Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security issue with admin directory


Synodontis

Recommended Posts

I have renamed my admin directory as recomended,

I changed

 

define('DIR_WS_ADMIN', '/renamed_admin_directory/');

define('DIR_FS_ADMIN', '/your/path/to/directory/renamed_admin_directory/');

 

Then I get

Not Found

The requested URL /shop/admin/login.php was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I realize I probably missed a necassary change somewhere but I am unsure as to where.

Help is greatly appreciated as I am new to OSCommerce.

 

I do apologize if this has already been covered but I could not find the solution.

 

Thanks

Gary

Link to comment
Share on other sites

In the includes FOLDER (catalog and admin) where the normal configure.php files are there is a FOLDER named local

 

On some installs there may be a configure.php inside the local FOLDER (catalog and admin)

 

If there is, anything in it overrides anything in the normal configure.php files.

 

Also be sure the config file on the server says what YOU THINK it says.

 

If you edit the config file locally then FTP to the server file permissions on the server may prevent the new one from overwriting the old one.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Thanks Germ for the response.

I have found what I believe to be the local folder that you mentipned but there is only a text file in them no php files.

 

This is what it says,

 

This directory contains local configuration information.

 

It also must contain a file named configure.php that can be used to override

the defaults set in application_top.php

 

Remember to execute PHP commands the file needs to start with <?php and end with ?>

 

So if I understand correctly there should be nothing over riding the code?

 

<?php

define('HTTP_SERVER', 'http://totalspiritfitness.ca');

define('HTTP_CATALOG_SERVER', 'http://totalspiritfitness.ca');

define('HTTPS_CATALOG_SERVER', 'https://totalspiritfitness.ca');

define('ENABLE_SSL_CATALOG', false);

define('DIR_FS_DOCUMENT_ROOT', '/home/tsf/public_html/shop/');

define('DIR_WS_ADMIN', '/shop/vinyasad/');

define('DIR_FS_ADMIN', '/home/tsf/public_html/shop/vinyasad/');

define('DIR_WS_CATALOG', '/shop/');

define('DIR_FS_CATALOG', '/home/tsf/public_html/shop/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

define('DB_SERVER', 'localhost');

define('DB_SERVER_USERNAME', *****');

define('DB_SERVER_PASSWORD', '*********');

define('DB_DATABASE', **********');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

?>

 

Thanks again,

Gary

Link to comment
Share on other sites

You get the error because the folder shop/vinyasad isn't on the server.

 

You must have renamed the admin to something else.

 

Keep in mind that file names are case-sensitive in UNIX.

 

shop/vinyasad isn't the same as shop/Vinyasad

 

And you shouldn't have posted your DB credentials.

 

Hackers love that...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Too late for you to change.

 

Try sending a PM to Jan Zonjee

 

Ask him if he'll change for you.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Probably in phpMyAdmin in your cPanel.

 

If you can't find it you should ask your host.

 

Remember if you change anything you have to update the config files (catalog and admin) to reflect the changes.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...