martinstan Posted December 17, 2009 Posted December 17, 2009 Hi I've searched high and low but can't seem to find an answer to this so would appreciate some help. On a recent installation I've noticed that there is now a built in login to the admin area. I used to just password protect the admin folder through my hosting company which is the method I prefer. Is there a way to disable the built in setup? Many thanks Martin
FIMBLE Posted December 19, 2009 Posted December 19, 2009 Apply this http://github.com/haraldpdl/oscommerce2/commit/569917f654edab2b07bf61ab8caf2764ba1457c4 to your code, you will only have to log into your admin once then. Both passwords and usernames must be the same or it will not work. Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions
martinstan Posted December 19, 2009 Author Posted December 19, 2009 OK Thanks. I'll have a look. Martin
_Patches_ Posted December 16, 2011 Posted December 16, 2011 I understand that this topic is around 2 years old, but since I found it via Google and we're still using osC, I thought I'd post a different solution that some might find helpful. In our case, we have password-protected our entire admin folder using .htaccess and required SSL. This is far more secure than the built-in osCommerce authentication and is highly recommended rather than relying on that. Because of this, the osC auth was redundant and often broke modules for us, and we wanted to truly remove it. The solution above does not remove the authentication. It attempts to get osCommerce to bypass it autmoatically for you by scripting a login sequence using the existing credentials. If you look at the github link (and you can read PHP code), you'll see that this solution involves dancing around an if block in the application_top file that actually requests the authentication. If you simply delete or comment out that entire if-block, however, the authentication is truly removed. Please be aware that if you do this, you will be removing a layer of security from your admin panel, and you should have something already in place (like the .htaccess method I mentioned) before you attempt this! In layman's terms, the solution is this: Open up the file /catalog/admin/includes/application_top.php (using some combination of an FTP program and file editor, or the default file editor on your web host). Scroll down to around line 133 (this is approximate and depends on modifications to your code as well as osC version), where you should see this line:if (!tep_session_is_registered('admin')) { That is the beginning of the if block you need to get rid of. If you have a nice enough PHP editor, it will highlight the closing bracket for you. If you don't, it should run down to the curly brace ( } ) following the line reading unset($redirect); approx. 20 lines later. You can delete this code (make sure you have a backup in case this doesn't work for you!), but an even safer way is to simply comment it out using PHP multiline comments. /* This is how you demarcate a multiline PHP comment. */ Remember that everything between those markings are ignored, so make sure you only comment out the code you don't want! To sum up, you should start with a code block like this: if (!tep_session_is_registered('admin')) { ... ... ... unset($redirect); } and end up like this: /* if (!tep_session_is_registered('admin')) { ... ... ... unset($redirect); } */ Hope that helps!
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.