Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Password Protection


ezradavis72

Recommended Posts

Guys I need some help, I have built a site threw with bluevoda www.cabincreekco.com I have added a OScommers site onto the web site under a file "Store".

 

 

Here is what I need to do. I need to password protect the store file. This store is only for dealers so they plan on giving the dealers a password to get into the store.

But last time I tried to do this it messed up the password on the admin site for the store. Can i get some help on this?

 

So in short. I went into my Cpanel and password protected the file "Store" That worked but it did somehting to the Admin also. I could not get into the admin after that.

Link to comment
Share on other sites

You would need to log in to the "Store" and then if you had activated the htaccess on the admin you would need to log in again with a different user and password.

 

Otherwise could you be more specific about what "somehting" actualy is?

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Hi,

 

Surely if you password protect a directory in Cpanel in this case STORE can not for understand why this would then effect the

 

Store/admin.

 

Were you able to access the admin log in page???

 

Regards

Joli

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

Hi,

 

Surely if you password protect a directory in Cpanel in this case STORE can not for understand why this would then effect the

 

Store/admin.

 

Were you able to access the admin log in page???

 

Regards

Joli

 

Yes you can access the Admin after putting in the STORE. username and password. But the admin username and password don't work anymore.

Link to comment
Share on other sites

You would need to log in to the "Store" and then if you had activated the htaccess on the admin you would need to log in again with a different user and password.

 

Otherwise could you be more specific about what "somehting" actualy is?

 

Cheers

 

G

 

Well I would love to tell you what that "Something" is if I new. All I know is there was one username and password for the store and after I password protected the file "Store" it would not work anymore.

Link to comment
Share on other sites

oh oh I think I can repeat the problem just testing (w00t) in cpanel

 

So I set up a dumby store in my cpanel and set a username and password in the admin. Then I password protected the file and as soon as you try to go into the admin after that. You click the link for admin and you are asked for the user name and password for the file. You put it in and you go to the admin sign in page and it says at the top

Error: Invalid administrator login attempt.

This is even before you put your info in

Link to comment
Share on other sites

No wait a while this is a bit weird trying to isolate the cause !!!

 

Never this before seen before maybe my mistake but may be a.... Bug.... (w00t) .... I seem to be able to repeat this.

 

I am quite sure this can be resolved by manually changing the .htaccess files

 

but should not be necessary and as said maybe just my mistake it should be possible in Cpanel to password protect directory's without effecting/affecting the /admin.

 

wait a few hours and then we will see.

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

No wait a while this is a bit weird trying to isolate the cause !!!

 

Never this before seen before maybe my mistake but may be a.... Bug.... (w00t) .... I seem to be able to repeat this.

 

I am quite sure this can be resolved by manually changing the .htaccess files

 

but should not be necessary and as said maybe just my mistake it should be possible in Cpanel to password protect directory's without effecting/affecting the /admin.

 

wait a few hours and then we will see.

 

Ok I am waiting and thank you so much for your help

Link to comment
Share on other sites

Just a note from playing around with this, If you password protet the file with the same password and username as the admin. It works. But there the same. I assume that when you password protect the file with a different username and password it screws it all up

Link to comment
Share on other sites

Hi managed to lock myself of a demo site testing cpanel password protection

 

AuthName "demo1"

AuthUserFile "/home/xxxxxx/.htpasswds/public_html/demo1/passwd"

AuthType Basic

require valid-user

 

so lets see :) have to get back in now

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

Yeah I locked myself out too. I am not having any luck resetting it. Not sure where to go.

I even uninstalled the store and reinstalled it useing the same file name and stuff. Still locked out. So that tells me its coming from the web site not the store. After reinstalling it on a diffrenct file name I was able to get back in. Then I tried useing the same user name and passward as the admin to lock the file and that works. But that kind of sucks

Link to comment
Share on other sites

The main .htaccess file will be found in the root folder

 

secondary there are a few

 

but interesting is Store/.htaccess

and Store/admin/.htaccess

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

back in again after you empty make sure you remember to clear the browser cache Firefox internet explorer or whatever

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

Yeah I locked myself out too. I am not having any luck resetting it. Not sure where to go.

I even uninstalled the store and reinstalled it useing the same file name and stuff. Still locked out. So that tells me its coming from the web site not the store. After reinstalling it on a diffrenct file name I was able to get back in. Then I tried useing the same user name and passward as the admin to lock the file and that works. But that kind of sucks

 

Sorry changes are made in phpmyadmin (your control panel) just empty the

 

administrators table

action_recorder table

 

not sure if the second is necessary just do for security

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

Anything in an .htaccess file applies to everything inside the directory it is in. That includes subdirectories. So now you have your top-level Store directory that contains an .htaccess file with an AuthType password requirement. Then, inside that directory you have another directory (admin or whatever you named it) with another .htaccess file with its own AuthType requirement. There is no way this is not going to conflict. I can see two possible solutions:

 

1. Move your admin directory out of the Store directory. Change the paths in the admin/includes/configure.php to reflect this change. I've done this before and it works.

 

2. Look at the SPPC addon combined with an account approval addon. This allows you to show prices and allow checkout only to logged in customers, where you control the login passwords. Of course anybody can see the product, but they can't buy unless you allow them to have an account. This is a more complicated solution, so I would prefer #1, but it's your choice.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Anything in an .htaccess file applies to everything inside the directory it is in. That includes subdirectories. So now you have your top-level Store directory that contains an .htaccess file with an AuthType password requirement. Then, inside that directory you have another directory (admin or whatever you named it) with another .htaccess file with its own AuthType requirement. There is no way this is not going to conflict. I can see two possible solutions:

 

1. Move your admin directory out of the Store directory. Change the paths in the admin/includes/configure.php to reflect this change. I've done this before and it works.

 

2. Look at the SPPC addon combined with an account approval addon. This allows you to show prices and allow checkout only to logged in customers, where you control the login passwords. Of course anybody can see the product, but they can't buy unless you allow them to have an account. This is a more complicated solution, so I would prefer #1, but it's your choice.

 

Regards

Jim

 

So can I take the Admin file and move it back to PUBLIC HTML file?

Also I am not sure what you mean by changing the path to reflect that. Can you ilabarate some. I am new at this and still learning. Thanks for your help

Link to comment
Share on other sites

@@kymation

 

Hi Jim,

 

As Sean's said

 

I ran a quick test

 

Cpanel password on catalog (named store) no .htaccess protection on admin it was a test on a demo shop.

 

I got locked out but will test again in case my mistake

 

eventually had to empty the

 

administrators table

 

action_recorder table ( not sure just done anyway)

 

does that mean in your opinion it is not possible to protect a store root from the control panel without effecting the admin? log in

 

OK if there is an additional .htaccess in admin (to be honest no idea the effect would be ) sure you know better but I had no .htaccess protection in admin

To improve is to change; to be perfect is to change often.

 

Link to comment
Share on other sites

@@ezradavis72 Yes, it should go in public_html. In the configure.php, look for anything that includes Store/admin and change it to just admin. Actually, you should change admin to something else and then replace Store/admin with your new name. Then change the name of the admin directory to match your new name. Don't tell us hat that new name is; it's for security reasons.

 

@@joli1811 The osCommerce admin security code looks for a .htaccess password requirement and then attempts to log you into the admin using that username/password. Obviously this is not going to work. You could strip the security code out of the admin if you wanted to do this, but the passwords in the two different .htaccess files would still conflict. Moving the admin is by far the easiest solution, and more secure than the stock layout if done properly.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...