monster061 Posted July 28, 2008 Share Posted July 28, 2008 Here is the deal, I had my site secured by changing admin into adminis and index to indexis. Now I secured the page with the login thing, and the login.php in admin works good. However when I go to http://adarkdesire.com/admin I can directly access the admin panel without entering usernames or passwords. How should I make the login page work like a real protector to the site ? I need to know this fast cuz my page is open :) The creator of www.futomart.com Link to comment Share on other sites More sharing options...
monster061 Posted July 28, 2008 Author Share Posted July 28, 2008 This is kinda urgent so please help ! The creator of www.futomart.com Link to comment Share on other sites More sharing options...
satish Posted July 28, 2008 Share Posted July 28, 2008 in configure.php file in admin. set define http and https both path as https://www.site.com and ssl as true so all pages of admin will be secured. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Guest Posted July 28, 2008 Share Posted July 28, 2008 Hi... I can't help you with the problem, but I can't access any page on your site.. just get your 404 error, which is very good by the way! So I (and I assume others) can't get into your admin. I tried yoursite.com/index.php, login.php and /admin and all redirected to your 404 page Link to comment Share on other sites More sharing options...
monster061 Posted July 28, 2008 Author Share Posted July 28, 2008 The configure.php did not work because i set values for true and I can still enter admin/index.php without having to enter any username or passwor :huh: I really dont know how to fix this, please help. The creator of www.futomart.com Link to comment Share on other sites More sharing options...
Guest Posted July 28, 2008 Share Posted July 28, 2008 going further on what I said above.. it appears I was wrong :s Can you post your configure.php file? Link to comment Share on other sites More sharing options...
Rajmahall Posted July 28, 2008 Share Posted July 28, 2008 This is kinda urgent so please help ! I just clicked the link above and got a 404 error page. Nothing that would let me try to login, etc. You may need to hit refresh in your browser to see changes recently made by you. You may also need to just be away from the site for 1/2 hour or more due to session tracking, i.e.: your session may need to expire before you will see different content. One option to consider, as far as protecting your admin, is to password protect the admin directory. Your hosting package should have some option to do this in the hosting account control panel under "Security Settings>Password Protect Directories". Not all hosting packages offer this option, but it is still doable. In Apache web server, there needs to be a special file named .htpasswd in the directory you want to protect. Basically, it will tell the web browser that there is a user/pass required to access the directory and pop up a box asking for it when people try to go there. There is special coding that needs to be in it and it is similar in concept to the .htaccess file. There are some online .htpasswd generators available online where you can: 1. Enter a user name/pass combination into a form and click "submit" or "go" or "generate" or something like that 2. Copy and paste the provided code into a text editor 3. Save the copied code as a file named .htpasswd 4. Upload the file .htpasswd to the directory you want protected with the user name/pass combination from step one. There's a couple of links below to .htpasswd generators listed below. http://home.flash.net/cgi-bin/pw.pl http://www.htaccesstools.com/htpasswd-generator/ The windows server usually has some sort of a server admin wizard on the local server machine where you can do things like password protect certain directories, though I can't say too much more about that, except "consult your webserver documentation". If someone tries to access a password protected directory and does not provide correct info, they should get a 403 error page. You can find out more using Google search for ".htpasswd", "password protect website directories", etc. PS: yes, it's a fun 404 page! ECommerce, Custom CMS, and Web Design from Chicago Creative Design Link to comment Share on other sites More sharing options...
monster061 Posted July 29, 2008 Author Share Posted July 29, 2008 going further on what I said above.. it appears I was wrong :s Can you post your configure.php file? This is the admin/includes/configure.php file <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.futomart.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.futomart.com'); define('HTTPS_CATALOG_SERVER', 'https://www.futomart.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/content/f/u/t/futomart061/html/'); // where the pages are located on the server define('DIR_WS_ADMIN', '/admin/'); // absolute path required define('DIR_FS_ADMIN', '/home/content/f/u/t/futomart061/html/admin/'); // absolute pate required define('DIR_WS_CATALOG', '/'); // absolute path required define('DIR_FS_CATALOG', '/home/content/f/u/t/futomart061/html/'); // absolute path required define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); I really don't know why the login is not required when accessing admin/index.php, maybe its something with the permisions Help. The creator of www.futomart.com Link to comment Share on other sites More sharing options...
satish Posted July 29, 2008 Share Posted July 29, 2008 well prior to RC1 and RC2 release oscommerce admin folder used to be protected by password protect folder using .htaccess. You need to protect YOur admin folder using .htaccess. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
monster061 Posted July 29, 2008 Author Share Posted July 29, 2008 well prior to RC1 and RC2 release oscommerce admin folder used to be protected by password protect folder using .htaccess. You need to protect YOur admin folder using .htaccess. Satish Thanks, can you please tell me what should I put in the .htaccess file in order to protect my admin area ? As for now I do not have a .htaccess in my directory :) Thanks in advance, this help is priceless The creator of www.futomart.com Link to comment Share on other sites More sharing options...
satish Posted July 30, 2008 Share Posted July 30, 2008 google password protect directory and You will get the links or go to dynamicdrive site. Ther You can generate the needed file. else ask Your hosting company How to protect a folder. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
lindsayanng Posted July 30, 2008 Share Posted July 30, 2008 umm, i'm not sure but i THINK you guys are helping someone hack!! THat site link that they gave adarkdesire.com belongs to webbydeb, and as far as i know, she is the ONLY one who runs that website. I am going to PM her and point her to this thread, but it seems really weird to me. and she is from MO (i thin) and this guy is from Macedonia? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted July 30, 2008 Share Posted July 30, 2008 adarkdesire.com is my domain. Monster61 is apparantly attempting to hack my website. Id like it if something were done about this guy. Link to comment Share on other sites More sharing options...
lindsayanng Posted July 30, 2008 Share Posted July 30, 2008 THAT IS REALLY FREAKY!! I'm glad you made it here to say something.. Did you look into your files and such to see what/ if anything was changed?? Maybe he just had your link saved to his clipboard and ACCIDENTALLY put your link instead?? i dont know.. because the configure site, all the paths say FUTOMART A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted July 30, 2008 Share Posted July 30, 2008 I have no idea, but I'd like him to explain himself. Link to comment Share on other sites More sharing options...
satish Posted July 30, 2008 Share Posted July 30, 2008 Just chek the IP of hacker and using htaccess block that IP from getting in. Also place site monitor contrib. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
monster061 Posted August 14, 2008 Author Share Posted August 14, 2008 Just chek the IP of hacker and using htaccess block that IP from getting in. Also place site monitor contrib. Satish Oh come on !!! LOL !!! I am not trying to hack your site I just used it as an example of how someone can enter my site. This is because I knew it was protected. Now everyone knows that futomart.com is not protected and maybe thats why no orders appear. So can someone now help me solve my problem or what ?!?! :) Thanks in advance, I would appretiate a prompt reply The creator of www.futomart.com Link to comment Share on other sites More sharing options...
satish Posted August 14, 2008 Share Posted August 14, 2008 You need to use .htaccess to password protect the folder or place admin access level contribution. Also just change the admin folder name and the value in configure file to amtch the admin folder value name. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.