Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Secure Admin Login - Logout


dailce

Recommended Posts

Im not getting any error that pops up or anything, all it does when I type in the username and password is a page refresh. Any ideas? I followed all the directions carefully.

 

I had this working, moved everything to a new server and got the same problem as you. Solved it by deleting the users/passwords and applied the sql script to add the users/passwords again.

Link to comment
Share on other sites

  • 2 months later...
  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

  • 1 month later...

Well, I tried this add-on for a third time. Its finally working BUT, now I have another issue. All my menus in the admin section look like this:

 

BOX_HEADING_CONFIGURATION

BOX_HEADING_CONFIGURATION

BOX_CONFIGURATION_MYSTORE, BOX_CONFIGURATION_LOGGING, BOX_CONFIGURATION_CACHE

 

BOX_HEADING_MODULES

BOX_HEADING_MODULES

BOX_MODULES_PAYMENT, BOX_MODULES_SHIPPING

BOX_HEADING_CATALOG

BOX_HEADING_CATALOG

Contents, BOX_CATALOG_MANUFACTURERS

 

BOX_HEADING_VENDOR_MODULES

BOX_HEADING_VENDOR_MODULES

BOX_HEADING_VENDORS, BOX_VENDORS_REPORTS_PROD, BOX_VENDORS_ORDERS

BOX_HEADING_LOCATION_AND_TAXES

BOX_HEADING_LOCATION_AND_TAXES

BOX_TAXES_COUNTRIES, BOX_TAXES_GEO_ZONES

 

BOX_HEADING_CUSTOMERS

BOX_HEADING_CUSTOMERS

BOX_CUSTOMERS_CUSTOMERS, BOX_CUSTOMERS_ORDERS

BOX_HEADING_LOCALIZATION

BOX_HEADING_LOCALIZATION

BOX_LOCALIZATION_CURRENCIES, BOX_LOCALIZATION_LANGUAGES

 

BOX_HEADING_REPORTS

BOX_HEADING_REPORTS

Products, Orders

BOX_HEADING_TOOLS

BOX_HEADING_TOOLS

Backup, Banners, Files

 

I have checked, re-checked, re-re-checked, etc., for about 6 times and checked some more, but can't find out the problem. Any suggestions would be greatly appreciated.

 

TIA

Link to comment
Share on other sites

  • 1 month later...

UPDATED: 20-Jan-2008

http://addons.oscommerce.com/info/4121

This is a Complete Package.

 

Merged the Admin Login Mgt contributions, cleaned-up code, re-wrote the install instructions and tested on a clean install running on PHP5/MySQL5/PHP5 with register_globals=off.

 

All credit to the original contributors. Please post questions in this support thread.

 

Regards,

EricK

Link to comment
Share on other sites

Has anyone figured out this problem yet? I have followed instructions perfectly... My database sql has been done and i know this was working as i had it there already from my previous installation which worked first time...

 

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'mysql'@'localhost' (using password: NO) in /home/xxxxxx/xxxxxxx/admin/includes/functions/database.php on line 19

Unable to connect to database server!

 

 

just checking to see if you fixed your problem! You should look to make sure you have your db login information in the configure.php file in the include/ directory and not only in the includes/local/ directory. I have actually found a couple of contributions that have included only the configure.php in the includes/ directory instead of the common process of using application_top.php to have them included.. if you have such a script it may not be picking up your information.

 

For anyone else out there having the issue as follows, I would take the same advice as above and check this out... I had this problem and the above was actually the issue after a little digging.

Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /files/home2/frankknighton/catalog/admin/includes/functions/database.php on line 19

Unable to connect to database server!

 

Posting a reply to such an old post I know, but I couldn't find an answer to the above issue my self at first so figured out myself... maybe someone else will find this helpful even though I'm sure there are many other reasons this could happen!

 

Cheers,

Mark

Link to comment
Share on other sites

UPDATED: 20-Jan-2008

http://addons.oscommerce.com/info/4121

This is a Complete Package.

 

Merged the Admin Login Mgt contributions, cleaned-up code, re-wrote the install instructions and tested on a clean install running on PHP5/MySQL5/PHP5 with register_globals=off.

 

All credit to the original contributors. Please post questions in this support thread.

 

Regards,

EricK

 

Eric:

 

I test your contribution (modification) and works fine, but I have only one problem.

When I try to use "Admin Login Mgt." on Tools doesn't works; I try to change or add a new admin, and a message appears saying...

 

Error: You cannot have a blank Admin Username

 

This error appears too when I try to change admin password.

 

Did you had this kind of errors when you tested?

 

Thanks

 

Note: I try this on my machine (localhost), with apache, PHP 5 and MySQL 5 with (XAMPP).

Christian Mauro

ITIL Foundation Certified

Link to comment
Share on other sites

Eric:

 

I test your contribution (modification) and works fine, but I have only one problem.

When I try to use "Admin Login Mgt." on Tools doesn't works; I try to change or add a new admin, and a message appears saying...

 

Error: You cannot have a blank Admin Username

 

This error appears too when I try to change admin password.

 

Did you had this kind of errors when you tested?

 

Thanks

 

Note: I try this on my machine (localhost), with apache, PHP 5 and MySQL 5 with (XAMPP).

 

I get the exact same problem on a test server and live server.

Link to comment
Share on other sites

I test your contribution (modification) and works fine, but I have only one problem.
When I try to use "Admin Login Mgt." on Tools doesn't works; I try to change or add a new admin, and a message appears saying...

Error: You cannot have a blank Admin Username

This error appears too when I try to change admin password.

Thanks for the feedback, yes I see the Login page works great, but the Admin Login Mgt. page has javascript form validation problems. I will take a look. Please feel free to make changes and post your results.

 

Regards,

EricK

Link to comment
Share on other sites

I have same problem login and out work great but cant edit users.

 

And top of page shows as:

 

Administration | HEADER_LOGOFF Support Site | Online Catalog | Administration

 

Hope you get it sorted soon, would really like to keep this contribution.

 

Thanks

 

George

Link to comment
Share on other sites

I have same problem login and out work great but cant edit users.

 

And top of page shows as:

 

Administration | HEADER_LOGOFF Support Site | Online Catalog | Administration

 

Hope you get it sorted soon, would really like to keep this contribution.

 

Thanks

 

George

 

Gerge,

 

To solve this issue, verify the file on /"admin folder"/includes/languages/english.php or the language that you are currently use; you add 3 lines in this contribution:

 

define('HEADER_TITLE_LOGOFF', 'Log Off');

define('BOX_TOOLS_ADMIN_SECURITY','Admin Login Mgt.');

define('HEADER_TITLE_ADMIN_SECURITY','Administration Login Management');

 

The first is your question.

 

Then check /"admin folder"/includes/header.php and search for this paragrahp:

 

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a>  |  <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '" class="headerLink">' . HEADER_LOGOFF . '</a>'; ?>  </td>

 

At the end you will find the error. On english.php is define HEADER_TITTLE_LOGOFF but on header.php was define by HEADER_LOGOFF.

 

You have to modify one of the two files and the words must be the same.

 

Sorry by my english, is not my native language.

 

Regards

Christian Mauro

ITIL Foundation Certified

Link to comment
Share on other sites

Hello people,

 

I’ve installed the contribute but experiencing some problems.

When I load the admin site it gives the following problem;

Notice: Use of undefined constant HTML_PARAMS - assumed 'HTML_PARAMS' in D:\xxxx\xxxx\xxxx\xxxx\catalog\admin\login.php on line 5

HTML_PARAMS>

I can solve it by removing it, but what does it do?

 

And when I want to login, it refers me to http://webshop.mysite.net/catalog/admin/ca...LoginAction.php

The settings in admin configure are as follows; define('DIR_WS_ADMIN', 'catalog/admin/');

 

Can someone help me?

 

Thanks.

Edited by Xchange
Link to comment
Share on other sites

  • 2 weeks later...
Hello people,

 

I’ve installed the contribute but experiencing some problems.

When I load the admin site it gives the following problem;

Notice: Use of undefined constant HTML_PARAMS - assumed 'HTML_PARAMS' in D:\xxxx\xxxx\xxxx\xxxx\catalog\admin\login.php on line 5

HTML_PARAMS>

I can solve it by removing it, but what does it do?

 

And when I want to login, it refers me to http://webshop.mysite.net/catalog/admin/ca...LoginAction.php

The settings in admin configure are as follows; define('DIR_WS_ADMIN', 'catalog/admin/');

 

Can someone help me?

 

Thanks.

 

Hi,

 

First, I think that it seems to be linked to localhost, you posted D:\xxx\xxxx....?? Please, review your file code. And I don't understand well your another question about the login page. Please, post with more details.

I have a question... Did you migrate your store from local to live server?

 

Regards

 

Christian

Christian Mauro

ITIL Foundation Certified

Link to comment
Share on other sites

  • 3 weeks later...

Hi Eric, I just installed the newest (Jan. 08) version of your contrib and having problems getting past the login. I did some testing and know for sure that it's validating the username/password because I checked the sGUID field. The following definitions are in the admin/includes/configure.php file:

 

  define('HTTP_SERVER', 'http://localhost');
 define('HTTPS_SERVER', 'http://localhost'); 
 define('HTTP_CATALOG_SERVER', 'http://localhost');
 define('HTTPS_CATALOG_SERVER', 'http://localhost');
 define('DIR_WS_ADMIN', '/mysite/catalog/admin/');

This is on my test apache server. I've checked and double and triple checked the changes I made as per instructions. Any clues where to look next?

Link to comment
Share on other sites

  • 2 weeks later...

Problems with logging in. I error pop-up window after I enter ID and PW: ERROR: wrong user name or password. I have tried doing this very slow so as not to mistype my password. I went back into phpMyAdmin to remove table and start over. Still same error.

 

But I did notice there are two tables in DB:

 

administrator

administrators

 

Would that be a problem? Not sure if administrators was added from a previous mod or not.

 

Also in your instructions for admin/includes/configure.php here is your code for the first change:

 

 

 

define('HTTP_SERVER', 'https://secure.yourdomain.com/yoursite/');

 

I assume /yoursite/ is admin. Am I right?

 

I even tried this mod using admin/includes/.htaccess and also without the .htaccess file.

 

Any ideas anyone?

 

NOTE: My store in the root directory - domain-name/admin

 

Thanks.

 

blr044

Edited by blr044
Link to comment
Share on other sites

  • 2 weeks later...

I get to the login screen and I get

 

error wrong username or password in a nice text box after putting in my correct details.

 

I have tried every variation mentioned that everyone has tried and still nothing. Its as if there is a problem with the loginaction.php.

 

Can this file be rewritten please to include debug lines so that every step of the code can be tested as it seems the new php versions are not compatible with older code. Or add some hard coding lines that reflect specific test data.

 

eg a line that tests for username1/ pwone in the administrator database so that we can see it is connecting and getting that far etc. These lines can then be removed on it successfully working.

Link to comment
Share on other sites

  • 2 weeks later...

Matthew: try using phpMyAdmin to edit the administrators table (NOT administrator), and manually insert or edit the sName and sPassword.

 

Bennett: try the above on administrators table (NOT administrator), and in the instructions, /yoursite/ is /catalog/ in a default osc install, not /admin/.

 

Regards,

EricK

Link to comment
Share on other sites

  • 2 weeks later...

Hello,

 

I have some Problem (sorry for my English):

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /var/www/htdocs/****/html/admin/LoginAction.php on line 24

 

Warning: Cannot modify header information - headers already sent by (output started at /var/www/htdocs/****/html/admin/LoginAction.php:24) in /var/www/htdocs/****/html/admin/LoginAction.php on line 29

 

Warning: Cannot modify header information - headers already sent by (output started at /var/www/htdocs/****/html/admin/LoginAction.php:24) in /var/www/htdocs/****/html/admin/LoginAction.php on line 31

 

When I install the Admin-Manager komplete with osc then the Bug is comming (e.g. Servertransfer).

 

regards

luckyduke

Link to comment
Share on other sites

  • 2 weeks later...

Okay I'm more than a little curious. Is ANYBODY actually using this contrib? It seems that there are unresolved problems here. If this doesn't work, Please let people know before they download and effectively shut down business while they work hard at trying to get it to work or kill it!!

 

I'm also in this situation. I've finally got it to allow me to login and get my admin screen. But cannot get any further. Have to re-login get admin screen again, re-login get admin screen again., etc, etc, etc.

 

I get the following error log results:

https://protected.fatcow.com/arizon8/<anyfile>
PHP Fatal error: main() [<a href='function.require'>function.require</a>]: Failed opening required 'includes/boxes/whats_new.php' (include_path='.:/usr/local/lib/php-4.4.7/lib/php') in /hermes/web06/b2749/moo.arizon8/oscommerce/admin/includes/column_left.php on line 25
PHP Warning: main(includes/boxes/whats_new.php) [<a href='function.main'>function.main</a>]: failed to open stream: No such file or directory in /hermes/web06/b2749/moo.arizon8/oscommerce/admin/includes/column_left.php on line 25
PHP Warning: main() [<a href='function.include'>function.include</a>]: Failed opening 'includes/boxes/manufacturers.php' for inclusion (include_path='.:/usr/local/lib/php-4.4.7/lib/php') in /hermes/web06/b2749/moo.arizon8/oscommerce/admin/includes/column_left.php on line 22
PHP Warning: main(includes/boxes/manufacturers.php) [<a href='function.main'>function.main</a>]: failed to open stream: No such file or directory in /hermes/web06/b2749/moo.arizon8/oscommerce/admin/includes/column_left.php on line 22
href='function.include'>function.include</a>]: Failed opening 'includes/boxes/categories.php' for inclusion (include_path='.:/usr/local/lib/php-4.4.7/lib/php') in /hermes/web06/b2749/moo.arizon8/oscommerce/admin/includes/column_left.php on line 16
PHP Warning: main(includes/boxes/categories.php) [<a href='function.main'>function.main</a>]: failed to open stream: No such file or directory in /hermes/web06/b2749/moo.arizon8/oscommerce/admin/includes/column_left.php on line 16

 

Also what's with the advise about this?

 

"But I did notice there are two tables in DB:

 

administrator

administrators

 

Eric you said, I believe to use the database table "administrators" while the sql upload specifically said to establish a database called "administrator".

 

Anyway, please someone tell me if they actually have this working. If you do, do you have the answer to the problem above?

 

Thanks much,

Larry

Link to comment
Share on other sites

Larry,

 

I don't think your error logs relate to this contribution.

 

The sql instructions are correct, it creates a new table named administrator, not administrators as I posted above.

 

I do not use the admin_security.php feature, instead change the admin user/pw by running a sql statement, changing username01 and user01pw to your actual username/password.

 

INSERT INTO `administrator` VALUES (1, 'username01', password('user01pw'), NULL, NULL);

INSERT INTO `administrator` VALUES (2, 'username02', password('user02pw'), NULL, NULL);

 

It works for me on several flavors of linux, but I have not installed it locally or on a windows server.

 

Regards,

EricK

Link to comment
Share on other sites

I just installed this contribution. I have followed the instructions very cafeully and read over this support thread already. However, when I am logging in, I am constantly getting redirected back to the login page..

 

What is the problem?

 

Someone please help

Link to comment
Share on other sites

Eric,

 

Thank you very much for your response. I'm extremely glad this mod actually works!

 

Yes, I appended the wrong errorlogs. Indeed another problem. Here is the error code for this problem.

 

PHP Fatal error:  main() [<a href='function.require'>function.require</a>]: Failed opening required 'incSession.php' (include_path='.:/usr/local/lib/php-4.4.7/lib/php') in //catalog/oscommerce/includes/application_top.php on line 65

 

I still cannot get through the re-login process!

 

I'm sure that this is the exactly same problem everyone else is experiencing!

 

A clear, simple remedy would be most appreciated!

 

Thanks again,

Larry

Link to comment
Share on other sites

I am having the same problems as earlier on version MS2.2

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/thangtho/public_html/shop/admin/LoginAction.php on line 24

 

Warning: Cannot modify header information - headers already sent by (output started at /home/thangtho/public_html/shop/admin/LoginAction.php:24) in /home/thangtho/public_html/shop/admin/LoginAction.php on line 29

 

Warning: Cannot modify header information - headers already sent by (output started at /home/thangtho/public_html/shop/admin/LoginAction.php:24) in /home/thangtho/public_html/shop/admin/LoginAction.php on line 31

 

Double checked all my code and sql statement runs fine.....

 

 

What is the problem here... anyone know??

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...