Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin secure


bad

Recommended Posts

Hi every body,

can some one help me for securing admin with .htaccess

i have installed Oscommerce on W2000 (apache).

to secure admin with password, i have added to my HTACCESS file

__________________________

AuthUserFile /www/admin/.htpasswd

AuthType Basic

AuthName "Member Page"

 

<LIMIT GET POST>

require valid-user

</LIMIT>

_____________________________

and i create .htpasswd file

 

login:cryptedpass

 

when i go to http://mysit/admin/index.php with i.e and i put my login and password

i have this error:

................... can't open file /www/admin/.htpasswd.....

...............have not find user "login"............

 

thinks for your help

Link to comment
Share on other sites

here is a Translation for ya

**********************

 

osCommerce.htaccess &.htpasswd generator Last news: 22-07-2003: The new Dutch forum is online! Click here to visit it!

 

.htaccess(let on the POINT to the beginning) are actual nothing more than one text bestandje that the web server carries out as very first.

In this resistant state that a valid user with associated guard word must be given up there BEFORE further charge the page (s).> The guard word and user name stand in the same type resistant called.htpasswd this file must be placed however OUTSIDE the Internet site directory i.v.m. extra security.

 

Therefore to protect the directory (and all underlying dirs/files) in Admin: / home/mattice/website/catalog/admin/.htaccess But it.htpasswd become OUTSIDE the webspace keep: / home/mattice/prive/.htpasswd Use the forumulier mentioned below to generate automatically the files.

At "internal path" you must therefore the location give up where you it.htpasswd want keep. Beginning and finite with "/" therefore: / home/mattice/prive/

 

 

here are the options at the bottom

****************************

 

Inlog name:

 

guard word:

 

Internal path:

 

Popup reported: Prohibited access!

 

example makes

 

hope this helps

 

Mark

Link to comment
Share on other sites

I have generated the files .htaccess and .htpassword like in your message but it don't work:

this is apache error

[Wed Nov 05 18:40:24 2003] [error] [client 81.65.12.229] (13)Permission denied: Could not open password file: c://documents and settings/nek1/mes documents/

[Wed Nov 05 18:40:24 2003] [error] [client 81.65.12.229] user vrirouche not found: /admin/index.php

 

and this is apache access error

------------------------------------------------------

81.65.12.229 - - [05/Nov/2003:18:40:17 +0100] "GET /admin/index.php HTTP/1.1" 401 506

81.65.12.229 - "" [05/Nov/2003:18:40:17 +0100] "GET /admin/index.php HTTP/1.1" 401 506

81.65.12.229 - vrirouche [05/Nov/2003:18:40:24 +0100] "GET /admin/index.php HTTP/1.1" 401 506

-------------------------------------------------------

 

I don't know what I can do now :( :( :(

 

PS: the text for .htaccess

-------------------------------------------------------

AuthType Basic

AuthName "Ooooooops!!!"

AuthUserFile "C://Documents and Settings/nek1/Mes documents/"

AuthGroupFile /dev/null

<Limit GET>

require valid-user

</Limit>

------------------------------------------------------

I have put it in the HTACCESS file witch was existing in oscommerce becose wen I create a new file (.htaccess) it don't work, this is a message:

------------------------------------------------------

[Wed Nov 05 18:13:35 2003] [error] [client 81.65.12.229] (2)No such file or directory: Could not open password file: c:/documents and settings/nek1/mes documents/.htpasswd

[Wed Nov 05 18:13:35 2003] [error] [client 81.65.12.229] user not found: /admin/index.php

------------------------------------------------------

Link to comment
Share on other sites

Hi,

 

I used the generator, and it works too, it doesn't even let myself in! :lol:

 

it doesn't accept the password, so I created a new .htaccess and .htpaswd and I uploaded it hoping it would override the old one, but still no luck! also its not possible to delete these files in the server because they become invisible as soon as they get uploaded to the directory server.

Any suggestions?

 

Thanks,

 

Joey.

Link to comment
Share on other sites

  • 2 years later...

Hello everybody,

 

I had the same problem, first of all, I found that link in dutch, and then I found your thread with the translation into English. The problem I had was exactly the same, I couldn't access to the admin directory, even with my login and password, and then I found this website, in which I have created the files with a login-pass and it works!

 

Enjoy it!

 

Galder

Link to comment
Share on other sites

Hello everybody,

 

I had the same problem, first of all, I found that link in dutch, and then I found your thread with the translation into English. The problem I had was exactly the same, I couldn't access to the admin directory, even with my login and password, and then I found this website, in which I have created the files with a login-pass and it works!

 

Enjoy it!

 

Galder

 

I have no password protection on the admin either and am new to installation, the above links looks perfect, but when it asks for the path does that mean as the server see it ie:

/home/my_domain/mainwebsite_html/oscom/admin

or as the browser see's it http://www.domain/oscom/admin I dont want to upload a file and get locked out all together, and what are the .hta files doing if they are not asking for a password anyway.

Link to comment
Share on other sites

oh hey.. thanks a lot.. it worked for me as well :D

and uhh.. is there anymore things we can do to get it even more secure?

Change the name of your admin and edit the 2 configure files to reflect the change then set up the .hts' again.

Link to comment
Share on other sites

I have a question.

My shared hosting provider gives me ftp access to /home/user_domain/html directory only and everything down. So that's kind of myroot and i cannot put .htpasswd file anywhere out of http service scope.

Under myroot i made a directory with 511 permission and .htpasswd in it.

Is this secure enough or there is better solution available for my conditions?

Thanks,

-vlad

Link to comment
Share on other sites

I generated the .htaccess and .htpasswd files, uploaded them to the correct directory and it does indeed ask me for a password - trouble is it won't accept it. I have chmodded the files as 777 so it can't be an access issue - any ideas?

 

I generated the .htaccess and .htpasswd files, uploaded them to the correct directory and it does indeed ask me for a password - trouble is it won't accept it. I have chmodded the files as 777 so it can't be an access issue - any ideas?

Link to comment
Share on other sites

sorted - silly me - forgot that it needs an absolute path

 

like this

 

/home/content/s/h/a/shakk114/html/catalog/admin

 

and not a relative path like this

 

/catalog/admin

 

works a treat - is it really secure though?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...