 |
Your forum announcement here! |
|
 |
03-09-2007, 20:36
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
Password Protect directories with OSCommerce
I have been experimenting with OSCommerce and have launched a couple of shops in the form of on-line galleries. The default installation automatically password protects the ADMIN directory - but I noticed that I actually have to login twice !
That didn't bother me too much - but I recently tried to password protect the whole shop by using cpanel to password protect the shop's root directory. Same effect here - i.e. the logon dialogue comes up twice before you get access !
Password protecting a standard directory seems fine. Any ideas please? I am also posting on the OSCommerce forum.
regards
Chris.
|
06-09-2007, 18:57
|
 |
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,863
|
|
Can you give some more details? It seems like a strange problem.
Are the two password dialogs the same? Or is one a IE password dialog (like you get with password protecting a normal folder where it just asks you once) and one an OSCommerce text box password character input field on a page?
|
06-09-2007, 20:08
|
 |
Moderator
|
|
Join Date: May 2007
Location: Newport, Wales
Posts: 820
|
|
Possibly two .htaccess files which are conflicting with each other. Check to ensure only one .htaccess file is present, and not two - as it will cause problems otherwise.
|
07-09-2007, 17:48
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
Quote:
Originally Posted by DPS Computing
Can you give some more details? It seems like a strange problem.
Are the two password dialogs the same? Or is one a IE password dialog (like you get with password protecting a normal folder where it just asks you once) and one an OSCommerce text box password character input field on a page?
|
They look like standard password dialogues to me and they are identical. The second pops up immediately the first is closed - as if you got the password wrong.
Quote:
Originally Posted by Thomas
Possibly two .htaccess files which are conflicting with each other. Check to ensure only one .htaccess file is present, and not two - as it will cause problems otherwise.
|
I'm not sure how you could have two versions of the same file present in the same directory? Anyhow when I check the directory and files it all looks as expected.
I have created an oscommerce test shop so you can see the effect.
You can logon with "guest" / "password"
http://www.armphotography.co.uk/test_shop
Chris.
|
07-09-2007, 18:04
|
|
Moderator
|
|
Join Date: May 2007
Location: Newport, Wales
Posts: 820
|
|
Check to see if the user hasn't been added twice in the htpasswd file.
|
07-09-2007, 18:20
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
Thomas - No - there's definitely only one entry for the 'guest' user in the "passwd" file.
|
07-09-2007, 18:27
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,863
|
|
I see what you mean - I had to type the username / password more than twice. In fact I had to enter it about 40 times as I had to enter it for every single image which would suggest to me a directory that should be public, where the images are stored, has actually been secured in error.
|
07-09-2007, 18:29
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
.. also worth mentioning that this isn't just a one off for me. I have now replicated with four separate test installations.
As I have a reseller account I have tested on three separate domains - with the same result.
Test steps:
(1) Use Fantastico to install a new shop "test_shop" off the public_html directory.
(2) Edit the .htaccess file in the test_shop directory to add the user_globals flag (otherwise oscommerce doesn't work at all)
(3) Test the shop works with no access control on the test_shop directory.
(4) Use cpanel to password protect the test_shop directory with the single 'guest' user.
(5) Re-test access with user logon.
I have posted on oscommerce forum but not had a great response - so presumably not a common issue. A moderator there suspected some duplication in .htaccess or implied perhaps fantastico had added it's own security - but that didn't make sense to me.
Chris.
|
07-09-2007, 18:31
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,863
|
|
I have personally had problems with duplicated .htaccess files in the past so do just double check this after all is set up just to make sure.
|
07-09-2007, 18:41
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
... still a bit confused on that. How can you have duplicate files? - or would they have different names? In any case there is only one .* file of any sort in the test_shop directory.
What about .htaccess in higher level directories ?
|
07-09-2007, 18:43
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
Quote:
Originally Posted by Chris
In any case there is only one .* file of any sort in the test_shop directory
|
... at least according to cpanel file manager. Could this get confused? |
08-09-2007, 08:41
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,863
|
|
They looked funny. It was like .htaccess, .htaccess1 etc so just check there is only one .htaccess* file in the directory.
Don't use cPanel file manager for this, it sometimes hides files that have nothing left of the . - use something like an FTP client, Dreamweaver, Frontpage or Expression Web and make sure any don't display hidden files option is not selected in these clients.
|
08-09-2007, 19:10
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
No, I've given up on this for now. A work around was to insert another directory with a standard html page containing the link to the 'shop' and put the security on that.
Not great, but sufficient for this application which simply requires privacy rather than security.
|
08-09-2007, 19:16
|
|
Premium Member
|
|
Join Date: Apr 2007
Location: Manchester, United Kingdom
Posts: 4,863
|
|
Glad you found a solution to fit your needs then - if you have any more problems don't hesitate to ask for help  . |
08-09-2007, 20:04
|
|
Premium Member
|
|
Join Date: Jan 2007
Posts: 209
|
|
Hi Chris,
It seems a redirection issue. Oscommerce redirects to a secure page (folder) by default. You're protected the main folder as well.
What is happening is:
main-site/.htaccess (set by osc) -->redirect-->/yourshop_root/ (which has an htaccess with password)
IN the above scenario, you added
main-site/.htaccess (now with password) -->redirect-->/yourshop_root (which already had password protection)
OSC uses redirection a lot , loads another index file once you get authenticated. But because the parent is password protected, the system asks for password again.
Post your .htaccess file minus username/passwords so that someone may take a look.
Regds
IJ
Last edited by swexpert; 08-09-2007 at 20:10.
|
10-09-2007, 20:02
|
|
Member
|
|
Join Date: Sep 2006
Posts: 73
|
|
IJ, Thanks for commenting.
Well OSC doesn't auto secure the root. The fantastico installation secures the admin sub-folder only. So a default installation doesn't event have a .htaccess in the root. The only password protection entry here is that installed by cpanel.
In your above scenario I'm not sure what is meant by 'main-site' - isn't that the same as shop-root?
regards
Chris.
|
10-09-2007, 21:02
|
|
Premium Member
|
|
Join Date: Jan 2007
Posts: 209
|
|
Hello,
By main-site I meant the document root of your domain. shop root would be yourdomain.tld/shop or yourdomain.tld/order
Ideally there should be an .htaccess file in all subfolders of OSC root with various settings such as register_globals and others.
I'll check yuor issue up try to recreate your environment in one of my website hostings and then get back to you soon (about 1 day).
Regds
IJ |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 13:56.
|
|
|
