Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Unable to login to admin.


Recommended Posts

Hello all.

 

I have just restored my DB and shop from a recent backup.

 

Now I am unable to login to admin.

 

I followed the instructions by @raiwa contained here.

https://www.oscommerce.com/forums/topic/409939-osc23-htpasswd_oscommerce-unable-to-login-to-admin/

 

but I am still unable to access admin, I get this message,

Forbidden            You don't have permission to access /RAC_Shop/*********/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I noticed in the admin/.htaccess file there were two OSCOMMERCE ADMIN PROTECION files, and the line of text between them, I deleted the second, (as it was similar to the one in the link above), do I need to delete the first one too? and what about the text between?

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthName "osCommerce Online Merchant Administration Tool"

##### OSCOMMERCE ADMIN PROTECTION - END #####

AuthUserFile "/home/*******/.htpasswds/public_html/RAC_Shop/*********/passwd"

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####

AuthType Basic

AuthName "osCommerce Online Merchant Administration Tool"

AuthUserFile /home/*******/public_html/RAC_Shop/*********/.htpasswd_oscommerce

Require valid-user

##### OSCOMMERCE ADMIN PROTECTION - END #####

Thanks in advance, Shaun

BS Edge 07/17

Link to comment
Share on other sites

Link to comment
Share on other sites

Hello Rainer, thanks for your prompt reply. What about the line between them?

34 minutes ago, RAC said:

AuthUserFile "/home/*******/.htpasswds/public_html/RAC_Shop/*********/passwd"

Shaun

 

Link to comment
Share on other sites

error log

[09-Feb-2018 12:25:31 Europe/London] PHP Warning:  mysqli_connect(): (28000/1045): Access denied for user '*******'@'localhost' (using password: YES) in /home/*******/public_html/RAC_Shop/includes/functions/database.php on line 20

 

Line 20

$$link = mysqli_connect($server, $username, $password, $database);

I have not been asked for password, as in the error log.

I have also used a Tor browser, that obviously holds no data, still no joy!

Link to comment
Share on other sites

then there is something wrong with your configuration file.

Please try to recover a working backup of your includes/configure.php files and restore them or your database server is down.

 

Link to comment
Share on other sites

OK shop-side is now working, as Rainer stated it was an error in the includes/configuration file.

There is still no joy on the admin side, any further suggestions?

I will retrace my steps again from my first post forum and post any findings.

 

Link to comment
Share on other sites

I have been wracking my tiny brain to find the problem.

I have compared the current restored database with the saved database using WinMerge and it seems that the restored database, is only 2/3's of the stored database.

The backed up sql file that I am trying to restore is only 640kb, (yes, less than 1MB), but the one that has been restored is only 420kb.

I have done this three times with the same result.

To restore I used phpmyadmin, I select the current DB, scroll to bottom, check all, click "with selected" and then "drop", yes to confirm, the database has now gone. I click Import, select the saved file, and click go, after a short while green successful bar is shown.

Where am I going wrong?

Do I need a brain transplant?

 

Link to comment
Share on other sites

Still no joy in accessing admin error message reads:

Forbidden      

You don't have permission to access /RAC_Shop/*******/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I followed @raiwa instructions, but the last bit I am confused with, when I try to enter admin I get the above forbidden message. 

 

Link to comment
Share on other sites

could you post your admin .taccess and your admin/includes/configure.php

Make sure to remove sensitive information like the full directory path and database credentials.

Link to comment
Share on other sites

Admin .htaccess

 

# $Id$

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

#   AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

#<IfModule mod_setenvif.c>

#  <IfDefine SSL>

#    SetEnvIf User-Agent ".*MSIE.*" \

#             nokeepalive ssl-unclean-shutdown \

#             downgrade-1.0 force-response-1.0

#  </IfDefine>

#</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

 

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

 

# php_value session.use_trans_sid 0

# php_value register_globals 1

 

 

admin/includes/configure.php

 

<?php

  define('HTTP_SERVER', 'http://www.retro-antiques-curios.co.uk');

  define('HTTPS_SERVER', 'http://www.retro-antiques-curios.co.uk');

  define('ENABLE_SSL', false);

  define('HTTP_COOKIE_DOMAIN', '');

  define('HTTPS_COOKIE_DOMAIN', '');

  define('HTTP_COOKIE_PATH', '/RAC_Shop/**');

  define('HTTPS_COOKIE_PATH', '/RAC_Shop/***');

  define('HTTP_CATALOG_SERVER', 'http://www.retro-antiques-curios.co.uk');

  define('HTTPS_CATALOG_SERVER', 'http://www.retro-antiques-curios.co.uk');

  define('ENABLE_SSL_CATALOG', 'false');

  define('DIR_FS_DOCUMENT_ROOT', '/home/**/public_html/RAC_Shop/');

  define('DIR_WS_ADMIN', '/RAC_Shop/****/');

  define('DIR_WS_HTTPS_ADMIN', '/RAC_Shop/admin/');

  define('DIR_FS_ADMIN', '/home/**/public_html/RAC_Shop/**/');

  define('DIR_WS_CATALOG', '/RAC_Shop/');

  define('DIR_WS_HTTPS_CATALOG', '/RAC_Shop/');

  define('DIR_FS_CATALOG', '/home/***/public_html/RAC_Shop/');

  define('DIR_WS_CATALOG_IMAGES', '../images/');

  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

  define('DB_SERVER', 'localhost');

  define('DB_SERVER_USERNAME', '***');

  define('DB_SERVER_PASSWORD', '***');

  define('DB_DATABASE', '***');

  define('USE_PCONNECT', 'false');

  define('STORE_SESSIONS', 'mysql');

  define('CFG_TIME_ZONE', 'Europe/London');

?>

Link to comment
Share on other sites

Hi Christoph, nice to hear from you again.

The ssl was installed a couple of weeks ago but I have not configured it yet. The site was working fine until a couple of days ago.

Do you think it would be worth configuring this now? 

Shaun

Link to comment
Share on other sites

I can't see anything wrong in the posted files. You should check if there are any additional prodtections and/or redirects added from your hosting/cpanel. You could check this with your hosting.

Also try to find out what exact has been changed since it was working correct.

Link to comment
Share on other sites

All sorted!

You were right Rainer, my host chat found there was an issue with the under construction redirect.

Thanks @raiwa and @beerbee You are stars.

So all I need to do is alter the two configure.php files to complete the ssl setup?

Shaun

Link to comment
Share on other sites

@RAC

I think the best practice now would be to go totally ssl which means regarding to the two configure files set both HTTP_SERVER and HTTPS_SERVER to https://yoursitewhatever as e.g. google plans for chrome to give a warning on every non ssl site from july on.

Additionally depending on which kind of server you are there are differing ways to force ssl for everybody visiting your site using http://. have a read: 

 

Best regards

Christoph

Link to comment
Share on other sites

Thank you for the link Christoph, I will have a good look at this before I configure the ssl. 

I saw somewhere there was a problem with images and links needing to be renamed, can this be done with .htaccess? Hopefully it will be mentioned in the above.

Thanks again for your time.

Regards Shaun

Link to comment
Share on other sites

1 hour ago, RAC said:

I saw somewhere there was a problem with images and links needing to be renamed, can this be done with .htaccess?

This can be the case with hardcoded links and as far as I know .htaccess won't do the trick, but it is not so hard to get rid of them. If you get a mixed content warning about insecure loaded elements, you could look at the page source in your browser and there search for http:  and then adjust your code. You could also use Firefox and press ctrl+shift+e to start network analysis and find insecure elements.

Best regards

Christoph

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...