Jump to content

Archived

This topic is now archived and is closed to further replies.

INFLICT

HTTP Authentication Admin tool

Recommended Posts

  • Can someone please point me to a post about this or just tell me how to get this authentication set up. I can't find this anywhere on the site and I'm getting the error:
     
    HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access.
     
     
     
    In addition I have the catalog/ext directory publicly accessible how do I fix that? I tried putting an .htaccess file in that directory with an .htpassword file but they didn't work.
  • I would appreciata a link to this or an answer I've already searched and couldn't find these are errors from the security checks in the admin menu > tools directory

  • Thanks in advance, regards
     
    Robert.

Share this post


Link to post
Share on other sites

@@INFLICT

 

You can setup htaccess layer on admin panel -> configuration -> administrators

 

The ext directory need for payment modules jquery and other scripts, css. Set up chmod to 644 for ext files.


:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Share this post


Link to post
Share on other sites

I tried what is on the administrators page (admin panel -> configuration -> administrators) and I got locked out of the admin panel. I didn't find the text in the .htaccess file, and I deleted the .htpasswd_oscommerce files, as per instructions. That's when I got locked out! It required a user name/password that I was unfamiliar with. (At least I don't remember setting up a special user name/password for it.) I tried the one I set up for the admin panel, but it didn't work.

I'm a newbie to OSC, and never ran across this type of problem with other shopping carts. Did I do something wrong (obviously) or please tell me what the user name/password is referring to?

Share this post


Link to post
Share on other sites

try to login with another web browser.


:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Share this post


Link to post
Share on other sites

Huh??? Why would I have to do that? Is that supposed to happen in the first place, or is it an isolated incident? I don't even know what "HTTP Authentication" is or does. Why do I have to delete the ".htpasswd_oscommerce" file in the first place? If it is going to cause me to have to delete everything and then re-install the shopping cart (again), I would rather live with the error. Please give me a solution to the problem...not some 'work around' idea such as log in with a different browser. That doesn't solve the problem!!!

Share this post


Link to post
Share on other sites

Huh??? Why would I have to do that? Is that supposed to happen in the first place, or is it an isolated incident? I don't even know what "HTTP Authentication" is or does. Why do I have to delete the ".htpasswd_oscommerce" file in the first place? If it is going to cause me to have to delete everything and then re-install the shopping cart (again), I would rather live with the error. Please give me a solution to the problem...not some 'work around' idea such as log in with a different browser. That doesn't solve the problem!!!

Now there is always a reason in this case I guess being if your browser has cached or stored cookies for the admin log in you may be seeing an old page that is why it would have been interesting to try with a different browser not a work around but  a TEST!!!

 

Now I do not think it says anywhere to delete either your admin .htaccess or your .htpasswd_oscommerce  the content from the htpassd but not the file!!

 

What you should do is open the file admin/(.htpasswd_oscommerce ) and make sure it is empty if you have already deleted upload a fresh copy

 

Did you at any time set up password protection from your host control panel this is not the admin but in your control panel ?

 

Now if all else fails you will have to empty truncate your administrators  and sessions table in the database (phpmyadmin) this way you can start again and will be asked  on reaching your admin log in  to create a new administrator .

 

But try simply uploading a fresh copy of the x 2  files

 

Regards

Joli


To improve is to change; to be perfect is to change often.

 

Share this post


Link to post
Share on other sites

Now I do not think it says anywhere to delete either your admin .htaccess or your .htpasswd_oscommerce  the content from the htpassd but not the file!!

Regards

Joli

"2. Delete this file:

 

/hsphere/local/home/c364859/store.earthdogpromotions.com/admin/.htpasswd_oscommerce"

That is an exact quote from the administrators page (admin panel -> configuration -> administrators), after telling me to make sure that some text was not in the .htaccess file. If so delete it. (The text was not in the .htaccess file.)

I reinstalled the shopping cart this morning. I didn't notice the part underneath those instructions. I clicked on the "Edit" button and was prompted to make a new password. I did so, and the same popup (as yesterday) requesting a user name/password. I put in my user name & the password I just created and successively logged back into my admin panel.

Now I get the following message:

"Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is additionally secured through htaccess/htpasswd means."

 

I am still getting the "admin_http_authentication" message (in Security check) as well as "ext_directory_listing"

Maybe someone can explain what "The /ext/ directory is publicly accessible and/or browsable - please disable directory listing for this directory in your web server configuration." means.

 

I do appreciate the timely response that everyone is giving me with this/these problems!!! Thank you very much!

 

Les Miller

Share this post


Link to post
Share on other sites

@@earthdog  Apparently you didn't read the sentence above the part that you quoted:

 

 

Please note, if this additional security layer is enabled and you can no longer access the Administration Tool, please make the following changes and consult your hosting provider to enable htaccess/htpasswd protection:

 

You only need to perform those actions if you have been locked out of your Admin. This rarely happens. You need to restore those two files from your backup, or from a fresh copy of osCommerce. In the latter case you will also need to set up the Admin protection again.

 

You are getting the "directory accessible" message because your server is set up to deliver a listing of all files in a directory if there is no default file in that directory. This is a huge security risk. You should be able to change this setting in your host's control panel. Ask your host for help if you can't figure this out.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

I had the same problem and when you change the version of php from 5.3 to 5.4 from the panel hosting was corrected alone.

regards

Share this post


Link to post
Share on other sites

×