Jump to content

Archived

This topic is now archived and is closed to further replies.

grandpaj

htacess - security

Recommended Posts

Hi

 

I am having great difficulty setting up the security in the admin area. Never had it before

 

Q1

 

Is the following code is needed in htacess. If I leave this in place then my admin area  gets "screwed" If I remove it, alls good.

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####
AuthType Basic
AuthName "osCommerce Online Merchant Administration Tool"
AuthUserFile /home/grandp/public_html/Admin/.htpasswd_oscommerce
Require valid-user
##### OSCOMMERCE ADMIN PROTECTION - END #####

 

Probably a stupid question, but quite important. What should I do

 

Many thanks

 

Grandpa

Share this post


Link to post
Share on other sites

@@grandpaj

 

Hi John,

 

If it screws things up you can remove it but try re-setting the "Secured by htpasswd" for your admin account in "admin->configuration->administrators". This creates a second layer of security for your admin area, better to have than not. There should be a corresponding ".htpasswd_oscommerce" file (along with this ".htaccess" file) that contains an encrypted password. I think this is only applicable on unix/apache servers and not windows/iis servers. When this is set correctly you should get a popup login box when entering your admin area via a web browser.

 

cheers


My Add-ons
Advanced Cache Control Tool for osCommerce 2.3.x (non-bootstrap) Download Support
Ajax Product Listing for osC 2.3.4 (bootstrap) Download Support
Category New Products Carousel for osC 2.3.4 (bootstrap) Download Support
Category Popular Products Carousel for osC 2.3.4 (bootstrap) Download Support
Customer Testimonials for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download Support
Front Page New Products Carousel for osC 2.3.4 (bootstrap) Download Support

Index Nested - Product Listing for osC 2.3.4 (bootstrapDownload Support
Match Categories in Search Results for osCommerce versions 2.3.x (non-bootstrap) Download Support
Modular Category Page for osC 2.3.4 (bootstrap)
Download Support

NEW Australia Post Shipping Modules for osCommerce 2.3.x (non-bootstrap) Download Support
NEW Equal Height Module for osC 2.3.4 (bootstrapDownload Support
Products Low Stock Report for osC 2.3.x (bootstrap and non-bootstrap) Download Support
Twitter Typeahead Autocomplete Search for osCommerce 2.3.4 (bootstrap and non-bootstrap)
Download Support

Upcoming Products Modules for osC 2.3.4 (bootstrap) Download Support

 
Assisted Add-ons
Scroll Boxes for osCommerce 2.3.x (bootstrap and non-bootstrap) Download Support
 
Bootstrap Add-ons created by other members
osCommerce Bootstrap Addons and Code

Share this post


Link to post
Share on other sites

@@auzStar

Hi Dom

 

Thanks for that. I do get the pop up when logging in to the Admin. Also in configuration>administrators I do get a green background with this

 

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is additionally secured through htaccess/htpasswd means.

 

I  was wondering why I needed to delete

 

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####
AuthType Basic
AuthName "osCommerce Online Merchant Administration Tool"
AuthUserFile /home/grandp/public_html/Admin/.htpasswd_oscommerce
Require valid-user
##### OSCOMMERCE ADMIN PROTECTION - END #####

 

I have since taken a look at the GitHub (Gold) download and found that the above is not in the file, so I guess its not needed.

 

Cheers and thanks

 

John

Share this post


Link to post
Share on other sites

@@grandpaj

 

John, a fresh download or install of osC files will not contain that entry. It is added if you enable htpassword protection.

 

The fact that you need to delete these lines indicates that something's not quite right.

Are these files copied from another osC installation/location?

Does the path in this line (after AuthUserFile) "/home/grandp/public_html/Admin/.htpasswd_osCommerce" correspond to your server file system catalog path? (you may need to check with your hosting provider)

 

But you should be able to reset your htpassword. Try removing those lines and the contents of the ".htpasswd_oscommerce" file and reset your admin password with the htpassword security checkbox ticked (you can use current password). This will create new entries in those .ht files. (you need to have write access to those files) (back up first!!!!)

 

cheers


My Add-ons
Advanced Cache Control Tool for osCommerce 2.3.x (non-bootstrap) Download Support
Ajax Product Listing for osC 2.3.4 (bootstrap) Download Support
Category New Products Carousel for osC 2.3.4 (bootstrap) Download Support
Category Popular Products Carousel for osC 2.3.4 (bootstrap) Download Support
Customer Testimonials for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download Support
Front Page New Products Carousel for osC 2.3.4 (bootstrap) Download Support

Index Nested - Product Listing for osC 2.3.4 (bootstrapDownload Support
Match Categories in Search Results for osCommerce versions 2.3.x (non-bootstrap) Download Support
Modular Category Page for osC 2.3.4 (bootstrap)
Download Support

NEW Australia Post Shipping Modules for osCommerce 2.3.x (non-bootstrap) Download Support
NEW Equal Height Module for osC 2.3.4 (bootstrapDownload Support
Products Low Stock Report for osC 2.3.x (bootstrap and non-bootstrap) Download Support
Twitter Typeahead Autocomplete Search for osCommerce 2.3.4 (bootstrap and non-bootstrap)
Download Support

Upcoming Products Modules for osC 2.3.4 (bootstrap) Download Support

 
Assisted Add-ons
Scroll Boxes for osCommerce 2.3.x (bootstrap and non-bootstrap) Download Support
 
Bootstrap Add-ons created by other members
osCommerce Bootstrap Addons and Code

Share this post


Link to post
Share on other sites

@@auzStar

 

Hi Dom

 

Thanks for your reply.

 

I did transfer this from a "build site" but thought I had caught all the changes, but maybe not. However you have given me a clue and I'll check my admins config file and PM you in an hour or two.

 

Many thanks

 

John

Share this post


Link to post
Share on other sites

×