njubie Posted July 5, 2003 Posted July 5, 2003 Do i have the possibility somewhere to set a password for admin?...because anyone can go to server/catalog/admin/index.php and access the admin module without any password.So how do i do this?.. to login into admin with a password. Thanks in advance
Silencer Posted July 5, 2003 Posted July 5, 2003 Protect directory with .htaccess. 99% hosting providers allow do this from account control panel - something like "Protect directories". There is always more than one way to do it. And always Keep It Simple, Stupid.
njubie Posted July 5, 2003 Author Posted July 5, 2003 OK thanks..but i'm just wondering..doesn't oscommerce have the option somewhere to set a password for admin?...most of carts have.. Thank You
osCfan Posted July 5, 2003 Posted July 5, 2003 Protect directory with .htaccess.99% hosting providers allow do this from account control panel - something like "Protect directories". Hello Silencer, my webhosting uses cpanel so I can use web protection for my folder but just out of curiosity, do you know how to protect the folder with .htaccess manaully? :? Steve
osCfan Posted July 5, 2003 Posted July 5, 2003 Here is a post by TB (Tony), it should give you some idea of how to protect the 2 config files: There are a few things you can do to secure the admin folder. First level of protection would be the web protection. Next thing you could do is to move the configure.php file to behind the directories which can be accessed by the internet. (This step can be done for both catalog and admin interfaces) Example: Site setups vary though this is a common setup: Internet File System www.yourdomain.com = /usr/home/yourdomain/public_html/ /usr/home/yourdomain/ can't be accessed by any computer through your domain www.yourdomain.com Move catalog/includes/configure.php from /usr/home/yourdomain/public_html/catalog/includes/configure.php to /usr/home/yourdomain/includes/configure_catalog.php Once you've done this, you will need to create a new catalog/includes/configure.php This is the code that should be inside that file. Configure.php <?php if (!file_exists('includes/local/configure.php')) { require('/home/yourdomain/includes/configure_catalog.php'); } ?> The way this code is setup, is that it looks to see if you're using a local test server (the includes/local/ directory shouldn't be uploaded to your web server). If you're not on a local test server, than it will load all your configuration details from the configure_catalog.php file. The reason you'd want to put this file behind anywhere the internet could get it is because it holds your database password information. Let me know if you need a hand doing setting up either of these things. HTH, Tony P.S. You will need to set the http details back to the way they were in your catalog/includes/configure.php file or your whole site will be operating under HTTPS which slows down your site and puts unnecessary load on your server. define('HTTP_SERVER', 'https://server6.elitewebhosting.com/~mysite/'); define('HTTP_CATALOG_SERVER', 'http://www.mysite.com'); define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module Hope this help :D Steve
osCfan Posted July 5, 2003 Posted July 5, 2003 If you make those changes to your 2 config files, so no other computer will be able to access it except your server (localhost). And then you use web protection for directory: /usr/home/yourdomain/public_html/catalog/includes/configure.php and your admin/includes/configure.php folder... Hope this help. 8) Steve
Silencer Posted July 5, 2003 Posted July 5, 2003 Hello Silencer, my webhosting uses cpanel so I can use web protection for my folder but just out of curiosity, do you know how to protect the folder with .htaccess manaully? :? Steve Yes, i know :) There is always more than one way to do it. And always Keep It Simple, Stupid.
davechl Posted July 8, 2003 Posted July 8, 2003 OK thanks..but i'm just wondering..doesn't oscommerce have the option somewhere to set a password for admin?...most of carts have..Thank You Hi njubie, Did you find an answer to your question? I'm setting up the catalog through the admin section currently and have the same question. I didn't have SSL when I installed the package, but since then I've got the certificate and SSL is working. But I can access the admin page without a login and the admin page tells me that I'm not protected by SSL. I also thought that the catalog installation process provided an option for admin section login and SSL enabling... How do I ensure that these are working now that the installation has been completed (I've removed the installation files as instructed)? Any advice would be appreciated, David
jcroson Posted July 8, 2003 Posted July 8, 2003 See this thread for more security info. http://www.oscommerce.com/forums/viewtopic.php?t=50404 JC John Croson Technology Operations Manager Racine Art Museum
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.