Jump to content
Sign in to follow this  
dailce

[Contribution] Secure Admin Login - Logout

Recommended Posts

Hi All,

Does this contribution work for Windows Server? I haevn't installed the contribution but I see it uses .htaccess, which I suppose doesn't work for Windows Server?

 

cheers

Nirvana

 

 

I also have this error!!! PLEASE HELP

Share this post


Link to post
Share on other sites
First class contribution.

 

I am making progress however I now get this error when I try to logon:

 

Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /files/home2/frankknighton/catalog/admin/includes/functions/database.php on line 19

Unable to connect to database server!

 

Any ideas?

Thanks

 

Actually I meant this one :(

 

Christ, I'm lost.

Share this post


Link to post
Share on other sites
Hello,

 

I have tried installing this contrib several times. I get the login page, login, get the administration page, click on anything, and get the login page again, again, again, again..............................

 

Any ideas?

 

TIA

 

I'm also having this problem, any ideas anyone?

Share this post


Link to post
Share on other sites

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in .../OSCommerce/catalog/admin/LoginAction.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at .../OSCommerce/catalog/admin/LoginAction.php:19) in .../OSCommerce/catalog/admin/LoginAction.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at .../OSCommerce/catalog/admin/LoginAction.php:19) in .../OSCommerce/catalog/admin/LoginAction.php on line 26

 

I too am getting these errors.....and really some help would be greatly appreciated since this means that unless we uninstall the contribution we can't get into our admin....which means we can't run our stores... :o

Share this post


Link to post
Share on other sites

ok I don't know if it's just me or not but it doesn't seem that anyone who was involved in the writing of this contribution has posted in this thread for about a month....I'm guessing we may be on our own with these problems. :'(

Share this post


Link to post
Share on other sites

In a local installation the problem doesn't exist and in the remote installation ir redirects constantly to loginaction.php .

 

I think the problem is all about sessions, because the file incsession.php tests the session ID.

Share this post


Link to post
Share on other sites

ok....now all we have to do is figure out what to change and how. I'm hoping that someone who knows more about php and contributions might have a look at this contribution and help us to fix these problems soon. :huh:

Share this post


Link to post
Share on other sites

OMFG

i cant say how much this issue suxxors...

 

1.

I get dozens of sessions error - slowly requognizing those are due to some php changes and only turning off error report fix those.

 

2.

I search and search till i found out why there is no ADMIN LOGIN ON DEFAULT - this is so wht of a joke...

Why doesnt the install doc tells us about this CURIOSITY?

 

3.

After seeing i cant psw my folders cause my cpanel doesnt support this i found a HACK solution - now still i cant get it running ... if was CAO FAKTURA optimized for OSC i wouldnt use this hall software (even ZEN and the rest its just the unlogical piece of software thr is...).

 

4.

Plz some1 make a logic free onlien shop working with faktura.

 

5.

Sorry for my behaviour its just timetaking and seeing the so calle dsupport for a product which doesnt changed on the basic issues over years (yes i use till the begin...)

Anyway in the last its a server thing - but a logic software would use logic solutions and htaccess psw admin area isnt!

And its not even documented LOL - oh and try to search for soem of the above issues.

 

OMG

put mega roll eyes

Share this post


Link to post
Share on other sites
Contribution Support for Secure Admin Login - Logout:

 

http://www.oscommerce.com/community/contributions,4121

 

I have installed the Secure Admin Login - Logout contribution and updated mySQL. When I go to Admin it does not ask for a Login. I can Logout and then Login using the usernames and passwords I added to mySQL. Is there something that I missed in the setup that is preventing the Login requirement? There is still a .htaccess file in the Admin directory.

Edited by drhurd

Share this post


Link to post
Share on other sites

I tried to install and I get this error

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/beachgla/public_html/catalog/admin/LoginAction.php on line 21

Warning: Cannot modify header information - headers already sent by (output started at /home/beachgla/public_html/catalog/admin/LoginAction.php:21) in /home/beachgla/public_html/catalog/admin/LoginAction.php on line 26

Warning: Cannot modify header information - headers already sent by (output started at /home/beachgla/public_html/catalog/admin/LoginAction.php:21) in /home/beachgla/public_html/catalog/admin/LoginAction.php on line 28

 

My LoginAction.php is below, line 21,26, and 28 are noted

<?php
// Include application configuration parameters
 require('includes/configure.php');
// include the database functions
 require(DIR_WS_FUNCTIONS . 'database.php');
// make a connection to the database... now
 tep_db_connect() or die('Unable to connect to database server!');
//  $psName=$_POST['psName'];
//  $psPassword=$_POST['psPassword'];
// Check if the information has been filled in
if(($psName == "") || ($psPassword == "")) {
// No login information
header('Location: ' . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'login.php?refer='.urlencode($psRefer));
} else {
// Authenticate user
$psName = addslashes($psName);
$psPassword = addslashes($psPassword);
$sQuery = "SELECT ID, MD5(UNIX_TIMESTAMP() + ID + RAND(UNIX_TIMESTAMP())), sGUID FROM administrator WHERE (sName = '$psName') AND (sPassword = password('$psPassword'))";
$hResult = mysql_query($sQuery);
if(mysql_affected_rows()) {
$aResult = mysql_fetch_row($hResult); //L I N E  2 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
// Update the user record
$sQuery = "UPDATE administrator SET sGUID = '" . addslashes($aResult[1]) . "' WHERE ID = '" . addslashes($aResult[0]) . "'";
mysql_query($sQuery);
// Set the cookie and redirect
setcookie("session_id", $aResult[1]); //L I N E  2 6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
if(!$psRefer) $psRefer = HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'index.php';
header('Location: ' . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'index.php'); //L I N E  2 8 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
} else {
// Not authenticated
header('Location: ' . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'login.php?refer='.urlencode($psRefer));
}
}
?>

 

Help...Please


Eddie Schnell

Custom PC Builder

If you dare, take my advice. But make sure you back up TWICE before.

Share this post


Link to post
Share on other sites

This seems very difficult and doesn't seem to have any support... What about the MAMBO fix, did anyone try this and what were the results...???

 

SKEE

Share this post


Link to post
Share on other sites
This seems very difficult and doesn't seem to have any support... What about the MAMBO fix, did anyone try this and what were the results...???

 

SKEE

 

My issue is that after doing all the steps below i go into my login screen and enter my username/password it just kicks me back into loginaction.php. I have tried everything from reinstalling osc to redoing everything.

Let me know if anyone has any new ideas

 

Ok these are the steps i had taken before. And after all these steps i had to revert all the changes and i was able to get into the admin screen. As far as ssl i have not set it up yet and i am on a windows server and in my php.ini registerglobals is on.

 

i edited the "secure_administrator.sql"

 

CREATE TABLE `administrator` (

`ID` int(10) unsigned NOT NULL auto_increment,

`sName` varchar(255) NOT NULL default '',

`sPassword` varchar(255) NOT NULL default '',

`sGUID` varchar(32) default NULL,

`sData` text,

PRIMARY KEY (`ID`)

) TYPE=MyISAM AUTO_INCREMENT=3 ;

 

INSERT INTO `administrator` VALUES (1, 'myusernamehere1', password('mypwhere1'), NULL, NULL);

INSERT INTO `administrator` VALUES (2, 'myusernamehere2', password('mypwhere2'), NULL, NULL);

 

then I pasted it all into SQL window to install and had no errors.

 

ok

 

I uploaded these files

 

/admin/incSession.php

/admin/login.php

/admin/LoginAction.php

/admin/logoff.php

 

Edited the following file: /admin/LoginAction.php

 

At Around line 6 you will found the following code:

 

// make a connection to the database... now

tep_db_connect() or die('Unable to connect to database server!');

 

 

just after that i pasted the following code

 

$psName=$_POST['psName'];

$psPassword=$_POST['psPassword'];

 

ok

 

then I Edited : /admin/includes/application_top.php

 

Around line 60 you will find the following code:

 

// include the database functions

require(DIR_WS_FUNCTIONS . 'database.php');

 

// make a connection to the database... now

tep_db_connect() or die('Unable to connect to database server!');

 

and under that you added these 2 lines just below that:

 

I added these 2 lines on lines 62 and 63

 

// Define the admin login module

require('incSession.php');

 

OK

 

then i edited: /admin/includes/header.php

around line 24 i replaced my code from

 

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a>  |  <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?>  </td>

 

to this

 

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a>  |  <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '" class="headerLink">' . HEADER_LOGOFF . '</a>'; ?>  </td>

 

ok

 

then i edited: admin/index.php

 

Around line 101 i found the following code:

 

<td align="right" class="text" nowrap><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . HEADER_TITLE_ADMINISTRATION . '</a>  |  <a href="' . tep_catalog_href_link() . '">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="http://www.oscommerce.com" target="_blank">' . HEADER_TITLE_SUPPORT_SITE . '</a>'; ?>  </td>

 

and replaced the code with

 

<td align="right" class="text" nowrap><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . HEADER_TITLE_ADMINISTRATION . '</a>  |  <a href="' . tep_catalog_href_link() . '">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="http://www.oscommerce.com" target="_blank">' . HEADER_TITLE_SUPPORT_SITE . '</a> |  <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '" class="headerLink">' . HEADER_LOGOFF . '</a>'; ?>  </td>

 

ok

 

then i Edited: /admin/includes/filenames.php

 

and added these 2 lines to the code at the begining on lines 14 and 15

 

define('FILENAME_LOGIN', 'login.php');

define('FILENAME_LOGOFF', 'logoff.php');

 

ok

 

Then i edited: /admin/includes/languages/english.php

 

then at line 51 and 52 add this line

 

// added for security

define('HEADER_LOGOFF', 'Log Off');

 

ok

 

If i have missed a step please let me know but after doing all these changes i was still unable to login. Like i said above i was unable to login it would kick me back to LoginAction.php. I removed everything and I am able to get to my admin module.

 

thanks ahead of time

Share this post


Link to post
Share on other sites

I am on a Windoze server with shared SSl. When I log-in I get the admin screen but whatever I clicked, I would be returned to log-in - problem, Log-in was in SSL and my admin was not, so I simply changed all references of HTTPS_CATALOG_SERVER with HTTP_CATALOG_SERVER in incSession, login, LoginAction, logoff now all works fine.

Share this post


Link to post
Share on other sites

update to previous reply. Having admin without SSl is a tad dangerous so I found and used the Force Secure Admin Pages contribution and reset all occurences of HTTP_CATALOG_SERVER back to their default HTTPS_CATALOG_SERVER. Now admin is in SSL and works after log-in. hope this helps, bumping my head in the dark gives me a headache!

Share this post


Link to post
Share on other sites

I seemed to have had a problem with this as well, but it seems that it just diedm seeing how the author never came back and helped anyone.

 

For all it's worth though I keep getting this error when I log on:

 

The requested URL .../.../.../HTTP_CATALOG_SERVERDIR_WS_ADMINLoginAction.php was not found on this server.

 

Before I took the S's out of the HTTPS, it wasn't even connecting to the server.

Share this post


Link to post
Share on other sites
Fixed it!

 

For any one who has the same problem change the

 

define('DIR_WS_ADMIN', '/admin/');

 

in /admin/includes/configure.php to below;

 

define('DIR_WS_ADMIN', '/catalog/admin/');

Hi I have a really dumb question,,,

i edited the file secure_administrator.sql but where do i upload that file or how do i install it??,,, i go into the login page and once i type the username and password it just reloads i think it's because i haven't uploaded that .sql file can someone help please.

Share this post


Link to post
Share on other sites
Hello,

 

I have tried installing this contrib several times. I get the login page, login, get the administration page, click on anything, and get the login page again, again, again, again..............................

 

Any ideas?

 

TIA

I have been having the same problem. The session variable is not getting passed correctly. I have fixed this in a client's store in these files:

 

catalog/admin/customers.php

catalog/admin/orders.php

catalog/admin/categories.php

 

This is what I did -- I am doing this on a heavily modded store so line numbers may be totally inaccurate for your store.

_________________________________________________________________
catalog/admin/customers.php
around line 885, after:
<td class="smallText" align="right"><?php echo HEADING_TITLE_SEARCH . ' ' . tep_draw_input_field('search'); ?>

add: 
<input type="hidden" name="osCAdminID" value="<?php echo $_REQUEST['osCAdminID'];?>">

_________________________________________________________________
store/admin/categories.php
Before:
echo '</form>';
around lines 1280 and 1292: 

add:
echo tep_draw_input_field('osCAdminID', $_REQUEST[osCAdminID], '', '', 'hidden');
_________________________________________________________________
store/admin/orders.php

around line 421, before: 
<td class="smallText" align="right"><?php echo HEADING_TITLE_STATUS . ' ' . tep_draw_pull_down_menu('status', 

array_merge(array(array('id' => '', 'text' => TEXT_ALL_ORDERS)), $orders_statuses), '', 'onChange="this.form.submit();"'); ?></td>
		  </form></tr>

add:
<?php echo tep_draw_form('status', FILENAME_ORDERS, '', 'get'); ?>

and at line 423, before </form>, add:
<? echo tep_draw_input_field('osCAdminID', $_REQUEST[osCAdminID], '', '', 'hidden'); ?>

line 429, before </form> add:
<? echo tep_draw_input_field('osCAdminID', $_REQUEST[osCAdminID], '', '', 'hidden'); ?></td>

 

Hope this is helpful.

Share this post


Link to post
Share on other sites

If this does not work:

 

if($_SERVER['SERVER_PORT'] == 80) {
Header("Location: " . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN);
exit;
}

 

 

 

try this:

 

if(getenv('HTTPS') == 'OFF') {
Header("Location: " . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN);
exit;
}

Share this post


Link to post
Share on other sites

This has been working on my site for over a year now, and out of the blue I can no longer log in. As soon as I enter the password, it goes to loginaction.php and just comes up "PAGE CANNOT BE DISPLAYED", no PHP errors or anything. All the files are still on the server, nothing has changed, the rest of the site works fine. If i try to link directly to other files in the admin folder I get the same message. Anyone ever have this problem?

 

Thanks,

Jim

Share this post


Link to post
Share on other sites

I finally got it to work!!!!

 

I was getting an error saying the page was not available.

 

The probem was that I do not use a secure server (HTTPS), but apparently this mod expects you to.

 

Here was my fix:

In the admin\includes\configure.php file you need to add your web address to the HTTPS catalog definition statement, even if you don't use https.

 

define('HTTPS_CATALOG_SERVER', 'http://yoursite.com/');

 

thats it!

 

now I just need to find out where it's calling my logo image...

 

Brian

Share this post


Link to post
Share on other sites

i have implemented all the admin login and logout module. And it logs in successfully and redirects me to admin/index.php page . but on the index page when i click on any link like on orders or customers, then it doesnt redirect me to that page.

 

I mean the page remains index.php. :'(

 

The login code is perfect i have checked all. Please help me :-"

Share this post


Link to post
Share on other sites

I'm finding a very bizarre thing with this contribution. I put it on a few sites, with no problem. Been using it for months. But when I don't go to a site for a while, it stops working until I go back into the db and reset the password. Anyone else noticing this?

Share this post


Link to post
Share on other sites

Has anyone figured out this problem yet? I have followed instructions perfectly... My database sql has been done and i know this was working as i had it there already from my previous installation which worked first time...

 

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'mysql'@'localhost' (using password: NO) in /home/xxxxxx/xxxxxxx/admin/includes/functions/database.php on line 19

Unable to connect to database server!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×