Re: FN-FORUM: A weird issue with admin login and logoff

date posted 4th May 2008 17:08

As far as I know OSC doesn't come 'out-of-the-box' with password
protected Admin.
You will have to implement your own.

I might be wrong but each time I've used it I have always coded my own
login.

Lee Rickler
Director - Point and Stare - pointandstare.com
Web Design and Development for over 11 years

Alex Libby wrote:
> Hi all,
>
> I am building an osCommerce site, which has been customized in the front
> end, but the backend is largely out of the box. However, I have one small
> problem:
>
> When I put in the URL for the admin bit (say, for example -
> http:///catalog/admin/, it goes straight through to the
> index.php page for Admin, without seeing ther login.php screen. Forcing the
> URL to go to /login.php then shows it, and this allows a successful login.
> What is really weird is that the logout link does not work - it shows in the
> blue-ish bar along the top, but when I click on it, the screen does not
> refresh to show the login.php page, but stays on index.php, which I don't
> want! It removes the (logout admin) link from this blue bar - if you press
> the back button, it then logs you out?!?!
>
> I cannot replicate this on a local test server (Apache under Windows), and
> have tried a number of things, such as editing code to destroy sessions, and
> at least 1 mod to tighten up this lax security. Has anyone come across this
> before - is it something to do with a server configuration? If not - has
> anyone come across any admin mod which they have installed and found to work
> OK? I had installed one, but it did not work at all - it refused to accept
> any password I put in, even though I know they were correct.
>
> Any ideas anyone? I don't really want to have to be forced to password
> protect the folder as a get out - I can do it, but it just seems an easy way
> out...I am using osCommerce 2.2 RC1.
>
> Thanks,
>
> Alex.
>
>