dave111 Posted March 16, 2005 Share Posted March 16, 2005 anyone use the simple manual order entry contrib. http://www.oscommerce.com/community/contributions,1927 It works fine only 1 problem, when you turn password security on in the script (change from false to true) when you try to access http://www.site.com/admin.php it prompts for password but wont let me in. So every time i want to use the thing i have to go in and change security to false then login with no password, and when finished change it back to true.....very annoying. Can anyone help? Quote Link to comment Share on other sites More sharing options...
giftmaster Posted March 17, 2005 Share Posted March 17, 2005 anyone use the simple manual order entry contrib.http://www.oscommerce.com/community/contributions,1927 It works fine only 1 problem, when you turn password security on in the script (change from false to true) when you try to access http://www.site.com/admin.php it prompts for password but wont let me in. So every time i want to use the thing i have to go in and change security to false then login with no password, and when finished change it back to true.....very annoying. Can anyone help? <{POST_SNAPBACK}> I posted the same questions a few weeks ago. No responce. I don't think it is a popular contrubtion. My site will be going live in about a week so I am working on the problem. I will let you know the fix (if I find it) :D Raymond Quote Link to comment Share on other sites More sharing options...
giftmaster Posted March 19, 2005 Share Posted March 19, 2005 I posted the same questions a few weeks ago. No responce. I don't think it is a popular contrubtion. My site will be going live in about a week so I am working on the problem. I will let you know the fix (if I find it) :D Raymond <{POST_SNAPBACK}> Well I looked through the contrubution ...for about 2 hrs. I can't figure out why it does not work. I have contacted the creator of the contrubution via email. I hope to have a fix real soon. Raymond Quote Link to comment Share on other sites More sharing options...
giftmaster Posted March 21, 2005 Share Posted March 21, 2005 Well I looked through the contrubution ...for about 2 hrs. I can't figure out why it does not work. I have contacted the creator of the contrubution via email. I hope to have a fix real soon.Raymond <{POST_SNAPBACK}> The creator of the contrubution emailed me and said "Thanks for contacting us, and choosing to make use of our Mod. There are no known bugs with the software in terms of password protection. Did you follow the instructions regarding securing the mod? If you would like us to investigate the problem with your setup, we can do this. I would estimate we could have the problem resolved within 30 mins, but if it was going to take longer we would contact you prior to proceeding. We charge $US50 per hour for this sort of work. Payment is via PayPal." I'm not sure what to make of it. I will keep you up to date. Raymond Quote Link to comment Share on other sites More sharing options...
ancientmember Posted March 25, 2005 Share Posted March 25, 2005 I have the same problem. i think it's got a bug Quote Link to comment Share on other sites More sharing options...
dave111 Posted March 26, 2005 Author Share Posted March 26, 2005 Still no fix? Quote Link to comment Share on other sites More sharing options...
dijimon Posted April 17, 2005 Share Posted April 17, 2005 Any update on this? Is this contrib actually supported? Quote Link to comment Share on other sites More sharing options...
giftmaster Posted April 17, 2005 Share Posted April 17, 2005 Any update on this? Is this contrib actually supported? <{POST_SNAPBACK}> I don't think so. After contacting the creator I'm not even sure it was completed. It seem it was half done so the company can charge you to finish it. I keep a copy of the Admin file localy so when I need to use it I up load the admin file then delete it from my site when I am done. Quote Link to comment Share on other sites More sharing options...
kev@num Posted December 7, 2005 Share Posted December 7, 2005 oh no :( i was hoping for a fix for this!! did anyone fix it? Quote Link to comment Share on other sites More sharing options...
Guest Posted January 27, 2006 Share Posted January 27, 2006 (edited) Geoff from Attitude here. We have received quite a few "thanks yous" - so there are a few people using this without issue. I think your issues will be related to web server support for the authentication system we borrowed from another contribution (?Admin Authentication for 2.2? by Bao Quoc Nguyen) which uses HTTP authentication via PHP_AUTH_USER. There are server specific issues related to this form of authentication documented on the PHP.net site (running PHP as a CGI or some servers running IIS). The contribution clearly states that security/authentication is up to the store owner. Anyone having problems contact me direct - we will look at any issues and come up with a solution for authentication that overcomes any major issues. We will also implement some other enhancements we have made but not released. We will post here when the new version is released. Edited January 27, 2006 by attitudenz Quote Link to comment Share on other sites More sharing options...
ka0osk Posted January 27, 2006 Share Posted January 27, 2006 Geoff from Attitude here. We have received quite a few "thanks yous" - so there are a few people using this without issue. I think your issues will be related to web server support for the authentication system we borrowed from another contribution (?Admin Authentication for 2.2? by Bao Quoc Nguyen) which uses HTTP authentication via PHP_AUTH_USER. There are server specific issues related to this form of authentication documented on the PHP.net site (running PHP as a CGI or some servers running IIS). The contribution clearly states that security/authentication is up to the store owner. Anyone having problems contact me direct - we will look at any issues and come up with a solution for authentication that overcomes any major issues. We will also implement some other enhancements we have made but not released. We will post here when the new version is released. I just started having this problem --- I didnt change a thing, so I am assuming it has somthing to do with my provider changing something. They changed permissions on several dirs on my a few months ago out of the blue, but this thing has me baffled!!!! Does someone have a admin securing contrib that doesnt use the PHP_AUTH_USER session vars? john [email protected] Quote Link to comment Share on other sites More sharing options...
ka0osk Posted January 27, 2006 Share Posted January 27, 2006 I just started having this problem --- I didnt change a thing, so I am assuming it has somthing to do with my provider changing something. They changed permissions on several dirs on my a few months ago out of the blue, but this thing has me baffled!!!! Does someone have a admin securing contrib that doesnt use the PHP_AUTH_USER session vars?john [email protected] :thumbsup: Replying to my own message! I bitched to my provider and they admitted that they had changed over to cgi in the last few day.... AH HAH! They made a few changes and recompiled Apache and now it works just fine! John ka0osk :lol: :lol: :lol: :lol: :lol: :lol: <_< Quote Link to comment Share on other sites More sharing options...
ka0osk Posted January 27, 2006 Share Posted January 27, 2006 :thumbsup: Replying to my own message! I bitched to my provider and they admitted that they had changed over to cgi in the last few day.... AH HAH! They made a few changes and recompiled Apache and now it works just fine! John ka0osk :lol: :lol: :lol: :lol: :lol: :lol: <_< Again replying to myself.... here is the explaination I got from my provider: If Apache is compiled with the option -DSECURITY_HOLE_PASS_AUTHORIZATION, then it will pass the User/Pass Auth data to a CGI application through the HTTP_AUTHORIZATION header (eg, in FastCGI, -pass-header HTTP_AUTHORIZATION). By Default, the User/Pass data is not passed with the HTTP_AUTHORIZATION header. Technically this is viewed as a potential security violation, but on our system, all Authentication would be handled either by .htpasswd or internal PHP Code (eg PHP controls it). No System User information is passed in the clear, and hence its really not a security violation. On systems that utilize other mod_auth modules, then perhaps it could be (eg , LDAP or PAM ), but in general, these are special circumstances and generally not available in Shared hosting environments. ....... I hope that helps those that are having the same probs as me! John ka0osk :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.