Securing Admin area, not working

[dacystorm]

Here is the code I have:

 

.htaccess

AuthType Basic

AuthName "Secure area"

AuthUserFile /var/www/public_html

Require valid-user

 

The .htpasswd file is not in the same directory as the .htaccess file.

 

.htpasswd

admin:admin

 

The login notice comes out ok, but when i enter the login/password the login notice re-appears.

 

What kind of right should the above files have? Or is there some other problem?

 

Please help, thanx

[bill110]

In my signature tag is a contribution to create your .htaccess and .htpasswrd files. 1 file to use. no editing.

password protect admin

[dacystorm]

Thanx for your help, that worked great.

 

Also can someone tell me what should be the correct right in Admin section. (CHMOD numbers)

[dacystorm]

Anyone?

[kewlstuffz]

How do i get the admin area password protected so that when i use the admin link it asks for my password and username.

 

 

Ok this is my first post here, ive looked at a few programs for getting a shopping cart trying to find one thats EASY to work with for a moron ;) (im not a total moron i took C++, and VB6, AS/400, database management(MSoffice junk really) in college but i never finished LOL)

 

i've installed Zen cart and when i accessed the admin area it asked for my password with the popup box but why doesnt OScommerce do that for me? am i doing something wrong?

 

I found a nice template and installed OScommerce and i like it only there is NO ADMIN password protection asking for my password when i click the admin tab.

how do i get this to work correctly?

 

ive set the permissions to what the instructions said.

and i also noticed there are a few different .htaccess files in a few different folders. (includes, admin, catalog.....wherever they were EXACTLY im not sure right this second but theres more then a couple.)

 

i also noticed the htaccess files happened to be different file sizes so i tried changing them around to see if thats why i couldnt get the admin area password protected so that someone who knows what url to access wont go and mess things up for me.

 

do i set the endite admin folder permissions to read and write for the owner ONLY? maybe thats what ill try next not sure if i did that and just thought of it now.... I'll try that after i install it again.

 

i like this particular template i found so i really dont want to have to go back to Zen cart just cus i cant get this password protected like zen was automatically without me changing anything. but zen wasnt so kewl looking and alot of things to edit and read too lol

im tring to build a nice website and the last thing i want to do is waste all my time doing this and have it all changed by someone malicious enough to do it.

 

thanks for your help in advance!!!

[bill110]

Read the first and second post of this thread and that should do it.

You can also, depending on your host, password protect the admin thru your control panel.

[kewlstuffz]

THanks Bill that was a wicked fast response. i kind of assumed people would just skim over all my babling.....

I will try that and see if it works as the other post says it did. i didn't want to just try that, i did read it but in his/her case the screen asked for the login even AFTER he entered it. so i didnt want to just ASSUME that would help me out here since i wasnt even asked for a login/pass at all.

THANKS!!! :D

[bill110]

the screen asked for the login even AFTER he entered it.

That was due to incorrect settings etc

[kewlstuffz]

THanks Bill that was a wicked fast response. i kind of assumed people would just skim over all my babling.....

I will try that and see if it works as the other post says it did. i didn't want to just try that, i did read it but in his/her case the screen asked for the login even AFTER he entered it. so i didnt want to just ASSUME that would help me out here since i wasnt even asked for a login/pass at all.

THANKS!!! :D

[kewlstuffz]

((paging Mr Bill))

 

do i leave that password.php file in the directory with the .ht files? do the htaccess and htpasswd need to be in the SAME folder. i tried it both ways.

 

i downloaded a template packaged version of osc and at the time i did look for a readme or something for a version and date or something but never found anything.

 

i learned now this template was made in 2003 with OSC from then. i was goin to add the template to the new version but i couldnt really change all the neccessary files so rather then bother with that and possibly screw something up i figured i would just stick with this one cus i like it. i really didnt know it was made in 2003 till i finally found a file to tell me that a lil bit ago.

 

will that .htaccess and .htpasswd file you supplied work for an old version? ive spent about 2 hrs trying to get it to work and it will not work. it keeps asking me to reenter admin + password and just isnt working

i dont know if the file u gave is ok to use for an old version.....so i better ask WHY it wont work. i guess i could have just installed the newer 2.2 buuuut i need to ask someone who knows wtf they are doing i think lol

 

 

thanks !!!

[eXpired]

Here is the code I have:

 

.htaccess

AuthType Basic

AuthName "Secure area"

AuthUserFile /var/www/public_html

Require valid-user

 

The .htpasswd file is not in the same directory as the .htaccess file.

 

.htpasswd

admin:admin

 

The login notice comes out ok, but when i enter the login/password the login notice re-appears.

 

What kind of right should the above files have? Or is there some other problem?

 

Please help, thanx

Excuse me if I'm wrong, but doesn't your password in your .htpasswd file have to be encoded?

 

Example:

Using the parameters above to create files for you on http://www.tools.dynamicdrive.com/password/

 

.htaccess

AuthName "Secure Area"

AuthType Basic

AuthUserFile /var/www/public_html/.htpasswd

AuthGroupFile /dev/null

require valid-user

 

.htpasswd

admin:GOqzS86ksSHIE

[bill110]

do i leave that password.php file in the directory with the .ht files? do the htaccess and htpasswd need to be in the SAME folder. i tried it both ways.

The new file from the contribution goes into the same directory as the index.php.

Then the .htaccess file you add the info to is in the admin directory.

The .htpasswrd file can go wherever (higher in the directory tree than the catelog if possible)

The instructions that come after you enter your password and click encrypt will tell you more about the path to the .htpasswrd file

 

this was only tested with the newest version of osc2.2

[kewlstuffz]

The new file from the contribution goes into the same directory as the index.php.

Then the .htaccess file you add the info to is in the admin directory.

The .htpasswrd file can go wherever (higher in the directory tree than the catelog if possible)

The instructions that come after you enter your password and click encrypt will tell you more about the path to the .htpasswrd file

 

this was only tested with the newest version of osc2.2

 

*sigh*

hoooooooooours! i tried everything with that file and a different tool too, the other one worked for allowing access to the admin file yet it didnt show me the osc admin screen to edit anything it just gave me an admin screen to add or delete users for access to the admin folder. lol so that one was completely useless

 

its safe to say that file doesnt work with older versions for anyone who wants to know about that you can tell them "dont waste your time" (not sure but i think its 1.3 since it was from 2003)

im goin to get rid of that version and upload 2.2 right now which is what i should have done from the second i learned it was made in 2003. lol

then I'll give the file a try again. I guess it will work like you and that other poster says its will. then ill just have to hope i can get the template i like from the older one to work in 2.2 without messing up the rest of the files. otherwise back to looking for a nicer compatible template.

 

thanks !!