Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Password protect admin panel?


mediarays

Recommended Posts

Another alternative (if you are using apache) is to edit the httpd.conf file and add:

<Directory "/location/of/admin-directory/catalog/admin">

AuthType Basic

Authname OSC Admin

AuthUserFile /location/of/password/file

<Limit GET POST>

require user yourname

</Limit>

</Directory>

 

just a thought.

Link to comment
Share on other sites

If you have enabled frontpage support for your cart directory. Then you can Password Protect your Admin through these steps:

 

To password-protect a folder in FrontPage please follow these steps:



Open your site live with FrontPage.



2. In the Folder List, right-click the directory you want to password protect. If you do not see the [b]Folder List, select View | Folder List.[/b]





3. On the pop-up menu, select Convert To Web. Note that the folder will reappear with a [b]blue circle[/b] in the center.





4. Right-click the folder and then click Open. This opens the folder in a new session of FrontPage.





5. In the new FrontPage session, select [b]Tools | Security | Permissions.[/b] A Permissions window will appear.



[b]Note:[/b] When setting up permissions for the new subweb for the first time only, Front Page will first prompt for an initial Permissions settings, so that it knows whether or not the subweb should inherit the permissions of the parent web.



Select the Use unique permissions for this web radio button. Then, click Apply. Next, click the Users tab in the currently opened permissions window to proceed to the next steps. Then, proceed to Step 6 below.





6. Select Add. Then, enter a new [b]ID[/b] and [b]Password.[/b]





7. Select Allow users to: [b]Browse this web.[/b] Then, click OK





8. Select Only Registered Users have browse access. Then, click [b]Apply.[/b]





As the folder is question is your site roor folder you need to setup permissions for your entire web. No need to create subwebs.

 

I have password protected my Admin in this same manner

I Hope this helps :)

Link to comment
Share on other sites

  • 2 weeks later...
BN has written a great password for Admin contribution. You can find it in the contributions section.

 

http://www.oscommerce.com/downloads.php/co...ions,285/type,3

 

I use it myself.

 

Jerry Nielsen

 

Hey I just downloaded and installed this... but I get no prompt to put in any username/password.. just get "localhost Authorization Required." which shows if u put in the wrong info... but I am not even getting the option to put in my login info... running on localhost, winXP Pro, IIS 5.1, PHP 4.2.3...

 

I suppose you are going to tell me this script won't work on win2k/XP servers, huh?

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

I tried this mod and got:

Fatal error: Failed opening required 'DIR_WS_INCLUDESauthen.php' (include_path='.:/usr/local/lib/php') in /home/mywebsite/web/admin/includes/application_top.php on line 16

 

 

On line 16 I have:

define('ADMIN_PASSWORD', 'mypasword');

 

Any ideas whats wrong???

Link to comment
Share on other sites

  • 2 weeks later...

I installed this and it's not working. I mean it's popuping a box where I can put my user id and password and when I type my user id and password nothing happend. After 3rd time it's giving me a Authorization Required.

 

I don't have a dedicated ip address, may be this is a problem?

please help.

 

Thanks :(

Link to comment
Share on other sites

Fatal error: Failed opening required 'DIR_WS_INCLUDESauthen.php' (include_path='.:/usr/local/lib/php') in /home/mywebsite/web/admin/includes/application_top.php on line 16

 

there should be a point ( . ) between DIR_WS_INCLUDES and authen.php in the define on line 16 in your application_top.php.

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

i have the popup now for my admin dir i set my u/p to what i felt and tried it wall popup i put my info and 3 times and auth. req what is up here?

"If it is not broke Don't fix it/ If it is then fix it good the first time and you never have to fix it again."

 

If at first you can not figure it out ask in the forums or search then ask!

Link to comment
Share on other sites

Mattice wrote:

there should be a point ( . ) between DIR_WS_INCLUDES and authen.php in the define on line 16 in your application_top.php.

 

I copied the code exactly as BN wrote it:

// Open /admin/includes/application_top.php add the following code in

// include authentication user/password of administration

require(DIR_WS_INCLUDES . 'authen.php');

 

I tried pasting it in different sections of the application_top.php file - I've tried other "app top" files and I've tried other parameters with no luck. Seems like a pretty straight forward error, but I'm having difficulties with it yes.

Link to comment
Share on other sites

Found the answer!

 

When you make the authen.php file as instructed you need to change some text. This is that file.. You need to put your own chosen Shop name in two places. Whatever Admin user name you want and then whatever pwd you want,

 

// Save the following PHP codes as authen.php in /admin/includes/authen.php

<?php

 

if(!isset($PHP_AUTH_USER))

{ header('WWW-Authenticate: Basic realm="' . PUTYOURSHOPNAMEHERE . '"');

header('HTTP/1.0 401 Unauthorized');

echo $SERVER_NAME . ' Authorization Required.';

exit;

}

else

{ if (($PHP_AUTH_USER != YOUR USERNAME) || ($PHP_AUTH_PW != YOUR_PASSWORD))

{ header('WWW-Authenticate: Basic realm="' . SAMENAMEASABOVE. '"');

header('HTTP/1.0 401 Unauthorized');

echo $SERVER_NAME . ' Authorization Required.';

exit;

}

}

 

?>

 

Good Luck - worked for me anyway!

 

Ozstar 8)

Link to comment
Share on other sites

i tried that and it still did not work maybe it is because of me being on a windows box and not linux maybe?

"If it is not broke Don't fix it/ If it is then fix it good the first time and you never have to fix it again."

 

If at first you can not figure it out ask in the forums or search then ask!

Link to comment
Share on other sites

Fatal error: Failed opening required 'DIR_WS_INCLUDESauthen.php' (include_path='.:/usr/local/lib/php') in /home/mywebsite/web/admin/includes/application_top.php on line 16

 

I think that it doesn't matter what I do to the authen.php file yet (I did try it though) because I can't get past this error.

 

The first 20 lines of code in my application_top.php looks like this:

<?php

/*

 $Id: application_top.php,v 1.152 2002/08/11 22:56:14 hpdl Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

// Open /admin/includes/application_top.php add the following code in

// include authentication user/password of administration

 require(DIR_WS_INCLUDES . 'authen.php');

 

// Start the clock for the page parse time log

 define('PAGE_PARSE_START_TIME', microtime());

 

// Set the level of error reporting

 error_reporting(E_ALL & ~E_NOTICE);

etc, etc , etc.

 

Doesn't seem anything out of the ordinary?????

Link to comment
Share on other sites

Fatal error: Failed opening required 'DIR_WS_INCLUDESauthen.php' (include_path='.:/usr/local/lib/php') in /home/mywebsite/web/admin/includes/application_top.php on line 16

 

I think that it doesn't matter what I do to the authen.php file yet (I did try it though) because I can't get past this error.

 

The first 20 lines of code in my application_top.php looks like this:

<?php

/*

 $Id: application_top.php,v 1.152 2002/08/11 22:56:14 hpdl Exp $

 

 osCommerce, Open Source E-Commerce Solutions

 http://www.oscommerce.com

 

 Copyright © 2002 osCommerce

 

 Released under the GNU General Public License

*/

// Open /admin/includes/application_top.php add the following code in

// include authentication user/password of administration

 require(DIR_WS_INCLUDES . 'authen.php');

 

// Start the clock for the page parse time log

 define('PAGE_PARSE_START_TIME', microtime());

 

// Set the level of error reporting

 error_reporting(E_ALL & ~E_NOTICE);

etc, etc , etc.

 

Doesn't seem anything out of the ordinary?????

 

For some reason it doesn't see DIR_WS_INCLUDES as a define at that point in the script... try placing your authen include code BELOW the actual define('DIR_WS_INCLUDES', 'whatever'); or move that line up...

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Mattice Wrote:

For some reason it doesn't see DIR_WS_INCLUDES as a define at that point in the script... try placing your authen include code BELOW the actual define('DIR_WS_INCLUDES', 'whatever'); or move that line up...

 

So I pasted it after something that resembled define('DIR_WS_INCLUDES', 'whatever'); (it wasn't INCLUDES) and it worked but with two errors up top RE: cache problems. Then I moved it right down to around line 237 and it worked.

 

What you taught me Mattice is that in some instances it is really important where you place the script. I'm getting that there must be a sequence to events before a certain script will work. (which is common sense to me really now that I'm thinking about it.)

 

Lots of kind wishes to you and thanks once again. Your help is always well regarded. :D :wink: :D

Link to comment
Share on other sites

Nothing is working for me. Whoever created this should have noted where to place the code.

 

I am recieving this error:

Parse error: parse error in /home/www/html/catalog/admin/includes/authen.php on line 10

 

This is line 10:

 

{	header('WWW-Authenticate: Basic realm="' . My Store . '"');

 

I'm not getting a popup that everyone is talking about.

 

I was getting the same error PC eltr8 was getting but now I am getting the above.

Link to comment
Share on other sites

OK - 2 things I've learned:

1. Is the name you used "My Store" 2 seperate words - try one word like "Restricted".

 

2. This word (in my case I used "restricted") must be identical in the line earlier of the same code (for me it is line 4 - but if your error is on line 10 the other instance might be line 3 for you). Whatever, the author said clearly to write it twice (I think he used www. etc etc)

 

Lastly, I feel that since all code and help submitted in this forum is always at the good heart of those willing to help. I never assume that any code author kind enough to give up his own time "should have noted" anything. I find it is golden enough that they can at least get me started and I will find the answers with patience and grattitude.

 

Good luck :)

Link to comment
Share on other sites

Lastly, I feel that since all code and help submitted in this forum is always at the good heart of those willing to help. I never assume that any code author kind enough to give up his own time "should have noted" anything. I find it is golden enough that they can at least get me started and I will find the answers with patience and grattitude.

 

Yes it is nice for them to create things and share them with everyone, but I feel that if instructions are more to the point it will cut down on two page post such as this one.

I guess I am just use to people creating mods (or cotributions) for other programs where it tells you to insert this code between this or after that. Since the creator knows what he/she did it would be easier for everyone. I am thankful for programmers because I'm not one. This is a great script and I am glad that someone took the time to create it and on top of that...give it away for free. :wink:

Thank you PC for sharing what you've learned with me and everyone :)

Link to comment
Share on other sites

  • 1 month later...

sadly nothing I do seems to alter anything and I just keep getting.

 

Warning: Cannot add header information - headers already sent by (output started at /home/dcracing/public_html/admin/includes/authen.php:4) in /home/dcracing/public_html/admin/includes/authen.php on line 7

 

Warning: Cannot add header information - headers already sent by (output started at /home/dcracing/public_html/admin/includes/authen.php:4) in /home/dcracing/public_html/admin/includes/authen.php on line 8

www.dcracing.co.uk Authorization Required.

 

This looked like being the simpleest contrib to date I had installed but blow me down with a kipper its the only one I have failed with so far..................any ideas appreciated

Link to comment
Share on other sites

nevermind I got it to work for me... Finally! i've been working on it all day.

 

I have also got it working now........I think it was down to the authen file having spaces above the start of the PHP.

 

Others might like to comment or I might try and replicate it..but for now as I am so far behind I need to crack on with the store. :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...