osCommerceCoders.com

Affordable end to end oscommerce solutions with
Search Engine Optimization

Email : osCommerceCoders@gmail.com
Call : +1 818-574-3596 (USA) / +44 (020) 8123-6463 (UK)

Archive for August, 2010

osC 2.2 version RC1 and RC2.

For the moment two things can and should be done:
A. rename the admin directory
B. add .htaccess protection to the (renamed) admin directory as was necessary on the older versions of osC (.htaccess cannot be used on a Windows server by the way)

Renaming the admin directory has always been a good measure but was never prominently advised in the install procedure.
After you rename the admin directory you will have to change two lines in the renamed_admin_directory/includes/configure.php:

define(‘DIR_WS_ADMIN’, ‘/renamed_admin_directory/’);
define(‘DIR_FS_ADMIN’, ‘/your/path/to/directory/renamed_admin_directory/’);

For password protecting of your admin directory you can (hopefully) use the Password Protect feature in your web hosting control panel.

catalog/admin/includes/application_top.php
catalog/admin/login.php

Some additional information and advice on security

Delete admin/filemanager.php and associated links.
Delete admin/define_language.php and associated link in the “Tools” box.
Note: keep a local copy of your site on your computer and after editing files and ensuring the things you have added to your shop are working upload edited files by FTP to your site.

Ensure that your folder permissions are never set higher than 755

Install some security addons

admin/includes/application_top.php Line 146-151

Change:

$redirect = true;
}

if ($redirect == true) {
tep_redirect(tep_href_link(FILENAME_LOGIN));
}

To:

$redirect = true;
}

if (!isset($login_request) || isset($HTTP_GET_VARS[‘login_request’]) || isset($HTTP_POST_VARS[‘login_request’]) || isset($HTTP_COOKIE_VARS[‘login_request’]) || isset($HTTP_SESSION_VARS[‘login_request’]) || isset($HTTP_POST_FILES[‘login_request’]) || isset($HTTP_SERVER_VARS[‘login_request’])) {
$redirect = true;
}

if ($redirect == true) {
tep_redirect(tep_href_link(FILENAME_LOGIN));
}

admin/login.php Line 10-11

After:

Released under the GNU General Public License
*/

Add:

$login_request = true;

Sponsors