

 

About like this:

 

define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required
define('DIR_FS_ADMIN', '/absolute_path_to_your_files/catalog/admin/'); // absolute path required

 

Yours may be different on the definition side, but the variables being defined wil be the same.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If it asks you for a login name and a paswword when accessing the admin folder, that should be enough.

 

An SSL won't help secure the admin folder, but anyone buying something online (i.e. giving out financial information) at a site without an SSL is inviting financial ruin, IMHO

:blink:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

the login does not allow people to enter and use admin.

 

But sniffers at other servers thru which the packet passes will be able to catch data.

 

So an SSL in admin will not allow network level hackers to hack data and use it.

For example if You take backup of data base and download it will have sensitive data without an SSL if it is downloaded it might be sniffed at other servers thru which data has moved and a digital copy can ressult in losses.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

  • 2 months later...
In my signature is a .htaccess and .htpasswrd contribution. upload it and create your files using it to encrypt the password. instructions display on the page.

 

I followed all the steps, and the password window pops up, but when I enter the password it resets and never lets me in to the admin panel? What did I do wrong?

Link to comment
Share on other sites

I followed all the steps, and the password window pops up, but when I enter the password it resets and never lets me in to the admin panel? What did I do wrong?

 

Bump...

Link to comment
Share on other sites

  • 3 weeks later...
  • 4 weeks later...
  • 1 month later...
Can someone explain me why osC programmers didn't protected ADMIN throught PHP?

 

I thought there is a default php login/pw protection on the admin page, I have to login twice once with .htaccess and again to get into the admin panel.

Link to comment
Share on other sites

After sometime of studying, at last i get it work..

 

Removed the .htaccess file from the directory (in this case in my "/admin" directory)

Then i password protected my "/admin" directory using cPanel (provided by my host)

 

hope this help..

 

Regards,

leiso

 

 

QUOTE: The Password Protected Areas feature affects only folders, which do not contain a .htaccess file!

Link to comment
Share on other sites

  • 3 weeks later...

Hi All,

 

I am pretty new to oscommerce snd was looking for an answer to this question, there are lots of explanations on what to do and what not to do so I have prepared a simple guide for linux based hosting with cpanel, if you don’t have either of these and are especially running a windows server then I must say you deserver to have issues anyway enough about how rubbish windows is her goes;

 

1. Log into your cpanel account

2. go to the icon that says “password protect directories”

3. Once you are in select the “admin folder”

4. Then go to the bottom and create a user

5. 0nce a user is created go back and tick the box that says Password protect this directory:

6. Enter a password below this (same password as the user you have just created

7. Your done when you try and log in to the admin backend not you should be prompted for the username and password you created

 

if you dont have linux or cpanel then sorry work it out

 

All Done!!!

Link to comment
Share on other sites

In my signature is a .htaccess and .htpasswrd contribution. upload it and create your files using it to encrypt the password. instructions display on the page.

 

OMG! THANK YOU! THANK YOU! THANK YOU! I've been trying to figure out this .htaccess thing on and off for MONTHS! Thank you BILL! You are the BEST!

 

Leslie

Link to comment
Share on other sites

OMG! THANK YOU! THANK YOU! THANK YOU! I've been trying to figure out this .htaccess thing on and off for MONTHS! Thank you BILL! You are the BEST!

 

Leslie

 

 

Well I added the above and well lets say :-"

 

didn't work for me, would not let me log in with the password i had chosen.

 

So as I have cpanel... I followed the instructions from Markholland8 worked like a charm....

 

Find it hard to believe such a sophisticated script has no built in admin protection...learn something new every day! :huh:

Link to comment
Share on other sites

I followed the links regarding htaccess in one of the member links in their signature.

The instructions were pretty simple and easy to do, however, like most of you my password

did not work. I had my password generated from a site and the site even generated the

htaccess file for me multiple times. Somehow, after uploading it, I still couldn't access my site.

 

I did more research and decided to generate my own htpasswd from my computer.

After generating my own, htaccess works. It recognizes my password.

 

Instructions:

 

1. Get a command prompt -- start --run --cmd

2. Change to the directory where htpasswd is installed, usually \apache\bin\htpasswd

3. Follow this link to generate your own htpasswd from your computer

 

>> http://httpd.apache.org/docs/1.3/programs/htpasswd.html

 

I'm using windows 2000 on my local machine with xampp installed.

My .htaccess resides on a linux server. This worked for me. I hope this helps you.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...