tcr1016 Posted June 19, 2007 Posted June 19, 2007 I took the .htaccess file in the admin and erased everything and put the bolded line it told me: AuthName "Password Protected Area" AuthType Basic AuthUserFile /your/server/path/.htpasswd (I put the server path that 1&1 gave me, which is my domain root) AuthGroupFile /dev/null require valid-user Then created a htpasswd file with the this text that the password file saidand put it in my main folder root directory tcr1016:1$3wLYxJYKwvc When I go to the admin page it promps me a user and password popup window. I tried my password I entered then hit encrypt. Not Luck. Then I tried the stuff after tcr1016:1$3wLYxJYKwvc. NO Luck. What did I do wrong? Was I supposed to delete all the contents in the htaccess file and just have the bold. I am getting stressed to get this done. I am new to php and my host 1and1 does not have CPanel to create a password directory.
GemRock Posted June 20, 2007 Posted June 20, 2007 I am not sure you can enter a password directly into the htpasswd file. Googling this: htaccess password for an online password generator, and do it there. Ken commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile). over 20 years of computer programming experience.
usernamenone Posted June 20, 2007 Posted June 20, 2007 http://www.oscommerce.com/community/contri...rch,admin+login download the second from the top 17 Jan 2007
engineer Posted June 20, 2007 Posted June 20, 2007 I am not sure you can enter a password directly into the htpasswd file. Googling this: htaccess password for an online password generator, and do it there. Ken Hello, I have not been successful either in getting this security hole patched. Still having problems login in wiht the passwor i created. I get the propmt for user name but it will not take my password anyone has a working file that i can work with and edit and so forth. i did not locate the file that you mention ont the 17 Jan post and would like to get this issue resolve. Thank you for your time and do please advice what i need to do secure the admin control panel.
Snoboreders Posted June 20, 2007 Posted June 20, 2007 Guys, the solution is the link that usernamenone posted. It is secure login - logout v 1.5 by MountainDew. I know this because I just secured my admin YESTERDAY after nearly a week of frustration. Although the instructions may seem a daunting task at first, if you actually read them, it simply asks you to place some code near the line specified. Open the .sql file with a text editor (right click, open with) and change the name and pass. Then import it to your mySql database. It should take you about 20 mins if you are careful. When you access your admin and it lets you in....you will be ready to celebrate (I sure did yesterday!). Ok, so replace your.htaccess with the original .htaccess file and delete your .htpasswd and download this contribution. Let me guess...you guys are hosting with GoDaddy right? Well, regardless I had the exact same problem of not being able to login. Good luck guys.
usernamenone Posted June 20, 2007 Posted June 20, 2007 Yes it is a godaddy issue but the contrib is a quick and painless fix. Looks more professional to clients to see that log in than the browser .htaccess box smack dab in the middle of the screen. :thumbsup: Guys, the solution is the link that usernamenone posted. It is secure login - logout v 1.5 by MountainDew. I know this because I just secured my admin YESTERDAY after nearly a week of frustration. Although the instructions may seem a daunting task at first, if you actually read them, it simply asks you to place some code near the line specified. Open the .sql file with a text editor (right click, open with) and change the name and pass. Then import it to your mySql database. It should take you about 20 mins if you are careful. When you access your admin and it lets you in....you will be ready to celebrate (I sure did yesterday!). Ok, so replace your.htaccess with the original .htaccess file and delete your .htpasswd and download this contribution. Let me guess...you guys are hosting with GoDaddy right? Well, regardless I had the exact same problem of not being able to login. Good luck guys.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.