Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommended Posts

Posted

I am in the process of migrating from a previous version of OSC and am just getting started.  At present the basics are in place, both the frontend and backend load. Before I go further I want to get some basic security in place such as... 

Changing permissions on the configure.php from 644 to 444
Setting up htaccess/htpasswd 

NOW - Perhaps I am still living in the stone age with security however I was taught long ago that one of the easiest ways to get hacked was to leave an admin directory named as admin e. g. http://www.mysite.com/admin 

Within the OSC v4 admin is there a place to rename directories? SPECIFICALLY the admin directory.

IF NOT  besides these what else needs to have the directory "admin" renamed?

<your store directory>/includes/configure.php
<your store directory>/admin/includes/configure.php
<your store directory>/admin/includes/local/configure.php

BJ

Posted
4 hours ago, Chadduck said:

Perhaps I am still living in the stone age with security however I was taught long ago that one of the easiest ways to get hacked was to leave an admin directory named as admin

Still correct. :)

4 hours ago, Chadduck said:

Within the OSC v4 admin is there a place to rename directories? SPECIFICALLY the admin directory.

I'm not aware of that being available and would be a mistake, in my opinion, if there is. It would just be a catastrophe waiting to happen. However, there is a place to change it when installing the package.

4 hours ago, Chadduck said:

besides these what else needs to have the directory "admin" renamed?

That should be it.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted
29 minutes ago, Jack_mcs said:

I'm not aware of that being available and would be a mistake, in my opinion, if there is. It would just be a catastrophe waiting to happen. However, there is a place to change it when installing the package.

@Jack_mcs


When I install just about anything anymore I do screen captures of the installation screens that appear.

After reviewing those captures, I did not locate the "place" that you said exists.  Not saying it doesn't, or that at one time it didn't, only that I do not see it on the screen captures.

Screen 1 is the Unpack screen
Screen 2 is the license agreement
Screen 3 is the Pre-installation Check
Screen 4 is the Database Access
Screen 5 is the Settings (General & Contact information
Screen 6 is the Administrator Account
Screen 7 is Complete the installation

I installed OSC v 4.12 - perhaps that option was removed? 

BJ
 

Posted
6 hours ago, Chadduck said:

Within the OSC v4 admin is there a place to rename directories? SPECIFICALLY the admin directory.

1) Change the name of the admin directory

2) Change the value of the following constant in /admin/includes/local/configure.php:

define('DIR_WS_ADMIN', '/admin/');

 

6 hours ago, Chadduck said:

Changing permissions on the configure.php from 644 to 444

It is possible only for the configure.php in the local sub-directory, because the includes/configure.php should be able to change with system updates.

Posted
1 hour ago, pandrei said:

2) Change the value of the following constant in /admin/includes/local/configure.php:

define('DIR_WS_ADMIN', '/admin/');

But the information also appears in the two other configure.php files.
Are you saying that it is not necessary to also change those?

BJ

Posted
6 hours ago, Chadduck said:

But the information also appears in the two other configure.php files.
Are you saying that it is not necessary to also change those?

Do you mean configure-sample.php and admin/includes/configure.php?

They don't need to be changed.

Posted (edited)
7 hours ago, pandrei said:

Do you mean configure-sample.php and admin/includes/configure.php?

@pandrei

These are the files to which I am referring
<your store directory>/includes/configure.php
<your store directory>/admin/includes/configure.php
<your store directory>/admin/includes/local/configure.php

You identified 
 /admin/includes/local/configure.php

What about the other two?

BJ

Edited by Chadduck
Posted
On 6/30/2023 at 4:11 PM, Chadduck said:

<your store directory>/includes/configure.php
<your store directory>/admin/includes/configure.php

I don't see an occurrence in these files. Could you show it with line numbers?

Posted (edited)

@pandrei

I am uncertain to what you are referring to "Could you show it with line numbers?" as these are ACTUAL files within the identified directories.
 

Below is a screen capture of the "/admin/includes" directory

 

Capture.PNG

Edited by Chadduck
Posted
4 minutes ago, Chadduck said:

I am uncertain to what you are referring to "Could you show it with line numbers?" as these are ACTUAL files within the identified directories.

I mean this:

On 6/30/2023 at 1:44 AM, Chadduck said:

But the information also appears in the two other configure.php files.

Could you show the part of these files where the information appears?

Posted (edited)
1 hour ago, pandrei said:

Could you show the part of these files where the information appears?

@pandrei CERTAINLY  

From the admin/includes/ configure.php


// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
defined('HTTP_SERVER') or define('HTTP_SERVER', 'http://localhost'); // eg, http://localhost - should not be empty for productive servers
defined('HTTPS_SERVER') or define('HTTPS_SERVER', 'http://localhost'); // eg, http://localhost - should not be empty for productive servers
defined('HTTP_CATALOG_SERVER') or define('HTTP_CATALOG_SERVER', 'http://localhost');
defined('HTTPS_CATALOG_SERVER') or define('HTTPS_CATALOG_SERVER', 'http://localhost');
defined('ENABLE_SSL_CATALOG') or define('ENABLE_SSL_CATALOG', false); // secure webserver for catalog module
defined('DIR_FS_DOCUMENT_ROOT') or define('DIR_FS_DOCUMENT_ROOT', $_SERVER['DOCUMENT_ROOT']); // where the pages are located on the server
defined('DIR_WS_ADMIN') or define('DIR_WS_ADMIN', '/trueloaded/admin/'); // absolute path required
defined('DIR_FS_ADMIN') or define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); // absolute pate required
defined('DIR_WS_CATALOG') or define('DIR_WS_CATALOG', '/trueloaded/'); // absolute path required
defined('DIR_FS_CATALOG') or define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); // absolute path required
defined('DIR_WS_HTTP_ADMIN_CATALOG') or define('DIR_WS_HTTP_ADMIN_CATALOG', 'admin/');
defined('DIR_WS_IMAGES') or define('DIR_WS_IMAGES', 'images/');
defined('DIR_WS_ICONS') or define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
defined('DIR_WS_CATALOG_IMAGES') or define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
defined('DIR_WS_INCLUDES') or define('DIR_WS_INCLUDES', 'includes/');
defined('DIR_WS_BOXES') or define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
defined('DIR_WS_FUNCTIONS') or define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
defined('DIR_WS_CLASSES') or define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
defined('DIR_WS_MODULES') or define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
defined('DIR_WS_AFFILATES') or define('DIR_WS_AFFILATES', DIR_WS_CATALOG . 'affiliates/');
defined('DIR_FS_AFFILATES') or define('DIR_FS_AFFILATES', DIR_FS_CATALOG . 'affiliates/');
defined('DIR_FS_CATALOG_IMAGES') or define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
defined('DIR_FS_CATALOG_MODULES') or define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
defined('DIR_FS_BACKUP') or define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
defined('DIR_FS_CATALOG_XML') or define('DIR_FS_CATALOG_XML', DIR_FS_CATALOG . 'admin/xml/');
defined('DIR_FS_DOWNLOAD') or define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

And from the includes/configure.php starting Line 240

define('DIR_WS_HTTP_ADMIN_CATALOG', 'admin/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_AFFILIATES', 'affiliates/');

 

Edited by Chadduck
Posted

Thanks. DIR_WS_HTTP_ADMIN_CATALOG is an old and rare constant, but it can still be used.

50 minutes ago, Chadduck said:

From the admin/includes/configure.php

You can change it like this:

defined('DIR_WS_HTTP_ADMIN_CATALOG') or define('DIR_WS_HTTP_ADMIN_CATALOG', ltrim(DIR_WS_ADMIN, '/'));

51 minutes ago, Chadduck said:

And from the includes/configure.php starting Line 240

Change to

define('DIR_WS_HTTP_ADMIN_CATALOG', 'your_new_admin_dir/');

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...