Chadduck Posted August 2, 2019 Share Posted August 2, 2019 I am moving my store to a new server - My NEW SYSTEM operating environment Ubuntu 18.04.2 LTS PHP version: 7.2.19-0ubuntu0.18.04.1 mysql Ver 14.14 Distrib 5.7.27 OSCommerce 2.3.4 Before anyone points out that the OSC bootstrap version is better - I am simply moving the store from one server to another. My question involves the usage of .htaccess to password protect the access to the admin section ASSUME OSC admin username is CharlesDuncan OSC admin password is Duncan2345 WHY is it if those are entered in the .htpasswd file that the OSC login screen is bypassed and the user is placed on the administration screen of OSC? ANY OTHER user name and password combination for .htaccess puts the user on the login screen called by login.php?action=process To verifiy this I went to my existing production server and tested it. The production server operates with older versions of Ubuntu, php, and MySql but the same OSC version. It does the same thing. Obviously I immediately removed the new entry in .htpasswd BUT I was wondering if others have ran into this. Link to comment Share on other sites More sharing options...
ruden Posted August 2, 2019 Share Posted August 2, 2019 This auto login with the HTTP Authentication values if it exists This is because you clicked the logoff link Add code in footer file login.php var_dump($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); You will see the password and login Link to comment Share on other sites More sharing options...
Chadduck Posted August 7, 2019 Author Share Posted August 7, 2019 Thank You Ruden Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 7, 2019 Share Posted August 7, 2019 On 8/2/2019 at 1:39 PM, Chadduck said: WHY is it if those are entered in the .htpasswd file that the OSC login screen is bypassed and the user is placed on the administration screen of OSC? It's because the path to the .htpasswd file is different between the two servers. The easy fix is to rest the password for the popup login in your control panel. But you could also edit the admin/.htaccess file and change the path to the correct one for the new server. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Chadduck Posted August 7, 2019 Author Share Posted August 7, 2019 Thank you Jack_mcs Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.