Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Regarding Admin login with SSL connection


osCfan

Recommended Posts

Happy 4th of July everyone~!!! :D

 

I'm just wondering if anyone knows how to set up the admin login with SSL connection so that the admin login will have SSL connection until the user logout. Thanks in advance. :)

 

Steve

Link to comment
Share on other sites

Yes.

 

Edit your 'catalog/admin/includes/configure.php' file as explained below.

 

Change:

define('HTTP_SERVER', 'http://www.yourdomain.com');

to

define('HTTP_SERVER', 'https://www.yourdomain.com');

 

Another thing to note, if you store your Admin site in your favourites/bookmarks ensure that you have the URL set to HTTPS. This way, you will always be covered by your SSL whilst using the Admin function.

 

HTH,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Link to comment
Share on other sites

Thanks alot for your help~! :D

 

I have another quick question...do you know if I can use Yahoo Store with osCommerce? Do you know if anyone did that before? Or is it impossible to do?

 

Thanks in advance~! :)

 

Steve

Link to comment
Share on other sites

Hello~!

 

I have another question about setting admin login with SSL...

 

I have changed my setting to the following...

 

define('HTTP_SERVER', 'https://server6.elitewebhosting.com/~mysite/'); define('HTTP_CATALOG_SERVER', 'http://www.mysite.com');

define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

however, I still don't get SSL when I go to admin page, I have put a web protection to the admin folder, so that it'll prompt a login before I can access those files inside admin folder, is this ok? Or is there a better way to protect admin folder? Thanks so much~

 

Steve

Link to comment
Share on other sites

So sorry~!

 

IT IS working now...my admin interface has SSL connection~ Thanks for your help~

 

However, I still would like your opinion on protecting the admin folder...is putting a web protection on that folder a good idea? Or is there a better way to protect it?

 

Steve

Link to comment
Share on other sites

There are a few things you can do to secure the admin folder.

 

First level of protection would be the web protection.

Next thing you could do is to move the configure.php file to behind the directories which can be accessed by the internet.

(This step can be done for both catalog and admin interfaces)

 

Example:

Site setups vary though this is a common setup:

Internet File System

www.yourdomain.com = /usr/home/yourdomain/public_html/

 

/usr/home/yourdomain/ can't be accessed by any computer through your domain www.yourdomain.com

 

Move catalog/includes/configure.php from /usr/home/yourdomain/public_html/catalog/includes/configure.php

to /usr/home/yourdomain/includes/configure_catalog.php

 

Once you've done this, you will need to create a new catalog/includes/configure.php

 

This is the code that should be inside that file.

 

Configure.php

<?php

if (!file_exists('includes/local/configure.php')) {

require('/home/yourdomain/includes/configure_catalog.php');

} ?>

The way this code is setup, is that it looks to see if you're using a local test server (the includes/local/ directory shouldn't be uploaded to your web server). If you're not on a local test server, than it will load all your configuration details from the configure_catalog.php file.

 

The reason you'd want to put this file behind anywhere the internet could get it is because it holds your database password information.

 

Let me know if you need a hand doing setting up either of these things.

 

HTH,

Tony

 

P.S.

You will need to set the http details back to the way they were in your catalog/includes/configure.php file or your whole site will be operating under HTTPS which slows down your site and puts unnecessary load on your server.

define('HTTP_SERVER', 'https://server6.elitewebhosting.com/~mysite/'); define('HTTP_CATALOG_SERVER', 'http://www.mysite.com');  

define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');  

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

"The price of success is perseverance. The price of failure comes much cheaper."

Link to comment
Share on other sites

Thanks so much for your help TB~

 

It's working right now and I feel more confortable having the 2 config files in a directory that can't be reached by the Internet. :D

 

Steve

Link to comment
Share on other sites

You will need to set the http details back to the way they were in your catalog/includes/configure.php file or your whole site will be operating under HTTPS which slows down your site and puts unnecessary load on your server.
define('HTTP_SERVER', 'https://server6.elitewebhosting.com/~mysite/'); define('HTTP_CATALOG_SERVER', 'http://www.mysite.com');

define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Hi Tony,

 

Those code are from the admin config file, I thought you said I need to set the HTTP_SERVER to https://server6.webhosting.com/~mysite/ for SSL connection while admin uses that interface? Did I do something wrong? Can you please tell me what I need to do to improve?

 

Steve

Link to comment
Share on other sites

Thanks so much for your help TB~

 

It's working right now and I feel more confortable having the 2 config files in a directory that can't be reached by the Internet. :D

 

Steve

 

I mean I feel more comfortable having the 2 config files in a directory that can't be accessed by other computer... :lol:

Sorry I just woke up, not feeling awake yet hehe :?

Link to comment
Share on other sites

Those code are from the admin config file, I thought you said I need to set the HTTP_SERVER to https://server6.webhosting.com/~mysite/ for SSL connection while admin uses that interface? Did I do something wrong? Can you please tell me what I need to do to improve?

 

I've been on the computer now for 18 hours straight!

You are right... with the settings you have. I was thinking that it was the catalog file... not the admin.

 

Glad to see you've got it all working.

 

As for moving the files, I've been thinking about it, and I'm not 100% sure if it will protect the files as well as I thought since the 'require' statement inserts the contects into the file as though it was a part of the file itself.

Can anyone help to shed some light on this theory?

 

Cheers,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...