Secure Catalog pages

[Skidude]

Please anyone help, I am new and have created a login outside the catalog pages... How do i secure the catalog so user can't just type in the broswer to access them ?

I am also trying to define a global parm and i think that is done in English.php but i am not sure about the code? the Variable name in "promo" which is entered at login and i would like to use it to update a field in the customers file when the customer creates an account....

[Skidude]

Please can anyone help with my questions ?

[michael_s]

Use .htaccess to secure pages. Do a google search on htaccess and you will find tons of info.

To create a define in englsh.php, just copy one that is already there and change the info to what you need it to be...

[Skidude]

I have searched on .htaccess and cannot find what i am looking for please help... I want to secure pages outside my home page but i don't want to use a password or userid. I don't want anyone typing the url to access the catalog. I created logins outside the catalog and only want to give them access from there. How can i prevent them from typing. www.mydomain/catalog/ to gain access to the catalog..... Please help all i find is redirect and password protect info.......

[Skidude]

Someone help me out Please i am really hung up on this

[kamel]

Hello,
Also looking to create a secure login before customer can view the catalog contents.
Would like the customer to login or create an account on the home page and then be able to view the rest of the site. Would also like to have the customer checkout with out having to log in again since they all ready have before entering the site.
I use IIS on windows XP Pro and do not know how to create a PHP login script without using htaccess(seemingly only able to use with Apache).
Any leads please.
Thank You

[jpf]

Try this:

Make an .htaccess file (or copy one from catalog/includes directory) in your catalog directory with:

Code:

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

Then WHEN you call anything from your catalog - you have to use a php "requires" or "includes" to bring it up.

ie: in your root - to call INDEX.PHP out of the /catalog/ directory

Code:

<?php  require('catalog/index.php');?>

thus if you called this file www.yoursite.com/index.php - it will also load
www.yoursite.com/catalog/index.php - however if someone types in to there browser www.yoursite.com/catalog/index.php - they will NOT get anything - disallowed!

This should work

[kamel]

Thank you for the reply,
I am using IIS server.
Home directory, C:\Inetpub\wwwroot\oscommerce-2.2ms2\catalog
Defualt document index.php
I have the htaccess file with above code in the catalog folder.
When typinh http://mysite or http://mysite/index.php it opens the
home page (also the catalog page).
I would like to use login.php as the Default document to have the
customer log in before shopping but they can click on catalog in the
left of the top bar or type http://mysite/index.php to access the
catalog page.
I have not found any one using htaccess with IIS.
Can this be done?
I have considered using "Umbrella Users" PHP open source login out side of the catalog
folderand removing the need to login at checkout. Not sure how to complete this.
Need a newpage=layout?

http://crash404.com/modules.php?op=m...amp;file=index

Any other GNU ideas?

Thank you very mutch for your time
K

[michael_s]

kamel, htaccess doesnt work on IIS. I suggest you read a book on IIS. Or search on 'password protection on IIS'

Skidude, not sure why you would want to do such a convoluted thing... Just use the server login instead of your separate one. ??? I never heard of password protection without a password.

You could restrict access to the dir by IP or domain, but that is about it, or look at several of the php based password protection scripts.

[kamel]

Hello msasek,
Thanks for the reply, I can set up user accounts with IIS but, I also wanted the customer to be able to create an account themselves. May just have to use Apache. Looking in to using "Umbrella Users" login cript and then trying to remove or intergrate the OSC login without loosing the OSC merchant abilities? Think I might just hang at the Barns&Noble library for a while to figure it out. I will post when I have a solution.
Thanks again
K