Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to set ID/PWD for Admin


Lisa4720

Recommended Posts

Hi guys (and gals!),

 

I'm here with a frustrating problem. I went in to add more product to one of our OSC categories yesterday and all was fine except some of the text needs to be changed. No problem, I'll just log back into the Admin Cpanel and make the changes. Hummm... why is it asking me for ID and Password? Ok. I put it in and it kept rejecting asking for ID and Password.

 

We had a programmer working on the main server yesterday setting up some password protected directories. I fear he may have either removed the password protection on the Admin directory or changed the password. What I don't know is the name of the directory where the files

 

Sometimes people do stupid things. I am so frustrated with this problem and the guy who [may have] caused it that I could scream. I didn't know where to turn. Then I remembered the OSC forums and knew someone here would know how to guide me.

 

I remember when we set up the store we had to create a password protected directory for CPanel access and create a password. I also remember that there was a file in one of the many directories of the store setup where the User ID Admin name (and password?) were stored.

 

What is also worrying me is that we have a password protected directory setup for our digital downloads and I'm wondering, did he remove that too?

 

Would someone please explain to me how the process to gain access to the Admin CPanel is set up, just in case I have to go in and do it myself? >_<

 

Arghhhh!

 

Thanks for the help.

 

Lisa [Greene]

Link to comment
Share on other sites

Lisa,

 

The file you are looking for would most likely be the .htaccess file located in your catalog/admin/ folder. You can try and view this file by going into your web hosts Cpanel (if you have a Cpanel or someother type of file manager) but the password will have been encrypted so it will not do you any good.

If you do have a web hosted Cpanel account, you could easily use the Pass Protect feature to automatically create a new .htaccess file with a new username and password.

Otherwise, you could try my "Password Protect the Admin Directory" contribution for additional help:

http://www.oscommerce.com/community/contributions,4904

 

Good luck (don't you love programmers) :blush:

Bill Kellum

Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Link to comment
Share on other sites

Lisa,

 

The file you are looking for would most likely be the .htaccess file located in your catalog/admin/ folder. You can try and view this file by going into your web hosts Cpanel (if you have a Cpanel or someother type of file manager) but the password will have been encrypted so it will not do you any good.

If you do have a web hosted Cpanel account, you could easily use the Pass Protect feature to automatically create a new .htaccess file with a new username and password.

Otherwise, you could try my "Password Protect the Admin Directory" contribution for additional help:

http://www.oscommerce.com/community/contributions,4904

 

Good luck (don't you love programmers) :blush:

Bill Kellum

 

 

I did look at the .htaccess file. I found it useless.

 

I do have access to the Cpanel account and will create a new .htaccess file but I have to tell it what directory to password protect. Is it the entire Admin directory? Or is it a specific subdirectory?

 

I know contributions are supposed to be easy. I also know that I am no programmer and have never installed a contribution. The url above doesn't take me to the contribution you suggest.

 

Thanks,

 

Lisa

Link to comment
Share on other sites

I did look at the .htaccess file. I found it useless.

 

I do have access to the Cpanel account and will create a new .htaccess file but I have to tell it what directory to password protect. Is it the entire Admin directory? Or is it a specific subdirectory?

 

I know contributions are supposed to be easy. I also know that I am no programmer and have never installed a contribution. The url above doesn't take me to the contribution you suggest.

 

Thanks,

 

Lisa

Lisa,

The powers to be removed my contribution because of the link to a free password encryption site so that is why it is no longer available. You can PM me and I can send it to you but really you would be better off using your Cpanel and protecting the entire admin folder. By doing so, your store's admin will be safe as before the programmer messed things up.

Good luck,

Bill Kellum

Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Link to comment
Share on other sites

Lisa,

The powers to be removed my contribution because of the link to a free password encryption site so that is why it is no longer available. You can PM me and I can send it to you but really you would be better off using your Cpanel and protecting the entire admin folder. By doing so, your store's admin will be safe as before the programmer messed things up.

Good luck,

Bill Kellum

 

 

Well, I tried that. I went in and set up a new user ID and password for the admin directory but it still won't give me access to the panel. It just rejects the codes and resets asking for the codes again. The Admin directory is set for 775 access and I assume that is correct.

 

If I remember correctly when the store was created the guy who set it up asked us for a User ID because he had to insert it into some file. He then told us to go into our CPanel and password protect the directory using the same User ID and a password. At least I think it was the store. We set up so many programs that it could have been some other program. I am really frustrated.

 

Lisa

Link to comment
Share on other sites

Well, I tried that. I went in and set up a new user ID and password for the admin directory but it still won't give me access to the panel. It just rejects the codes and resets asking for the codes again. The Admin directory is set for 775 access and I assume that is correct.

 

If I remember correctly when the store was created the guy who set it up asked us for a User ID because he had to insert it into some file. He then told us to go into our CPanel and password protect the directory using the same User ID and a password. At least I think it was the store. We set up so many programs that it could have been some other program. I am really frustrated.

 

Lisa

Lisa, you will need to replace the current .htaccess file that is in your catalog/admin directory. A word of caution though...I would download a backup copy of this file to your PC first. Then remove the following lines if present:

AuthType Basic
AuthName "OS Commerce Administration"
AuthUserFile " /your/server/path/.htpasswds/catalog/admin/htpasswd"
require valid-user

Save the .htaccess file and then FTP it to your catalog/admin folder overwriting the existing .htaccess file.

Now once again try to password protect your catalog/admin folder via your web hosts cpanel and you should be able to create a new username and password.

 

Also...as a temporary fix, you could log into your web host account and search for a file/folder called .htpasswds. Your programmer should have placed it in a folder called .htpasswds/catalog/admin or .htpasswds/shop/admin. Temporarily rename the "admin" to something else like "admin_original". This will disable any username & passwords associated with your store's admin folder and allow you (and any body else) access to your admin folder.

Now you can try to add a new username and password through your cpanel.

 

Hope this all makes sense to you,

Bill Kellum

Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Link to comment
Share on other sites

One other note...

 

If you are using a session based access control modification, such as that used with CRE Loaded for example, you will need to run some queries on your database in order to get out of the situation.

  1. Get yourself into phpmyadmin, or whatever database management tool you use and have a look at the admin table. You will see that the password is encrypted - you could use some kind of brute force tool in an attempt to break this, but the quicker way of dealing with things is simply to replace this entry with one of known values. If you go ahead and delete the entry from this table and then run this query (note this may need to be adjusted slightly if your database columns don't match the count of this particular query) :
    INSERT INTO admin (admin_id, admin_groups_id, admin_firstname, admin_lastname, admin_email_address, admin_password, admin_created, admin_modified, admin_logdate, admin_lognum) VALUES (1, 1, 'Default', 'Admin', '[email protected]', '1060bdf4e47bc8b4ab3fb0cfea9ef70b:77', now(), now(), now(), '6');



  2. Now the above will reset the username/password to the default values at installation, which are
    admin@localhost/admin

    . Note: If any "email" tags show up, ignore them as this forum is adding that to the format and I can't do anything about that.

Don't mean to bog you down with a lot of details but you seem desparate so I hope any of the information that I provided is useful to you. :-

Bill

Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...