Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Customers accessing admin area


Raven2000

Recommended Posts

Hi I don't know if anyone else has this problem but I just discovered that whenI'm logged into my site as a customer I can access all admin facilities without entering the admin password.. I simply type admin after the https://mydomain.com/osCommerce/admin and it opens up the admin section even though I haven't given the admin password or login

 

has anyone uncovered this problem on their site and overcome it??

 

Help please this is a major security issue

 

Mel :(

Link to comment
Share on other sites

You can password protect it using .htaccess. (htaccss tutorials are on the web).

 

If your web hosting control panel allows you to set up password protected directories - set up a group, add a user to that group, and then password protect the admin directory.

 

There are also some Admin password contributions as well.

 

See more tips at http://wiki.oscommerce.com/docsInstallNew

I'd rather be flying!

Link to comment
Share on other sites

With my server, if I log in to the admin section of my site via .htaccess, it will remember my login for as long as my browser session remains open. (If I close IE down completely, then open it up again, I have to relogin via .htaccess to gain access to the admin section again.)

 

Could it be that this is what's happening to you? Try closing your browser completely, then going to the store as a 'customer' and THEN try to access Admin and see if it still happens.

 

HTH,

 

Terry

Terry Kluytmans

 

Contribs Installed: Purchase Without Account (PWA); Big Images, Product Availability, Description in Product Listing, Graphical Infobox, Header Tags Controller, Login Box, Option Type Feature, plus many layout changes & other mods of my own, like:

 

Add order total to checkout_shipment

Add order total to checkout_payment

Add radio buttons at checkout_shipping (for backorder options, etc.)

Duplicate Table Rate Shipping Module

Better Product Review Flow

 

* If at first you don't succeed, find out if there's a prize for the loser. *

Link to comment
Share on other sites

AFAIK, it applies to ONLY my computer.

 

Another example: if I open up both MSIE and Netscape and try to access my /admin section from both, I have to enter my username and password for EACH browser. Once I have logged in, my sessions will remain in effect for however long I keep each browser window open. (Closing the browser and re-opening it will force the prompt to login the next time I try to access admin.)

 

HTH,

 

Terry

Terry Kluytmans

 

Contribs Installed: Purchase Without Account (PWA); Big Images, Product Availability, Description in Product Listing, Graphical Infobox, Header Tags Controller, Login Box, Option Type Feature, plus many layout changes & other mods of my own, like:

 

Add order total to checkout_shipment

Add order total to checkout_payment

Add radio buttons at checkout_shipping (for backorder options, etc.)

Duplicate Table Rate Shipping Module

Better Product Review Flow

 

* If at first you don't succeed, find out if there's a prize for the loser. *

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...