spidercreations Posted May 10, 2007 Posted May 10, 2007 Hi, I'm brand new to the world of osCommerce and have installed the application. My first goal is to secure the admin area and I have elected to use the Secure Admin Login - Logout contribution. I noted that there are some other threads concerning this topic, but it seems as if I've followed the installation instructions, the security "looks" to be in place, but I can still get to the admin section without entering a username and password. I've completed the following steps... Edit admin/includes/header.php by finding... <td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?> and add the following right at the end of that, but just before the </td> | <?php echo '<a href="' . tep_href_link(FILENAME_ADMIN_SECURITY, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_MY_ACCOUNT . '</a>'; ?> Then, edit file admin/includes/languages/english.php, at about line 50, I added the following lines... define('HEADER_TITLE_MY_ACCOUNT','my account'); define('HEADER_TITLE_ADMIN_SECURITY','Change Admin Username and Password Here'); Then, edit the file admin/includes/filenames.php and add the following at the end of the code, before the ?> PHP close... //admin change username and password define('FILENAME_ADMIN_SECURITY', 'admin_security.php'); Then, copy the file admin_security.php into the admin folder. My next step was to create the administrator table in the database by running the following SQL queries... CREATE TABLE `administrator` ( `ID` int(10) unsigned NOT NULL auto_increment, `sName` varchar(255) NOT NULL default '', `sPassword` varchar(255) NOT NULL default '', `sGUID` varchar(32) default NULL, `sData` text, PRIMARY KEY (`ID`) ) TYPE=MyISAM AUTO_INCREMENT=3; and then... INSERT INTO `administrator` VALUES (1, 'username1', password('your_password1'), NULL, NULL); INSERT INTO `administrator` VALUES (2, 'username2', password('your_password2'), NULL, NULL); I did change username1, your_password1, username2 and your_password2 values to real things. The queries ran fine. But the issue is that I seem to still have full access to the admin section. Any ideas? Thanks, Steve
spidercreations Posted May 10, 2007 Author Posted May 10, 2007 BTT - Should I just go with the .htaccess solution instead? I think that it would be best to have multiple admin accounts so I would prefer to go this route if possible. Anyone? Thanks in advance.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.