joy99 Posted June 21, 2007 Share Posted June 21, 2007 Godaddy does not have password protection in their control panel. You have to use .htaccess and .htpasswrd or the contribution for login admin.The contribution in my sig below will help with creating .htaccess and .htpasswrd files. this info is found in your oscommerce admin->tools->file manager. you can put your .htpasswrd file anywhere in the site as long as thepath to it is specified correctly in your .htaccess. At godaddy you cannot put it above your root directory so put it in another directory; say the includes directory. then in your file manager browse to the .htpasswrd file and the path will be displayed at the top of the page. If this is the case then in your admin directory you have a .htaccess file that you will need to edit with the info you create for the new password and the path to the .htpasswrd file Hi, thank you very much for all the advice. I thought I was supposed to look at file manager on my hosts pages. Sorry about that confusion on my part. Yes, I did everything as instructed. Patched it up and everything, and now I am working on the admin directory security, my only prob was what to write in the "path" section. ... AuthUserFile /your/server I will keep at it and will most likely find success now with your detailed answers. Thanks!! Link to comment Share on other sites More sharing options...
Guest Posted July 13, 2007 Share Posted July 13, 2007 IN the contribs is this Secure Admin Login - Logout 1.5_1 worked great I have been trying it out the whole night and it doesn't seem to work...keeps me in the login page... does it work for you? what is there to do? htacces and htpasswd do not work for me, damned Windows server!!! Can anyone help? how can I make my admin diretory secure... Link to comment Share on other sites More sharing options...
♥Vger Posted July 13, 2007 Share Posted July 13, 2007 If you are on a Windows server then you will have to have FrontPage extensions installed and use FrontPage to secure the admin folder. .htaccess is specific to Apache servers. Vger Link to comment Share on other sites More sharing options...
Guest Posted July 18, 2007 Share Posted July 18, 2007 If you are on a Windows server then you will have to have FrontPage extensions installed and use FrontPage to secure the admin folder. .htaccess is specific to Apache servers. Vger how do I do that? Link to comment Share on other sites More sharing options...
Bigblock Posted August 8, 2007 Share Posted August 8, 2007 Change the admin folder to something else then "admin" and password protect it. You can also protect it so only your ip can enter the admin folder but I think thats kinda unnecessary. OK, I am having the same problem. I am with Go Daddy and cannot find where to password protect my admin. I renamed the folder, but I'm not sure how to password protect it. BB Link to comment Share on other sites More sharing options...
Bigblock Posted August 8, 2007 Share Posted August 8, 2007 OK, I am having the same problem. I am with Go Daddy and cannot find where to password protect my admin. I renamed the folder, but I'm not sure how to password protect it. BB Also, I have uploaded my catalog and it has an Index page. When I try to upload my main site, it asks me if I want to overwrite my "index" page, this is a definite problem. I would like my catalog to be mysite.com/catalog to get to it. Thanks in advance, Bb Link to comment Share on other sites More sharing options...
freelancer101 Posted August 24, 2007 Share Posted August 24, 2007 Change the admin folder to something else then "admin" and password protect it. You can also protect it so only your ip can enter the admin folder but I think thats kinda unnecessary. I changed the name of the folder from 'admin' to 'somethingelse' and then I was unable to access certain section in admin like the catalog, tools..etc. Any idea why...? Link to comment Share on other sites More sharing options...
germ Posted August 24, 2007 Share Posted August 24, 2007 Did you make changes in your "/admin/includes/configure.php" file to reflect the folder name change? :unsure: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
freelancer101 Posted August 24, 2007 Share Posted August 24, 2007 Did you make changes in your "/admin/includes/configure.php" file to reflect the folder name change?:unsure: What should I change in configura.php file...? Link to comment Share on other sites More sharing options...
germ Posted August 24, 2007 Share Posted August 24, 2007 If you rename the 'admin' folder to 'somethingelse', then you need to change anything in there that references any '/admin' folder to '/somethingelse'. You can't do one without the other as they are inextricably linked. ;) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
freelancer101 Posted August 24, 2007 Share Posted August 24, 2007 If you rename the 'admin' folder to 'somethingelse', then you need to change anything in there that references any '/admin' folder to '/somethingelse'. You can't do one without the other as they are inextricably linked. ;) That is the problem..i cant find any reference to /admin folder in the configure.php file. Link to comment Share on other sites More sharing options...
germ Posted August 24, 2007 Share Posted August 24, 2007 I was thinking the "/admin/includes/configure.php" file had two references to "admin": About like this: define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required define('DIR_FS_ADMIN', '/absolute_path_to_your_files/catalog/admin/'); // absolute path required Yours may be different on the definition side, but the variables being defined wil be the same. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
getmethod Posted August 25, 2007 Share Posted August 25, 2007 I'm in the process of setting up my store. For the admin folder, I added a password to the .htaccess file. Is this enough? What else should I do to secure the folder? Should I implement SSL? Link to comment Share on other sites More sharing options...
germ Posted August 25, 2007 Share Posted August 25, 2007 If it asks you for a login name and a paswword when accessing the admin folder, that should be enough. An SSL won't help secure the admin folder, but anyone buying something online (i.e. giving out financial information) at a site without an SSL is inviting financial ruin, IMHO :blink: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
satish Posted August 26, 2007 Share Posted August 26, 2007 the login does not allow people to enter and use admin. But sniffers at other servers thru which the packet passes will be able to catch data. So an SSL in admin will not allow network level hackers to hack data and use it. For example if You take backup of data base and download it will have sensitive data without an SSL if it is downloaded it might be sniffed at other servers thru which data has moved and a digital copy can ressult in losses. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Guest Posted November 11, 2007 Share Posted November 11, 2007 In my signature is a .htaccess and .htpasswrd contribution. upload it and create your files using it to encrypt the password. instructions display on the page. I followed all the steps, and the password window pops up, but when I enter the password it resets and never lets me in to the admin panel? What did I do wrong? Link to comment Share on other sites More sharing options...
Guest Posted November 13, 2007 Share Posted November 13, 2007 I followed all the steps, and the password window pops up, but when I enter the password it resets and never lets me in to the admin panel? What did I do wrong? Bump... Link to comment Share on other sites More sharing options...
xlameee Posted November 30, 2007 Share Posted November 30, 2007 Bump... You guys better see this http://www.oscommerce.com/forums/index.php?sho...2224&st=40# I hope this is helpful Nikolay :rolleyes: Link to comment Share on other sites More sharing options...
m4rk0 Posted December 27, 2007 Share Posted December 27, 2007 Can someone explain me why osC programmers didn't protected ADMIN throught PHP? Link to comment Share on other sites More sharing options...
mathius Posted February 16, 2008 Share Posted February 16, 2008 Can someone explain me why osC programmers didn't protected ADMIN throught PHP? I thought there is a default php login/pw protection on the admin page, I have to login twice once with .htaccess and again to get into the admin panel. Link to comment Share on other sites More sharing options...
leiso Posted February 22, 2008 Share Posted February 22, 2008 After sometime of studying, at last i get it work.. Removed the .htaccess file from the directory (in this case in my "/admin" directory) Then i password protected my "/admin" directory using cPanel (provided by my host) hope this help.. Regards, leiso QUOTE: The Password Protected Areas feature affects only folders, which do not contain a .htaccess file! Link to comment Share on other sites More sharing options...
markholland8 Posted March 10, 2008 Share Posted March 10, 2008 Hi All, I am pretty new to oscommerce snd was looking for an answer to this question, there are lots of explanations on what to do and what not to do so I have prepared a simple guide for linux based hosting with cpanel, if you don’t have either of these and are especially running a windows server then I must say you deserver to have issues anyway enough about how rubbish windows is her goes; 1. Log into your cpanel account 2. go to the icon that says “password protect directories” 3. Once you are in select the “admin folder” 4. Then go to the bottom and create a user 5. 0nce a user is created go back and tick the box that says Password protect this directory: 6. Enter a password below this (same password as the user you have just created 7. Your done when you try and log in to the admin backend not you should be prompted for the username and password you created if you dont have linux or cpanel then sorry work it out All Done!!! Link to comment Share on other sites More sharing options...
Guest Posted March 13, 2008 Share Posted March 13, 2008 In my signature is a .htaccess and .htpasswrd contribution. upload it and create your files using it to encrypt the password. instructions display on the page. OMG! THANK YOU! THANK YOU! THANK YOU! I've been trying to figure out this .htaccess thing on and off for MONTHS! Thank you BILL! You are the BEST! Leslie Link to comment Share on other sites More sharing options...
Tokai Posted March 20, 2008 Share Posted March 20, 2008 OMG! THANK YOU! THANK YOU! THANK YOU! I've been trying to figure out this .htaccess thing on and off for MONTHS! Thank you BILL! You are the BEST! Leslie Well I added the above and well lets say :-" didn't work for me, would not let me log in with the password i had chosen. So as I have cpanel... I followed the instructions from Markholland8 worked like a charm.... Find it hard to believe such a sophisticated script has no built in admin protection...learn something new every day! :huh: Link to comment Share on other sites More sharing options...
BryceJr Posted March 21, 2008 Share Posted March 21, 2008 I followed the links regarding htaccess in one of the member links in their signature. The instructions were pretty simple and easy to do, however, like most of you my password did not work. I had my password generated from a site and the site even generated the htaccess file for me multiple times. Somehow, after uploading it, I still couldn't access my site. I did more research and decided to generate my own htpasswd from my computer. After generating my own, htaccess works. It recognizes my password. Instructions: 1. Get a command prompt -- start --run --cmd 2. Change to the directory where htpasswd is installed, usually \apache\bin\htpasswd 3. Follow this link to generate your own htpasswd from your computer >> http://httpd.apache.org/docs/1.3/programs/htpasswd.html I'm using windows 2000 on my local machine with xampp installed. My .htaccess resides on a linux server. This worked for me. I hope this helps you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.