.htaccess/.htpasswd_oscommerce

[FantasyArt]

I am having problems securing my admin side of the site. I had recently had it all secured with the .htaccess/.htpasswd_oscommerce setup. It was fine until I got an SSL Certificate installed by my Host which then gave us more problems then benefits so we oped to remove it for awhile. After it was removed the Red bar stating that the .htaccess & .htpasswd_oscommerce had to be written came up again. I have tried to change the permission on the .htaccess & .htpasswd_oscommerce to 777 and followed the information that came up in Red, deleting the section of information on the .htaccess and deleting the .htpasswd_oscommerce file.

 

Once I did this it just goes back to the same Red bar again saying that the files had to be written. I have attached a screen shot of the Red Bar that I am referring to, hopefully this will help with solving the problem.

 

Before someone states that I shouldn't have removed the SSL Certificate, I know this and am going to place it back onto the site once this issue is resolved and find how to set it up on specific pages instead of the whole site.

 

Would appreciate all the help I can receive on this topic.

[Guest]

@@FantasyArt

 

Change the file permissions to 644 so osCommerce can write the changes to them. Currently, they are not writable so osCommerce can't secure the admin side.

 

 

 

Chris

[FantasyArt]

Have done what you suggested and still goes back to what it said before, e.g. Attached thumbnail.

 

Don't know what to do.

[Guest]

@@FantasyArt

 

That should have worked. I suggest using your cpanel file manager to set .htaccess protection if you can't get osCommerce .htaccess protection working.

 

 

 

Chris

[FantasyArt]

I am changing the permission through the cpanel file manager through our host. Is this what you are referring to?

[Guest]

@@FantasyArt

 

Sure, you can use the file manager to change permissions but you can also set directory protection from the file manager, instead of using the osCommerce .htaccess protection.

 

 

 

Chris

[FantasyArt]

Ok not sure how I would do that, could you please refer me to instructions somewhere or tell me how to do it? Sorry am a novice at all this, have been using it since November last year so and only know the basics... Don't even know how to merge the files.

[Praful Kamble]

@@FantasyArt

 

 

Add below code to your .htaccess file of admin:

 

AuthType Basic

AuthName "restricted area"

AuthUserFile /home5/fantata1/public_html/.htpasswd

require valid-user

 

 

Then create a .htpasswd and place it at root level (/public_html)

 

write your user name and encrypted password in belwo format (username and password seperated by :):

 

username:encrypted password

 

Note:

 

Delete/rename the existing htaccess file in admin and htpasswd_oscommerce file.

 

This code is having your real root path, taken from screenshot you have attached above.

 

 

Thanks!!

 

Praful

[FantasyArt]

Tried what you stated here @@Praful Kamble but still getting the same as the screenshot.

 

This is the .htaccess file below. Maybe this will help sort out all this stuff.

 

 

# $Id$

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

#<IfModule mod_setenvif.c>

# <IfDefine SSL>

# SetEnvIf User-Agent ".*MSIE.*" \

# nokeepalive ssl-unclean-shutdown \

# downgrade-1.0 force-response-1.0

# </IfDefine>

#</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

 

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

 

# php_value session.use_trans_sid 0

# php_value register_globals 1

 

AuthType Basic

AuthName "restricted area"

AuthUserFile /home5/fantata1/public_html/.htpasswd

require valid-user

 

AuthUserFile "/home5/fantata1/.htpasswds/public_html/store/admin/passwd"

 

Still getting the error in the screenshot in the first post.

[Praful Kamble]

@@FantasyArt

 

Is this .htaccess is from admin side?

 

Create an .htaccess file and put the below code

 

AuthType Basic

AuthName "restricted area"

AuthUserFile /home5/fantata1/public_html/.htpasswd

require valid-user

 

and place .htpasswd file at root level (/public_html)

[FantasyArt]

Hope this doesn't come across ad dumb as it sounds to me but is that all the code I put into the .htaccess file and do I place it in the same position as the other one that the post earlier was referring to?

 

@@Praful Kamble If you look at the screenshot you will see the location of the .htaccess file. The above text is what is located in that .htaccess file. Unsure whether to place the .htaccess and .htpasswd_oscommerce in the root level as mentioned above and to whether I call it .htpasswd or .htpasswd_oscommerce?

[Praful Kamble]

@@FantasyArt

 

Rename .htpasswd_oscommerce files.

 

.htaccess: place it in admin folder

.htpasswd: place it at root level.

[FantasyArt]

Still having an issue with this... it either comes up with a 500 Server Error or sends me round and round all the time. Have set everything back to the way it was so I can at least login to the admin side of the site.

 

Any help would be great at this time as its starting to drive me nuts.

[enagyzer]

@@FantasyArt

 

I had a similar issue that just drove me nuts.

What I did was use some of the advice above and created a .htpasswd_oscommerce file under admin and put in

 

username:encrypted password

[Praful Kamble]

@@enagyzer

 

paste the htaccess rule here.

[enagyzer]

@@Praful Kamble

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home4/xxxxxx/public_html/myoscommercefolder/admin/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

[Praful Kamble]

@@enagyzer

 

Please go through the above conversation.

[enagyzer]

This is in response to the issue: .htaccess/.htpasswd_oscommerce

 

To keep it simple, all I did was to create .htpasswd_oscommerce with the code: username:encrypted password

I then, uploaded it to catalog/admin

 

The .htaccess rule above is generated automatically in the .htaccess so no need to paste it in there

[FantasyArt]

@@enagyzer and @@Praful Kamble when you say to place username:encrypted password do I put in the username I use to log into the site followed by the password I use to log into the site?

 

Or do I just put username:encrypted password

 

Thanks for the help.

[enagyzer]

dont put your username.

Just put the text : username:encrypted password

[diaza]

Hi @@FantasyArt

 

Where you able to fix the problem? I'm having the same issue! I tried all different ways suggested on this post and didn't work for me.

 

What finally worked for you?

 

Best regards

[FantasyArt]

Hi @@diaza

 

Unfortunately I was unable to get this working with all the information that the others have provided, to this day it is still an issue with our site.

 

If you find a solution I would be very happy to hear what you did to fix it please.

 

Best of luck and hope you are able to solve it.