Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Secure Admin Login - Logout


spidercreations

Recommended Posts

Hi,

I'm brand new to the world of osCommerce and have installed the application. My first goal is to secure the admin area and I have elected to use the Secure Admin Login - Logout contribution.

 

I noted that there are some other threads concerning this topic, but it seems as if I've followed the installation instructions, the security "looks" to be in place, but I can still get to the admin section without entering a username and password.

 

I've completed the following steps...

 

Edit admin/includes/header.php by finding...

 

<td class="headerBarContent">  <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?>

 

and add the following right at the end of that, but just before the </td>

 

  |  <?php echo '<a href="' . tep_href_link(FILENAME_ADMIN_SECURITY, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_MY_ACCOUNT . '</a>'; ?>

 

Then, edit file admin/includes/languages/english.php, at about line 50, I added the following lines...

 

define('HEADER_TITLE_MY_ACCOUNT','my account');
define('HEADER_TITLE_ADMIN_SECURITY','Change Admin Username and Password Here');

 

Then, edit the file admin/includes/filenames.php and add the following at the end of the code, before the ?> PHP close...

 

//admin change username and password
 define('FILENAME_ADMIN_SECURITY', 'admin_security.php');

 

Then, copy the file admin_security.php into the admin folder.

 

My next step was to create the administrator table in the database by running the following SQL queries...

 

CREATE TABLE `administrator` (
`ID` int(10) unsigned NOT NULL auto_increment,
`sName` varchar(255) NOT NULL default '',
`sPassword` varchar(255) NOT NULL default '',
`sGUID` varchar(32) default NULL,
`sData` text,
PRIMARY KEY (`ID`)
) TYPE=MyISAM AUTO_INCREMENT=3;

 

and then...

 

INSERT INTO `administrator` VALUES (1, 'username1', password('your_password1'), NULL, NULL);
INSERT INTO `administrator` VALUES (2, 'username2', password('your_password2'), NULL, NULL);

 

I did change username1, your_password1, username2 and your_password2 values to real things.

 

The queries ran fine.

 

But the issue is that I seem to still have full access to the admin section.

 

Any ideas?

 

Thanks,

Steve

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...