Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Store index.php pops up the Admin login


Guest

Recommended Posts

My store is at jgsstore.com - when you click the enter button you get a request for you to enter the admin username/password. The store worked great in the 'sandbox' as well as 'live' (we just went live yesterday) until today and now this. Can any tell me what to do to stop this? Thank you for reading.

Link to comment
Share on other sites

Gloria,

 

 

Well, the IP trap worked.....lol

 

 

You have an .htaccess script in the catalog side of your server which is triggering the .htaccess protection. Remove the protection script in the root .htaccess file

 

 

 

 

Chris

Link to comment
Share on other sites

Yes I installed it but I never had the problem for at least 24 hours- but yes great to know it works lol

 

But you lost me- are you saying I should delete the public_html/store/.htaccess file? And thank YOU!!!

Link to comment
Share on other sites

UPDATE: all of a sudden, at least for me, in firefox, this error seems to have stopped. However, errors do not normally fix themselves so I checked internet explorer and I am still getting the popup asking for admin credentials.

 

I have also been approached by [email protected] (Kaylan) - I can only assume they want money- else I would imagine they could have simply helped me here.

 

Can anyone at all help me on this- please as my partner just keeps adding products to a store there is no way we can possibly use like this.

Link to comment
Share on other sites

Is this login in a popup box or on a page? If it's the popup, look for this code (or something similar) in your root .htaccess file:

AuthUserFile /path/to/admin/.passwd
AuthName     "Protected"
AuthType     Basic
<Limit GET POST PUT>
require valid-user
</Limit>
<Files .passwd>
deny from all
</Files>

If that code exists, delete or comment it out and save.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Thank YOU! for getting back with me- perhaps this file is the problem- to me my entire .htaccess appears to be commented out- that is what the # sign is for?? --- this is it....

 

# $Id: .htaccess 1739 2007-12-20 00:52:16Z hpdl $

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

#<IfModule mod_setenvif.c>

# <IfDefine SSL>

# SetEnvIf User-Agent ".*MSIE.*" \

# nokeepalive ssl-unclean-shutdown \

# downgrade-1.0 force-response-1.0

# </IfDefine>

#</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

 

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

 

# php_value session.use_trans_sid 0

# php_value register_globals 1

Link to comment
Share on other sites

That sounds like a .htaccess security popup, but there's nothing in that .htaccess. Yes, everything is commented out. Is your store in the root? If it's installed in a subdirectory, check that as well as the site root.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

No it is jgsstore.com/store/ --within the store folder is the only .htaccess I have --none in true root There is however, the robots.txt file that the directions for the IP trap told me to put it in the root --"needs to be in the ROOT of your store regardless where your actual store is' --the contents of that file are...

 

User-agent: *

Disallow: /store/includes/

Disallow: /store/cgi-bin/

Disallow: /store/personal/

Disallow: /store/admin/

 

NOTE: the /store/admin/ is not the real admin apparently. The /store/personal/ folder nor the /store/cgi-bin/ actually even exist.

 

Doing a search has also revealed there to be an .htaccess file in the /store/includes/ folder -- all is commented out except..

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

 

And still searching, I have found another .htaccess file in /store/my-real-admin/ folder (again, of course my-real-admin is not a real folder) and at the bottom is something similar to what you said to begin with....

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home/jgsstore/public_html/store/my-real-admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

 

And again, thank YOU!!! for all your time and trouble!!

Link to comment
Share on other sites

That last chunk of code is what osCommerce uses to protect your Admin. That's what causes the login popup to appear. Normally I would expect this to be in the site root or your store/ folder. It would have to be in the .htaccess file to work.

 

The popup is showing "osCommerce Online Merchant Administration Tool" which leads me to believe it is a copy of the .htaccess from the Admin side. If that .htaccess is not in the store root, then it must be in a subdirectory somewhere. Look through all of the subdirectories for .htaccess files and examine them all for the code you posted (or something similar.) Some subdirectories should have .htaccess files, but none of them should include that code.

 

An easy way to do that is to search for text in all of your files using the search term "AuthType Basic". Your editor or computer operating system has a search feature that will do this for you.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

The .htaccess in the admin folder should not affect the store. If that was truly the case, you have a serious problem with your installation. You need to find out what part of your store is calling content from the admin side and fix that.

 

If you removed the .htaccess protection from your real admin, you have left your site open to hacking. This is very bad. Don't leave your admin unprotected.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

I would not even know where to begin but yes the .htaccess file I 'fixed' was def in my real admin folder. So yea I have no clue where to look since there's not one in my /store/ folder. All was fine until I installed the IP trap - maybe I should go back and remove the comment marks in the admin/.htaccess file - then remove the IP trap stuff?

Link to comment
Share on other sites

It's possible that your IP Trap is causing the problem. I haven't used that code so I don't know where it might have gone wrong. You should ask in the support thread for that Addon.

 

And yes, by all means put the .htaccess protection back on your real admin folder as soon as you can.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Thank you again, I fixed the admin .htaccess file which immediately caused the popup admin login again. I then completely removed the IP trap which was very simple since it did not overwrite any files to begin with. Unfortunately I am still getting the admin popup login. If it is not something that has occurred 'easily' within the admin area due to some nutty change, then I really don't have a clue.

Link to comment
Share on other sites

Yes, something on the catalog side has to be including an image or some other file from the admin side. First, check your includes/configure.php for any references to your admin folder name. If you don't find it there, do a text search for that name through the entire catalog side of the store. Somewhere in there you will find a reference to your admin.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Yes, something on the catalog side has to be including an image or some other file from the admin side. First, check your includes/configure.php for any references to your admin folder name. If you don't find it there, do a text search for that name through the entire catalog side of the store. Somewhere in there you will find a reference to your admin.

 

Regards

Jim

 

 

You mean like inadvertently replacing the catalog/includes/configure.php with the catalog/"admin"/includes/configure.php ?

My store is currently running Phoenix 1.0.3.0

I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 )

I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary

Link to comment
Share on other sites

The config files - I can easily tell they are in their proper place due to the one in the admin calling on the admin folder-- the config file in the store/includes does not. How do I search WITHIN files on windows 7 --I do not see a way to do that - I tried tools/folder options/search tab and chose to always search file names and contents --but if that's right, it did not reveal my admin folder.

Link to comment
Share on other sites

I don't know Windows 7 so I can't give specific instructions. What you did sounds right. Did the search find the new Admin folder itself?

 

There could also be something in the .htaccess file in the store root. Try renaming that temporarily and see what happens.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

We had already determined it was not the .htaccess file as everything in it has been commented out. But what is strange, is that so far today the pop-up has not been there. I do not know what is going on- all seems very fishy somehow. I am reinstalling to yet another different folder -hoping the backup actually works and then if it does, and this mess starts again, I really don't see any choice but to use another cart software product. Thanks all - especially JIM!

Link to comment
Share on other sites

Sorry, I sometimes forget what I've said in a thread. It comes from trying to do several things at the same time, a task that programmers are particularly unsuited for.

 

I'm out of ideas at this point. I've never seen a problem like this come and go, nor have I seen one that isn't caused by some attempt to pull content from the protected admin folder.

 

Given all that, I can't believe that osCommerce is at fault. I've installed and modified dozens of installations of osC, and there are many more that others have done here, all without having this problem. I'm beginning to wonder if your host has somehow messed up their server. That's far more likely than osCommerce being the culprit.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...