Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

no password protect on admin


kennycheung

Recommended Posts

Hello,

 

have successfully installed os commerce on server with mysql db.

 

But the problem is, that there is no login required for the administration panel and everyone can logon

 

How could I built in a login?

 

below is my .htaccess file under admin folder:

 

# $Id: .htaccess,v 1.1 2003/06/20 00:18:30 hpdl Exp $

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

<IfModule mod_setenvif.c>

<IfDefine SSL>

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

</IfDefine>

</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

#

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

#

#<IfModule mod_php4.c>

# php_value session.use_trans_sid 0

# php_value register_globals 1

#</IfModule>

Link to comment
Share on other sites

Hello,

 

have successfully installed os commerce on server with mysql db.

 

But the problem is, that there is no login required for the administration panel and everyone can logon

 

How could I built in a login?

 

 

Try the contribution Secure Admin Login-Logout which works like a charm for me. It takes care of a lot of security issues as well. look under Contributions, do a search for Secure Admin Login and it should pop up.

Link to comment
Share on other sites

Via your control panel provided by your host set the admin directory to be passworded.

 

Who are you hosted with?

Link to comment
Share on other sites

Your .htaccess file does not have the necessary information for passwording. Do a google search on .htaccess and .htpasswrd for specific and very easy instructions on using this method of security. There are even some 'Generators' online that will write the necessary lines and all you need to do is copy and paste.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...