Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Login.php works but does not secure the Index.php


monster061

Recommended Posts

Here is the deal,

 

I had my site secured by changing admin into adminis and index to indexis.

 

Now I secured the page with the login thing, and the login.php in admin works good.

 

However when I go to http://adarkdesire.com/admin I can directly access the admin panel without entering usernames or passwords.

 

How should I make the login page work like a real protector to the site ?

 

I need to know this fast cuz my page is open :)

The creator of www.futomart.com

Link to comment
Share on other sites

in configure.php file in admin.

 

set define http and https both path as https://www.site.com and ssl as true so all pages of admin will be secured.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Hi... I can't help you with the problem, but I can't access any page on your site.. just get your 404 error, which is very good by the way!

 

So I (and I assume others) can't get into your admin.

 

I tried yoursite.com/index.php, login.php and /admin and all redirected to your 404 page

Link to comment
Share on other sites

The configure.php did not work because i set values for true and I can still enter admin/index.php without having to enter any username or passwor :huh:

 

I really dont know how to fix this, please help.

The creator of www.futomart.com

Link to comment
Share on other sites

This is kinda urgent so please help !

I just clicked the link above and got a 404 error page. Nothing that would let me try to login, etc. You may need to hit refresh in your browser to see changes recently made by you. You may also need to just be away from the site for 1/2 hour or more due to session tracking, i.e.: your session may need to expire before you will see different content.

 

One option to consider, as far as protecting your admin, is to password protect the admin directory. Your hosting package should have some option to do this in the hosting account control panel under "Security Settings>Password Protect Directories". Not all hosting packages offer this option, but it is still doable.

 

In Apache web server, there needs to be a special file named .htpasswd in the directory you want to protect. Basically, it will tell the web browser that there is a user/pass required to access the directory and pop up a box asking for it when people try to go there. There is special coding that needs to be in it and it is similar in concept to the .htaccess file. There are some online .htpasswd generators available online where you can:

 

1. Enter a user name/pass combination into a form and click "submit" or "go" or "generate" or something like that

 

2. Copy and paste the provided code into a text editor

 

3. Save the copied code as a file named .htpasswd

 

4. Upload the file .htpasswd to the directory you want protected with the user name/pass combination from step one.

 

There's a couple of links below to .htpasswd generators listed below.

 

http://home.flash.net/cgi-bin/pw.pl

http://www.htaccesstools.com/htpasswd-generator/

 

The windows server usually has some sort of a server admin wizard on the local server machine where you can do things like password protect certain directories, though I can't say too much more about that, except "consult your webserver documentation".

 

If someone tries to access a password protected directory and does not provide correct info, they should get a 403 error page.

 

You can find out more using Google search for ".htpasswd", "password protect website directories", etc.

 

PS: yes, it's a fun 404 page!

ECommerce, Custom CMS, and Web Design from Chicago Creative Design

Link to comment
Share on other sites

going further on what I said above.. it appears I was wrong :s

 

Can you post your configure.php file?

 

This is the admin/includes/configure.php file

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.futomart.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.futomart.com');

define('HTTPS_CATALOG_SERVER', 'https://www.futomart.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/content/f/u/t/futomart061/html/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/content/f/u/t/futomart061/html/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_FS_CATALOG', '/home/content/f/u/t/futomart061/html/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

 

I really don't know why the login is not required when accessing admin/index.php, maybe its something with the permisions

 

Help.

The creator of www.futomart.com

Link to comment
Share on other sites

well prior to RC1 and RC2 release oscommerce admin folder used to be protected by password protect folder using .htaccess.

 

You need to protect YOur admin folder using .htaccess.

 

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

well prior to RC1 and RC2 release oscommerce admin folder used to be protected by password protect folder using .htaccess.

 

You need to protect YOur admin folder using .htaccess.

 

 

Satish

 

 

Thanks, can you please tell me what should I put in the .htaccess file in order to protect my admin area ?

 

As for now I do not have a .htaccess in my directory :)

 

Thanks in advance, this help is priceless

The creator of www.futomart.com

Link to comment
Share on other sites

google password protect directory and You will get the links or go to dynamicdrive site.

 

Ther You can generate the needed file.

else ask Your hosting company How to protect a folder.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

umm, i'm not sure but i THINK you guys are helping someone hack!! THat site link that they gave adarkdesire.com belongs to webbydeb, and as far as i know, she is the ONLY one who runs that website.

 

I am going to PM her and point her to this thread, but it seems really weird to me. and she is from MO (i thin) and this guy is from Macedonia?

A great place for newbies to start

Road Map to oscommerce File Structure

DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways!

 

HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you

 

Proud Memeber of the CODE BREAKERS CLUB!!

Link to comment
Share on other sites

adarkdesire.com is my domain. Monster61 is apparantly attempting to hack my website. Id like it if something were done about this guy.

Link to comment
Share on other sites

THAT IS REALLY FREAKY!! I'm glad you made it here to say something..

 

Did you look into your files and such to see what/ if anything was changed?? Maybe he just had your link saved to his clipboard and ACCIDENTALLY put your link instead?? i dont know.. because the configure site, all the paths say FUTOMART

A great place for newbies to start

Road Map to oscommerce File Structure

DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways!

 

HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you

 

Proud Memeber of the CODE BREAKERS CLUB!!

Link to comment
Share on other sites

Just chek the IP of hacker and using htaccess block that IP from getting in.

 

Also place site monitor contrib.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

  • 2 weeks later...
Just chek the IP of hacker and using htaccess block that IP from getting in.

 

Also place site monitor contrib.

 

Satish

 

Oh come on !!! LOL !!!

 

I am not trying to hack your site I just used it as an example of how someone can enter my site. This is because I knew it was protected.

 

Now everyone knows that futomart.com is not protected and maybe thats why no orders appear.

 

So can someone now help me solve my problem or what ?!?! :)

 

Thanks in advance, I would appretiate a prompt reply

The creator of www.futomart.com

Link to comment
Share on other sites

You need to use .htaccess to password protect the folder or place admin access level contribution.

 

Also just change the admin folder name and the value in configure file to amtch the admin folder value name.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...