Jump to content
Sign in to follow this  
nate_02631

[contribution] EZ Secure Order & Customer Viewing

Recommended Posts

Hello,

 

I have installed this contribution and it seems to be working great! The only issue I am having, is when I log in to my admin section (I use .htaccess & .htpasswd), I am asked for my login & password as usual, but when I click on the secure sections, I am asked for my login and pass a second time. I imagine this is due to the server being at http://www.mysite.com the first time and https://www.mysite.com the seocnd time. Does anyone know of a fix?

 

Thanks in advance,

 

Andrew

Share this post


Link to post
Share on other sites

I followed some instructions in the contribution to get SSL working on the admin page (I should have smealt a rat when it said edit config.inc.php and there was only a configure.php)

 

A support thread can be found in the osCommerce forums here:

http://forums.oscommerce.com/index.php?act...=7&t=103024

 

The contribution mentioned modifiying admin/includes/config.php file , there was no config.php but there was a configure.php so modified that one

 

Then I modified admin/includes/functions/html_output.php

 

The problem is it didn't work it sent me back to the customer login page.

 

I have replaced the changed files with my backup files, but the problem still exsists.

 

Any ideas

Share this post


Link to post
Share on other sites

Hey

 

I have had this contribution working fine, ok I have to log in twice before it would let me see the orders etc but that didnt bother me. Now however I just keep getting bounced back to the admin log in page when trying to view customers/orders etc.

 

Anyone know a solution?

 

Cheers

Alex

Share this post


Link to post
Share on other sites

it seems that when i password protect the admin folder this contribution gives a 401 error when clicking on the 'customers' or 'orders' links. when i disabled the password protection, it worked at first, then would kick me back to the login screen, over and over, never allowing me to log in until i uploaded the old files.

 

anyone else have this problem, or a solution?

 

thanks in advance!

Edited by truncheon

Share this post


Link to post
Share on other sites
Hey

 

I have had this contribution working fine, ok I have to log in twice before it would let me see the orders etc but that didnt bother me. Now however I just keep getting bounced back to the admin log in page when trying to view customers/orders etc.

 

Anyone know a solution?

 

Cheers

Alex

 

Sorry, no solution. I have the exact same problem :-(

Share this post


Link to post
Share on other sites
I just keep getting bounced back to the admin log in page when trying to view customers/orders etc.

 

I hate to post to a topic that is so old, but ...

I just installed the 4 change solution.

 

It directs me to the https in all the right places, but then it asks me to log in again and I can't get to where I'm going.

I've uninstalled the IF statements back to the original.

 

Is this a problem with the newer osCommerce version?

Or, does anybody have a fix?

Share this post


Link to post
Share on other sites
Is this a problem with the newer osCommerce version?

Or, does anybody have a fix?

I'm beginning to believe the problem is the newer version of osCommerce.

I have 2 sites, one over a year old, the other just a few months old.

I installed the fix on the older version and it works fine.

On the older version, I get a browser challenge when I go to mydomain/admin

 

But on te newer version, doing exactly the same thing brings up the screen

mydomain/admin/login.php?osCAdminID=c8f29b... which asks for a username and password.

If I install the SSL fix, then everything I do takes me to this login.php screen.

 

So, is there a further adjustment needed to this fix to handle the newer version?

Share this post


Link to post
Share on other sites

 

OK, I'm sure the problem is the new version.

There is n admin/login.pgp that handles logging in from a table based list of administrators.

 

It includes lots of statements like

$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

 if (tep_not_null($action)) {
switch ($action) {
  case 'process':
	$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
	$password = tep_db_prepare_input($HTTP_POST_VARS['password']);

 

There is no mention of any HTTPS anywhere in this module. This seems to cause the login to endlessly loop.

 

The code is too dense for me. Does anybody know how to make this code work with SSL ??

Share this post


Link to post
Share on other sites

OK, I figured it out.

The newer version uses a redirect to admin/login if the user is not logged in. Took a while to find it, but it happens in

admin/includes/application_top.php

 

Find this code

// redirect to login page if administrator is not yet logged in
 if (!tep_session_is_registered('admin')) {
$redirect = false;

 

A few lines below this is

$redirect = true;

 

Change the true to false, and voila ... you're no longer using the Administrator feature of osCommerce.

Now go to your cpanel : Password Protected Directories and put a password on the admin folder

Now the SSL fix works.

Yeah!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×