Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

.htaccess and SSL for admin panel


ranxero

Recommended Posts

I have a strange problem that I don't understand:

 

I set up SSL with Apache webserver and oscommerce-2.2ms2 catalog and admin residing on the same server.

It works fine for catalog and admin panel. now I want to add a login to

the admin panel with .htaccess which works fine as well - JUST:

when I access

http://myserver/admin/

and login via the browser and after wards click on a link that points to maybe

 

https://myserver/admin/configuration

 

I have to login again

 

and vice versa, that means first access panel via SSL then click on a non SSL link I have to login again.

I always have to login twice. I fummbled around a lot but couldn't figure it out.

I paste in the .htaccess, the admin configure and catalog configure.

maybe someone would care to have a look or knows right away ?!

thanks in advance

 

############### .htaccess file #####################

<IfModule mod_setenvif.c>

<IfDefine SSL>

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

</IfDefine>

</IfModule>

 

DirectoryIndex default.php index.php index.htm index.html

AuthUserFile "c:/somewhere/dir/Apache/htdocs/.htpasswd"

AuthType Basic

AuthName "Admin"

 

require valid-user

Options Indexes FollowSymlinks MultiViews

 

############### admin configure.php #####################

 

define('HTTP_SERVER', 'http://myhost'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://myhost'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_CATALOG_SERVER', 'http://myhost');

define('HTTPS_CATALOG_SERVER', 'https://myhost');

define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', 'C:/somewhere/dir/Apache2/htdocs'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/fphstore/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/fphstore/fphstore/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'my_datasource');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

############### catalog configure.php #####################

 

define('HTTP_SERVER', 'http://myhost'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://myhost'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '/fphstore/fphstore/');

define('HTTPS_COOKIE_DOMAIN', '/fphstore/fphstore/');

define('HTTP_COOKIE_PATH', '/fphstore/fphstore/');

define('HTTPS_COOKIE_PATH', '/fphstore/fphstore/');

define('DIR_WS_HTTP_CATALOG', '/fphstore/fphstore/');

define('DIR_WS_HTTPS_CATALOG', '/fphstore/fphstore/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/fphstore/fphstore/');

define('DIR_FS_DOWNLOAD', 'give/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'my_datasource');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

Link to comment
Share on other sites

Your first login is to http://myserver/admin/ which is a non-secure link. Change this to https://myserver/admin/ and you should be fine. Also, https://myserver/admin/ and https://www.myserver/admin/ are considered different sites and will require you to log in twice. You actually have to log in for every request, but your browser remembers your username and password and sends it for you, as long as it thinks that you are on the same site.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

maybe I don't understand your answer or I didn't explain the problem well enough.

 

situation: catalog and admin on same server

SSL working fine for both.

 

>Your first login is to http://myserver/admin/ which is a non-secure link. Change >this to https://myserver/admin/ and you should be fine

I use the https url to access admin panel at first. of course I have to login then.

when I'm logged in and I click an a non SSL link I have to login again.

Is there any way to avoid that?

 

anyway thanks for your effort

 

regards

Christian

Link to comment
Share on other sites

Sorry, I misunderstood the problem. You need to change the configure.php for your admin side to have only the secure form of the address. That is, both the HTTP_SERVER and HTTPS_SERVER need to be set to https://myserver/admin/.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

in your configure.php file, line 1 shows you should be logging into http://myhost which should only require one login. sometimes, depending upon what you have setup in your httpd.conf file, it may require you two times of connecting. it is more annoying than anything else, if you want to troubleshoot, have at it, else live with it. it isnt a function of osCommerce, it is a function of your server and how you have htaccess etup

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...