Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Secure Admin using Admin-0.0.5 php...please help.


awarner20

Recommended Posts

Hello everyone,

 

I recently installed oscommerce and when looking through the installation documentation and the support forums, I've been trying to figure out the easiest/best way to secure my catalog Admin by implementing a username and password to sign into the Admin area of my catalog.

 

I came across a post that suggested this post... http://www.oscommerce.com/community/contri...ch,secure+admin

 

I downloaded these files. They are two .php files. One named admin_login.php and the other named login.php. Maybe I'm missing something here, but I can't seem to find specific instructions on where to put these files and what to change in them. Can anyone shed some light on this for me?

 

Any help would be greatly appreciated. I'm just looking for a fairly simple way to implement a password and username for the Admin section of my catalog. I have my site hosted on a Godaddy Linux shared account.

 

Thanks for any input.

 

Adam

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

No need to do all of that. Your web hosting control panel will have a Passoword or Directory Protection link - which will set up the protection for you.

 

Vger

 

 

Thanks, I read that in the posts, but I didn't find that option in my Godaddy hosting Control Panel. I'll look again and post back.

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

Thanks, I read that in the posts, but I didn't find that option in my Godaddy hosting Control Panel. I'll look again and post back.

 

Here's what I found on the Godaddy Hosting support pages and what I've done with this info...and then the outcome....

 

Godaddy says...

 

 

Using .htpasswd With Your Linux Shared Hosting Account

Last Updated: October 12, 2006 5:35 PM

Print This Article

 

To protect a directory in your hosting account with a password, in that directory, create an .htaccess file that contains the following:

AuthUserFile /home/content/l/o/g/login_name/html/.htpasswd

AuthGroupFile /dev/null

AuthName EnterPassword

AuthType Basic

 

require valid-user

 

Where "l," "o," and "g" are the first three letters of your hosting login and "login_name" is your full hosting login. For example, the hosting login "maynard" would translate to the following path:

/home/content/m/a/y/maynard/html/.htpasswd

 

The AuthUserFile describes where the Web server looks for the .htpasswd file. The .htpasswd file contains a list of users who have access to a protected directory and their hashed passwords. There are a number of tools available online to create .htpasswd files.

 

NOTE: Due to server caching, new .htaccess files may take up to one hour to be recognized. Changes to existing .htaccess files are picked up immediately.

 

NOTE: Our servers are configured to prevent the downloading of both .htaccess and .htpasswd files.

 

So then I followed these directions, uploaded the .htaccess and .htpasswd to the catalog/admin folder.....

 

Then I loaded the url of my catalog admin....something went wrong and I don't know what....here's what I encountered...

 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

Apache/1.3.33 Server at www.mywebsite.net Port 80

 

Godaddy did say it could take up to an hour for .htaccess files to be recognized, but I really have no clue if this is the reason for this error. I will give it time and see what happens.

 

Again, I will post back with further results and if anyone here can offer any further advice or tips, please feel free to do so.

 

Thanks,

 

Adam

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

another update....still not working, but getting closer....

 

To create my .htaccess I followed the Godaddy directions posted earlier and made the .htaccess file with Text Edit on a Mac. I also used the .htpasswd generator found here... http://www.htaccesstools.com/htpasswd-generator/

 

This returned a line similar to this...

.htpasswd entry created

 

Copy the text below into your .htpasswd file.

 

Remember: One entry per line.

 

username:encryptedpassword

 

I copy and pasted this "username:encryptedpassword" into Text Edit and saved as .htpasswd

 

I uploaded both of these files to my server in the catalog/admin directory. That's when I encountered the previous error.

 

So, I connected to my server, found these files and opened them from my ftp program to edit them and found that both contained references to RTF, which is a Text Edit format. I removed all references to RTF and then re-saved these to my server in the catalog/admin directory.

 

I refreshed my browser to http://mywebsite.net/catalog/admin and to my surprise I was presented with a "username" and "password" sign in screen. I used the same username and password I created using the .htpasswd generator and unfortunately, I was unable to sign in. I tried the un-encrypted password and also the encrypted password with the same result...

 

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

 

Apache/1.3.33 Server at www.mywebsite.net Port 80

 

I will try again in the morning, I'm going to bed!

 

Adam

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

  • 1 month later...
I am having the same problem.

 

Adam, after a good nights sleep have you resolved this?

 

It was resolved, and has been working. If I remember correctly, I had to wait for a day and try again. For some reason, it worked. I'm sorry if this doesn't help too much, but I think it was patience on my part that helped. It would be nice if GoDaddy could just offer a password protect feature.

 

Odd that you should reply to this post today as I am again having trouble with htaccess, but on a brand new domain/OsCommerce installation. This one only differs in that I have installed an SSL certificate on this domain. This time I followed the same steps... creating the htaccess and htpasswd files using the same site refenced above. I was already to upload them to the admin directory when I noticed an existing htaccess file. This was not present in the previous OsCommerce install so I assume it's something new that has to do with enabling SSL connections at the time of installation. That being said, I looked at the file and it included the following..."# $Id: .htaccess,v 1.1 2003/06/20 00:18:30 hpdl Exp $

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

<IfModule mod_setenvif.c>

<IfDefine SSL>

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

</IfDefine>

</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

#

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

#

#<IfModule mod_php4.c>

# php_value session.use_trans_sid 0

# php_value register_globals 1

#</IfModule>"

 

I have no idea what any of this means. Is there not an easy way to password protect the admin area?

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

I will try again tomorrow. There is some commentary in the godaddy help reguarding delays in .htaccess file recognition. May be the same for .htpasswd.

 

I did respond to three godaddy surveys with the complaint that there tech help is good, but they do not have any answers. And that they should offer password protection.

 

You and other users should do the same.

 

It may have also been helpfull if osCommerce had included some sort of file protection. But I don't know enough to understand why they don't.

 

I am also going SSL before I onpen my store. Glad the hear that I have more fun instore.

Link to comment
Share on other sites

I will try again tomorrow. There is some commentary in the godaddy help reguarding delays in .htaccess file recognition. May be the same for .htpasswd.

 

I did respond to three godaddy surveys with the complaint that there tech help is good, but they do not have any answers. And that they should offer password protection.

 

You and other users should do the same.

 

It may have also been helpfull if osCommerce had included some sort of file protection. But I don't know enough to understand why they don't.

 

I am also going SSL before I onpen my store. Glad the hear that I have more fun instore.

 

I will send Godaddy a request, maybe I'll just give them a call;) I'll keep track of the .htaccess and SSL posts to see if we can get some definitive answers. When I get this figured out, I'll see if I can come up with an OsCommerce/Godaddy tutorial to post here for other users;)

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

Have you tried:

 

htaccess - phpaccess for osc

 

from the contributions area. I am going to give it a try tonight.

 

Gary,

 

I found a solution that has worked for me! After searching the Help section at Godaddy with the keyword "htaccess", I came across another Help post that caught my eye because it was the same error I received when I uploaded my .htaccess and .htpasswd files to the catalog/admin directory. The title is...

 

"What do I do when I receive an Internal Server Error?

Last Updated: October 18, 2006 7:55 AM"

 

In short it reads...

 

"Resolution:

 

Be sure to upload .htaccess files in ASCII mode

 

Set the permissions to 644, which makes it useable by the server, but prevents it from being read from a browser.

 

If you are trying to make changes to PHP settings, be sure to make said changes to the php.ini file."

 

It turns out that the first line about ASCII mode was my problem. I was uploading in BINARY mode. I changed the uploading mode in my FTP program (Transmit for Mac), uploaded the files, refreshed the page "http://www.mysite.com/catalog/admin" and I was then presented with the username and password sign in dropdown. I entered the info and BAM, I was in!

 

I did not set the permissions to 644 for the htaccess files though, as it worked with just changing the FTP transfer mode.

 

I'll write a more extensive how-to post here if you follow these steps and confirm that it worked on Godaddy for you too.

 

Good luck!

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

Adam,

 

I solve my problem last night also.

 

When I called godaddy to find out my folder address (because I cannot locate it in the control panels), I wrote it down on paper. When I write my URL I use caps for the first three letters. Which is the way I wrote it in .htaccess.

 

I changed the address to my .htpasswd file to all lower case and it worked like a charm. I should have known better, but that was the problem for me. Two days in learning!

 

Gary

Link to comment
Share on other sites

Congrats on your success! Two simple answers to our troubles. Hey, can you send a link to your site when it's ready?

We see our customers as invited guests to a party, and we are the hosts. It's our job every day to make every important aspect of the customer experience a little bit better. - Jeff Bezos

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...