Login Link

robertswww · #61 02-15-2009, 01:15 PM

Quote:

Originally Posted by ChristineP

Do you have any suggestions for me to password protect register.php?

Christine

Hi Christine,

That is already built into X-Cart. Just go to: Admin --> General Settings, then select the "Security Options" sub-menu link. Under there you will find:

HTTPS options:

Use HTTPS for users' login and registration: (CHECK this box)

If instead, you actually want to password protect the register.php file, you can do that via C-Panel, and choose: Password Protect Directories. However, anyone who attempts to register will get a pop-up asking for the Username and Password.

Robert

ChristineP · #62 02-16-2009, 05:11 AM

Hi Robert,

Yes, I want to do the later part of your suggestion, to password protect register.php file. Per your suggestion, I checked our cpanel Password Protect Directories, though this only allows to protect an entire folder. Do I need to move my register.php to it's own folder to acheive this?

Christine

Quote:

Originally Posted by robertswww

Hi Christine,

That is already built into X-Cart. Just go to: Admin --> General Settings, then select the "Security Options" sub-menu link. Under there you will find:

HTTPS options:

Use HTTPS for users' login and registration: (CHECK this box)

If instead, you actually want to password protect the register.php file, you can do that via C-Panel, and choose: Password Protect Directories. However, anyone who attempts to register will get a pop-up asking for the Username and Password.

Robert

robertswww · #63 02-16-2009, 06:22 AM

Quote:

Originally Posted by ChristineP

Yes, I want to do the later part of your suggestion, to password protect register.php file. Per your suggestion, I checked our cpanel Password Protect Directories, though this only allows to protect an entire folder. Do I need to move my register.php to it's own folder to acheive this?

Hi Christine,

Try this... go back to your cPanel --> "Password Protect Directories".

1. Click on a Folder Icon (not folder name) to open it, such as: public_html
2. Keep doing this until you get to the lowest possible folder that contains the file you want to protect, such as: register.php

Add the folder protection to that lowest sub-folder. Go back to your web site via FTP and download the new .htaccess file that was added to that lowest sub-folder you just protected.

In the .htaccess file will be text such as:

AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user

Next, you will need to modify the .htaccess file so the protection applies to a single specific file using the <files> tags, as follows:

<Files [filename]></Files >

To protect the file "register.php", you would modify the .htaccess statement as follows:

<Files register.php>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user
</Files>

Preferably, test this on a test site, or a less important file, before taking it live.

Robert

aaronpost · #64 02-19-2009, 02:51 PM

anybody get this working in 4.2x without an SSL?

I've made a file in main catalog root "mainlogin.php" that I used the code from secure_login.php and commented out the following.

Code:

<?php
require "./auth.php";

/*
if (!empty($_GET[$XCART_SESSION_NAME])) {
    if (empty($_COOKIE[$XCART_SESSION_NAME]))
        $_COOKIE[$XCART_SESSION_NAME] = $XCARTSESSID;
    func_header_location("secure_login.php");
}
*/
require $xcart_dir."/include/categories.php";

$location[] = array(func_get_langvar_by_name("lbl_authentication"), "");

x_session_register("login_antibot_on");
x_session_register("username");
//if ($active_modules["Manufacturers"])
//    include $xcart_dir."/modules/Manufacturers/customer_manufacturers.php";

#
# Assign Smarty variables and show template
#

if ($login_antibot_on) {
    $smarty->assign("login_antibot_on", $login_antibot_on);
}
$smarty->assign("username", $username);
$smarty->assign("main", "secure_login_form");

# Assign the current location line
$smarty->assign("location", $location);

func_display("customer/home.tpl",$smarty);
?>

It displays the form fine but on login tries to go secure (https) and we don't have an ssl and don't plan on using one for this site... how do I bypass the secure login stuff?

ChristineP · #65 02-24-2009, 07:20 AM

Hi Robert,

I really want to try your suggestion! I've been back to my cpanel and I can get to the lowest-folder of /store/ and I add the name of the protected directory, though it protects the entire store instead of just the register.php. Do you know if I need to add/change something in the register.php to make this work?

Christine

Quote:

Originally Posted by robertswww

Hi Christine,

Try this... go back to your cPanel --> "Password Protect Directories".

1. Click on a Folder Icon (not folder name) to open it, such as: public_html
2. Keep doing this until you get to the lowest possible folder that contains the file you want to protect, such as: register.php

Add the folder protection to that lowest sub-folder. Go back to your web site via FTP and download the new .htaccess file that was added to that lowest sub-folder you just protected.

In the .htaccess file will be text such as:

AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user

Next, you will need to modify the .htaccess file so the protection applies to a single specific file using the <files> tags, as follows:

<Files [filename]></Files >

To protect the file "register.php", you would modify the .htaccess statement as follows:

<Files register.php>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile "/home/[username]/.htpasswds/public_html/passwd"
require valid-user
</Files>

Preferably, test this on a test site, or a less important file, before taking it live.

Robert

robertswww · #66 02-27-2009, 10:32 AM

Quote:

Originally Posted by ChristineP

Hi Robert,
I really want to try your suggestion! I've been back to my cpanel and I can get to the lowest-folder of /store/ and I add the name of the protected directory, though it protects the entire store instead of just the register.php. Do you know if I need to add/change something in the register.php to make this work?
Christine

Hi Christine,

I have not tried it on a root-level file, but just make sure that after you applied the Password Protection via cPanel to your /store/ directory, that you then login to your store's server via FTP and download the new .htaccess file that was just created.

NOTE: You should first make sure you backup your old .htaccess file in case you want to revert, before applying any password protection in cPanel, because that will overwrite your old .htaccess file.

Once you have downloaded the new .htaccess file, make sure you add the <Files> lines at the beginning and end of the .htaccess code block to specify which file to assign the Password protection to (i.e. register.php in our example):
<Files register.php>
</Files>

See the full example in my previous post.

If that does not work, then someone else will need to jump in with another idea.

Robert

ChristineP · #67 03-02-2009, 11:59 AM

Awesome, this works! Thank you Robert.

Christine

ChristineP · #68 06-03-2009, 01:17 PM

I created a new static page and I'm using Boomers mod for the login. My problem is the location always directs to the current page -- which happens to be the static page. Once the login passes I want the customer to be directed to either their cart if there's any items selected in their cart else they'll go to the home.php. Any suggestions?

robertswww · #69 06-12-2009, 10:29 AM

Christine,

Try adjusting the VALUE of the Redirect statement of your login template...

<input type="hidden" name="redirect" value="{$redirect}" />

Try setting the value="http://www.YourHomePage.com" for starters.

You will need to add some IF - ELSE logic if you want to check their cart for contents, else go to the homepage.

Robert

Nour · #70 07-30-2010, 12:00 PM

I am lost
here is what I have done
edit [skin1]/common_templates.tpl and add:

Quote:

{elseif $main eq "mainlogin"}
{include file="customer/main/login.tpl"}

I add it that on the end of common_templates.tpl

step 2
I created a new tpl customer/main/login.tpl
and past the auth.tpl in it

Now just create the login.php file, with:

Quote:

<?

require "../smarty.php";
require "../config.php";
@include "./https.php";
require "./auth.php";

$smarty->assign("main","mainlogin");
$smarty->display("customer/home.tpl");

?>

the result
http://www.prestigedentalproducts.com/customer/login.php

it redirect me to
http://www.prestigedentalproducts.com/customer/index.php
Not Found

I have tried all different ways nothing worked !!!!!!!!!!!!!!!!

I have x-cart-4.3.2gold