Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

secure admin folder


bobthelucky

Recommended Posts

i have been told i can change name on admin folder to protect it and to change settings in config.php but which? config.php and where in it? i looked and never saw admin any place in it to replace it so any help is welcome thanks all great forum

Link to comment
Share on other sites

You don't need to change any of your folder names just go to your catalog/admin/includes/ configure.php and on the line that reads

 

 

 

define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers

 

 

 

add an "s" to the http://www.yourdomain.com like this:

 

define('HTTP_SERVER', 'https://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers

 

 

 

when you get to your admin you will be required to log in as usual but it will look unsecure then click on any link in the main admin screen and you will have to log in again but after that all admin areas are secure. Lisa

Link to comment
Share on other sites

thank you lisa

i did that and it works great to secure the info im changing or what ever im looking at but, any one who types in catalog/admin after my www.mydomain, can get in there too. is that not correct?

Link to comment
Share on other sites

If they type in www.yourdomain.com/catalog/admin they should automatically get the login screen and will not have access unless they know your username and password. Clear your temp internet files and cookies, reopen your browser and try again. Hopefully the login screen will come up. Sorry I couldn't give you better advice. Let me know if it is still happening. Lisa

Link to comment
Share on other sites

https will secure the traffic to/from the server/client... but to secure the admin directory you need to use .htaccess . If you are using cPanel you can do this very easily by using the "password protect directories" option. You also my want to prevent people from being able to get an index of your directories....once again if you are using cPanel this is very easy by using the "Index Manager" feature.

 

Cheers

Link to comment
Share on other sites

ok cpanel? in osCommerce? or in powweb my server? i assume you mean control panel? but with messing with these htaccess i cant even get into admin folder now i get server error

i have replaced the htaccess doc that was in admin and removed all my password docs but still cant get into admin tru browser any ideas? thanks for you help

Link to comment
Share on other sites

Sorry...I meant Cpanel on your hosting service....or whatever front end tool that your hosting service provides...it should include the ability to control directory access. You should have a .htaccess file in your Admin directory and your .htpasswds file should be located in your home directory. Check this link for more details on .htaccess usage http://httpd.apache.org/docs/howto/htaccess.html .

 

Cheers

Link to comment
Share on other sites

I would like more info on this too. I get this warning:

Warning: I am able to write to the configuration file: /home/marcia/public_html/cart/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

and in the configure.php file I have two lines of define - the first is HTTP_SERVER and followed by HTTPS_Server. Do you mean to make them BOTH the same HTTPS? and both defined as this: ('HTTPS-Server', 'http://domain.com');

 

Also, I don't know what to do with the htaccess doc either.

 

I went to the index manager feature and selected a folder and clicked as instructed but I am still showing the directory of files within that folder when I go view my site. Maybe I should clear my cache and try again, or try on my husband's computer.

 

Would like help getting started and I'm greener than bobthelucky, who flies a mean F14. And I DO know HTML, but nothing about server side technologies or scripts other than basic javascript and css. HELP! ;) Thanks, Marcia

Link to comment
Share on other sites

When I chanced the top define HTTP_SERVER it made all my images show as broken icons. So I'm doing something very wrong. Would just like to know how to eliminate the Warning:

 

Warning: I am able to write to the configuration file: /home/marcia/public_html/cart/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Thanks, Marcia

Link to comment
Share on other sites

:D

 

I FIXED IT! YAY.....I was able to go to cpanel and open the permissions. Mine were different than yours.

 

In the File Manager, I selected the php file which displayed several options including Change Permissions which took me to the following:

 

user, group, world

 

I thought user was me (owner) so I left write and execute, but that still enabled the viewer (who I thought was world) to write to it. So I enabled Read for User, Group and World and left Write and Execute off for all three. The Permissions were changed to User 4, Group 4, and World 4....which must be the same as Bob's 0444 - I guess the zero in my case refers to me, the admin/owner.

 

Thanks again to Bob for his last email and all the others who went before him.

 

I am certain this will be the first of many post about how to do things, but I already feel as if I learned a lot. Thanks for this great forum,

 

Marcia

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...