Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Securing my admin - and A big Thanks


Guest

Recommended Posts

Hi All,

 

Have been browsing and reading :blink: this board for a few months now and have made every effort to do as much learning before posting -

 

First of all - although you and I dont know who you are - a massive Thanks to all who have made contributions and posts to this board - wihtout your help i would still be running a static html site with no functionality - as i get up to speed i hope to be able to make contributions also. :)

 

I have install Oscommerce 2.2 and populated my catalog with products made minor alternations to desig and look of my site - However I have run into problems when trying to .htaccess my admin folder.

 

my .htaccess looks like this

 

----

AuthUserFile /catalog/admin/.htpasswd

AuthType Basic

AuthName "AdminArea"

 

<LIMIT GET POST>

require valid-user

</LIMIT>

---

 

and my .htpasswd

 

-----

admin:admin

-----

 

the path to my admin folder looks like this

 

/catalog/admin (and both ht files are located here)

 

however for some reason i cannot get .htaccess to work for me -

 

Login screen is displayed - but even with the plain text password (not encrytped) - I am unable to login into admin panel.

 

I have read that a contribution may resolve my issues - however many of the contrib seem to be more than I require - Is there a contrib that i have missed that is a simple install to protect my admin -

 

Although I have been reading for months I am still very much a novice and struggle with some of the script installs - if anyone could point me to a simple install i would greatly appreciate - alterntaively if someone can look at my .htaccess and tell me if i'm missing something them that would be ideal.

 

Thanks in advance

 

Regards

Guigy

Link to comment
Share on other sites

Here's a very useful free tool that will take care of .htaccess protection for you and much more.

 

http://www.gossamer-threads.com/scripts/fileman/index.htm

 

It's a five minute install. Only one caveat though. When it presents its install screen don't let it put the images folder in cgi-bin, the images won't show up. Just backspace through /cgi-bin in those two fields. You can also rename the images folder if you like.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Hi Folks -

 

Thanks for the replies -

 

I am really determined to get to the bottom of the .htaccess problem -

 

Have checked server info via placing the following php file i created

 

----

<?php

phpinfo();

?>

-----

 

Called page and from there i searched for "PATH_TRANSLATED"

 

which directs me to my full (true) server path

 

/home/content/c/h/e/cheapkit/html/catalog/admin/server.php

 

(were server.php and .htaccess are located)

 

edited my .htaccess to

 

------

AuthUserFile /home/content/c/h/e/cheapkit/html/catalog/admin/.htpasswd

AuthType Basic

AuthName "AdminArea"

 

<LIMIT GET POST>

require valid-user

</LIMIT>

------

 

but still it wont work -

 

Can anyone see if there is a simple mistake i am making in the code - I'm pretty sure that this is now the correct full path -

 

Failing this I will revert to a contribution install - but i cant seem to fathom out what i might be doing wrong and it's really bothering me.

 

all help appreciated

 

Regards

Guigy

Link to comment
Share on other sites

Is the apache server conf file set up to allow .htaccess files? If not then it won't even look for your file. Your conf file might be saying AllowOverride None.

 

The following is a sample...

 

<Directory "/home/httpd/html">

AllowOverride ALL

Options Indexes FollowSymLinks MultiViews

Order allow,deny

Allow from all

</Directory>

 

Also check your apache errorlog to see if there are any error messages regarding your files. There may be a "can not find file" message etc.

 

HTH

Tom

Link to comment
Share on other sites

  • 2 months later...

Hi Folks

 

>Is the apache server conf file set up to allow .htaccess files? If not then it won't >even look for your file. Your conf file might be saying AllowOverride None.

 

Where can i find the apache config file

 

The following is a sample...

 

><Directory "/home/httpd/html">

>AllowOverride ALL

>Options Indexes FollowSymLinks MultiViews

>Order allow,deny

>Allow from all

></Directory>

 

>Also check your apache errorlog to see if there are any error messages >regarding your files. There may be a "can not find file" message etc.

 

again where can i access the error log?

 

Thanks in advance

G

Link to comment
Share on other sites

Hi Kieron,

 

Your apache conf file is located where apache was installed in the conf folder.

 

If you have root access to your system then run

 

httpd -V

 

and it will give you the full path of the conf files as well as the location of all of your error logs.

 

If you don't have root access to your system, and your ISP/Host does not provide control panel access to your "logs", the you are sadly SOL.

 

HTH

Tom

Link to comment
Share on other sites

Hi,

 

Thanks for the reply once again.

 

It seems that i dont have access!! :(

 

I can feel a hosting switch coming on! :)

 

 

Regards

G.

Link to comment
Share on other sites

you know... I was peeping around with this for a lil while.

 

I read something this guy old_dave or something wrote.

 

Basically on our host's side we can protect any dir... which is what I did

 

and now it's been set up hassle free.

 

:)

 

good lookin out old dave.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...