Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

password protect the admin


Guest

Recommended Posts

Posted

Hi,

I wonder why the admin part of osCommerce is not password protected. I know I can use .htaccess to secure my directory, but I think it is not the best solution.

 

Is somebody working on a module or is it planned to include an authentication for the whole password script?

 

Marian

Posted

I have my admin password protected with .htacess and secured with ssl.

 

This is what is happening.

 

When I go to the admin:

http://205.214.81.168/~mykeep/catalog/admin/

 

I log in and the browser asks me to do it twice before it lets me in.

 

Then, when I click on any of the choices in the blue admin menu, it asks for the password again. I think this is because I am using a shared ssl certificate.

 

Now besides the little inconveniences above. My client cannot get past the login to the ssl pages. I comes back with the login box with the username in place, and the password blank. She types in the password and up it pops again. Won't accept her login. I login from here with her username and password and it goes right in.

 

I know she might be doing it wrong, but she has all the right answers. LOL

 

She has AOL :cry:

 

Any ideas?

 

Tracy Gibson

Posted

Sorry for the double post, but I needed to correct the IP address and this forum does not allow me to edit my own posts.

 

Tracy

Posted

re-asking for authentication usually comes when switching between ssl and non-ssl modes.

 

usually you can "install" a certificate and make it always accepted... that should at least kill the security warning.

 

if you're using mod_rewrite then please be sure your links point to https and ssl mode is enabled at config... otherwise you'll run into redirect chaos :)

Posted

I figured that was the reason that we had to re-enter the password.

 

But I wonder why she cannot get in, but I can, using the same username and password.

 

Emmtee wrote:

if you're using mod_rewrite then please be sure your links point to https and ssl mode is enabled at config... otherwise you'll run into redirect chaos

 

I don't know if I am using mod_rewrite, I don't even know what that is. I had the ssl enabled in configure.php, but I had to take it off while my client enters her products. Then I will put it back when we go live, but she won't be able to get into the admin. Maybe I should send her there with the https link in the first place.

 

Tracy Gibson

Posted

how about showing us the first third of your configuration ...

 

and yes, send her the https link direktly

 

hint: if your cert it not 100% trusted (= you paid lots of money to some rootCA to claim that your're yourself) then her browser's security profile might autoreject it... get her to install netscape or opera, those browsers usually ask people before deciding to not display a page...

 

... and ask for the correct ERROR MESSAGE...

the "doesn't work" report doesn't help you in helping her at all...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...