21 replies to this topic

[esm]

When I open the cart admin, I get this warning:
*****************************************************************
1. Edit this file: /home1/gbfenter/public_html/cart/catalog/admin/.htaccess

Remove the following lines if they exist:

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####
AuthType Basic
AuthName "osCommerce Online Merchant Administration Tool"
AuthUserFile /home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce
Require valid-user
##### OSCOMMERCE ADMIN PROTECTION - END #####

2. Delete this file:

/home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce
**************************************************************************
Those lines in the .htaccess file did not exist, so I did not have to remove them.

I deleted the .htpasswd_oscommerce file then I refreshed the page.

The new message reads:

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

The following files need to be writable by the web server to enable the htaccess/htpasswd security layer:
/home1/gbfenter/public_html/cart/catalog/admin/.htaccess
/home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce

Reload this page to confirm if the correct file permissions have been set.

The .htaccess file permissions are set to 644, the .htpasswd_oscommerce has been deleted per the earlier message. So, what in the world is this?

Thanks,

Ed

[FIMBLE]

Its the message you get asking you to add htaccess to your admin section under configuration >> administration.
The permission for these 2 files are normally 666 as they need to be written to.
nic

[esm]

No, the message did NOT ask me to add htaccess to the admin section.

It only asked that the htpasswd_oscommerce file had to be removed, which I did. Why then did the second message suggest to change the permission of a file that the first message asked me to remove. That does not make any sense at all.

[FIMBLE]

that message is not an error its giving you information.
if you have htaccess protection on via the osC admin, this gives you information to remove it....

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####
AuthType Basic
AuthName "osCommerce Online Merchant Administration Tool"
AuthUserFile /home1/gbfenter/public_html/cart/catalog/admin/.htpasswd_oscommerce
Require valid-user
##### OSCOMMERCE ADMIN PROTECTION - END #####


removal form the htaccess file will prevent the code calling the file htpasswd_oscommerce to test for the password,
If you remove the above code then you may as well remove the password + user name combination too from htpasswd_oscommerce file.
just removing the htaccess code should prevent the message from showing up though


Nic

[esm]

I did not have to remove those lines because they have NOT been in the file to begin with.

The htpassword_oscommerce file is 1) empty and, per the 1st message, 2) had been deleted.

Are we talking about different things here?

[FIMBLE]

you are talking about the admin >> Configure >. administrators page?
Its highlighted in red?
Nc

[esm]

Yes, it's highlighted in a sort of pinkish/red.

Ed

[FIMBLE]

it is only an information message. albeit a big one!!
You can remove the call to it if you prefer to , but its not an error (even if it does look very much like one) think of it more as a friendly warnig you do not have .htaccess enabled.
If you were to enable it then i would change to a smaller Green message

Nic

[esm]

But I want to enable it! That was the whole point of this post in the first place!

[FIMBLE]

ok got to admin >> Configuration >> administrators >
Clcik your admin name there, and then "EDIT", not where it asks for a new password, enter your existing password and also tick the checbox under it, now update.
You should get an HTACCESS popup box asking for your details.

any type of error will be permissions related, set the two files to 666

Nic

And to be fair,it does not mention that in your post you want it enables it says yo have a conflicting message

Edited by FIMBLE, 31 January 2011, 16:13.

[esm]

OK, when I click on EDIT, it does ask me for a new password and there is no checkbox. I'm sure I'm doing something wrong here.

[FIMBLE]

this is how it should look

[img]http://www.linuxuk.co.uk/admin.gif[/img]

[esm]

Here's what I see:

[img]http://www.gbfenterprisesllc.com/pub/admin.gif[/img]

[FIMBLE]

thats odd, try uploading the adminsitrators.php file again to the admin (or whatever you called it) folder, rename the old file administrators.old it will server as a back up
I have added the new file here.

Nic

Attached Files

•  administrators.php   16.45K   6 downloads

[FIMBLE]

i got it, it wont show becuase the files do not have write permissions, set the following to 666
admin / .htaccess
admin/ .htpasswd_oscommerce

The box will show then, learn something new every day!!

Nic

[esm]

OK, bingo!

Set both files to 666 and the protection did work now!

Thanks a bunch, Nic

[FIMBLE]

no problem, i learned something there also!
Nic

[esm]

One of the things that threw me off was the message to remove the htpasswd_oscommerce file.

[FIMBLE]

i can see how that would Ed
Nic

[bugguys]

@FIMBLE can you help me with same issue as above, only I don't have a htaccess+oscommerce file in my folder...