2.0 Library is Empty How to change Admin Panel Path?
Or
hello is there a way to rename the route from admin.php to something else? if so is there a video i can watch or do so i can rename it please?
Renaming admin.php or moving it's location is a bad idea and would require you changing other templates and php files as well. This is not how the system is intended to be used.
Instead of changing the path, just password protect admin.php with regular authentication and force your moderators and admins to use 2 factor authentication.
This will solve any security issues that you were trying to solve by renaming it.
Related
Hi i have a website that i use a .htpasswd thing on to protect my directory but is there a way to make this look better?
https://prnt.sc/r3Dk5iUMOZKw
No, this is a native browser component that you cannot modify. You can build your own password protected page to access your directory but it is a whole another story.
I migrated my magento website to a different server, following the steps described here. Everything went smoothly, except for the fact that when I load the page, the CSS won't load, and I just get the page in plain text.
I used firebug and noticed that the path the system is using to get to the CSS file doesn't exist in the FTP server. It starts with the 'minify' folder, which makes me think that something might be cached from the previous server.
An example:
my_site_url/minify/1281335374/skin/frontend/default/hellouno/css/styles.css
This path doesn't exist, not even in the previous server, so I'm thinking maybe these files are supposed to be generated on the fly? I'm really confused, any help will be very appreciated!
In my case, the problem was a missing Slash "/" at the end of the domain.
Use the following to get both rows:
SELECT * FROM core_config_data WHERE path = 'web/unsecure/base_url' OR path = 'web/secure/base_url';
Then update them manually and make sure the domain has it's final "/", otherwise it will merge the domain name with the following folder name.
You can check whether this is your condition if when doing inspect, you see a wrong path to CSS and JS.
Correct Config:
Incorrect Config Results in:
Remember to clear the var/cache folder.
I'm going to assume you cleared your cache out. If "not having CSS" makes this hard to do via the admin, just delete the
var/cache
folder.
Sometimes giving the CSS (or Javascript) merge settings a quick toggle from on, to off, to on again will force Magento to recalculate the paths.
System -> Developer -> CSS Settings
If you can't access this in the Admin, change the value manually in the database table core_config_data (identified by the path column having the value dev/css/merge_css_files), clear your cache and reload your page
Sounds like an issue with your .htaccess file. Minification rewrites are handled there. If you haven't already, make sure your .htaccess file came over in the transfer, and make the appropriate changes if directories or anything else has been changed.
Thanks its helped me i just forget to place / in the end of the path.
Before:
Base URL http://mywebsitename.com
After:
Base URL http://mywebsitename.com/
Its solved all skin/css and admin problem. Cheeers
I solved the issue, by changing the merge css options in the backend to no
It was a bit difficult to navigate through backend without css but managed to get there!
System > Configuration > Developer > CSS Settings
If you haven't changed your site information (url and such) in the backend (or in the database) after the migration, this is the likely problem.
http://www.siteground.com/tutorials/magento/magento_configuration.htm#base_url
for the database:
in the core_config_data table
change key "web/unsecure/base_url" to your site base url ex. http://yoursite.com
good luck!
Experienced same problem once.
The solution:
I'd forgotten to put trailing slashes at the end of my base_urls when I'd updated them
System > Configuration > General > Web > Unsecure
Base URL http://mybaseurl.com/
System > Configuration > General > Web > Unsecure
Base URL https://mybaseurl.com/
If you're Admin section is out of bounds you can also set this value in the database in the table core_config_data
Fields: web/unsecure/base_url and web/secure/base_url
Also: Remember to flush your cache after doing this.
Check permissions for the folders like app/etc, var, media folders. Try to give 755 permissions to those folders. Recently I have faced the same problem and I tried with this. Then my site works fine.
Change Permission Of Skin And Media Containing All Folder TO Give Permission 755 And File TO 644
Mine was also the forward slash ( / ) at the end of the url in the sql database. Cleared Cache and it worked perfect.
One answer that has not been given yet that turned out to be the solution to my problem:
When transferring the Magento store from 1 host to another, what usually isn't copied over is the VirtualHost entry. In my case I had to manually recreate this and wrongfully added AllowOverride None. This should be AllowOverride All in order for .htaccess files to be read and processed.
I am building my personal website using Jekyll and hosting it at github-pages. I would like to have a password protected area (just password protected directory, not the whole website). I have tried a few options and tricks to get htaccess to work but failed.
I would like to know if someone managed to use htaccess, or any other method, to protect a directory on github-pages.
Listing solutions which did not work for me (or I failed to get them to work):
*Flohei.
*Jeremy Ricketts.
GitHubPages (like Bitbucket Pages and GitLab Pages) only serve static pages, so the only solution is something client side (Javascript).
A solution could be, instead of using real authentication, just to share only a secret (password) with all the authorized persons and implement one of the following scheme:
put all the private files in a (not listed) subdirectory and name that with the hash of the chosen password. The index page asks you (with Javascript) for the password and build the correct start link calculating the hash.
See for example: https://github.com/matteobrusa/Password-protection-for-static-pages
PRO:
Very simple approach protecting a whole subdirectory tree
CONS:
possible attack: sniffing the following requests to obtain the name of the subdirectory
the admins on the hosting site have access to the full contents
crypt the page with password and decrypt on the fly with javascript
see for example: https://github.com/robinmoisson/staticrypt
PRO: no plaintext page code around (decrypting happens on the client side)
CONS:
just a single page, and need to reinsert the password on every refresh
an admin could change your Javascript code to obtain the password when you insert it
One option is to use Cloudflare Access to control access at the DNS level.
After setting up a custom domain for your Git pages using Cloudflare for DNS, you can use their Access rules policy to require authentication at the specified url path.
This could still be bypassed if someone is familiar with bypassing DNS blocks.
https://www.cloudflare.com/products/cloudflare-access/
You can give a try to Jekyll Auth and if you run into troubles, this issue can be useful.
You can use Render to deploy your static Web app. It has a npm package that encrypted your html files and user can not see it in browser. So you can use frontend password validation.
I have a new client who asked me to make 2 websites and no payment so far!
I have the ftp accounts, but he can always close my access and leave me without pay.
Can I upload the CSS to another server of mine and encrypt the link to CSS file?
If yes, can I restrict peoples to see the file if they find the URL to CSS file?
Thank you!
If they are his hosting accounts, then accessing them to tamper with the code for the purpose of disabling his sites without his authorisation is probably illegal.
If he hasn't paid you, you own the copyright. If he refuses to pay you, file a DMCA complaint with his hosting company.
Technological measures like this are futile and unprofessional. Next time use a contract.
This is simple. Same scenario happened to me, and what I did was added an new index.html which was an under-construction page, and renamed the original index.php as index_to_be.php.
I then added a redirection using htaccess to the new index.html.
The client contacted me straight away and paid up in no time.
If you don't know how to use htaccess, you can simply add a header location value to the top php page.
header("location:index.html");
The best way to do this is to create a simple PHP file that allows you to access, edit and delete files on the server. You can also search for a ready made lightweight ftp script. Place the PHP file somewhere on the server nested in other folders and name it something like temp.php. Now even if the client blocked you access to the server, you can still access, edit and delete files on the server by pointing your URL to temp.php. When you get paid, be kind enough to remove the file. Don't forget to password protect it.
In your PHP file you can use opendir() to read files from a directory, and unlink() to delete files. If all you want to do is be able to delete files, then the script will not take you more then a minute to create.
UPDATE
You can use the following lightweight ftp script that will let you view, edit delete files and also give you the option to password protect it. http://sourceforge.net/projects/pafm/
You could remove the style sheet from the client's site, upload it to one of your servers and embed it from there:
<link rel="stylesheet" href="http://your.server/styles.css">
however, you will not be able to seriously obfuscate this. One idea that comes to mind is to add a huge number of spaces before the "link" tag to hide it in the source code view.
<link rel="stylesheet".....>
You could also lazy load it using jQuery, but that would disable the style sheet for users who have JavaScript turned off - mostly a no-go.
In the end, no matter what you do, all this will be trivially easy to circumvent. There is no way to reliably keep control over the site in the scenario you describe. Like #thirtydot says, the best thing to do is to send a screenshot instead.
This is probably like trying to kill a fly with a ICBM but...
You could always use a JavaScript to add the link element to the DOM, and run the JavaScript code through a JS obfusticator.
But still, that's hackish, and overkill, and ways you can get the link anyway.
In a basic HTML web page, how do you make the user have to enter a username and password before they are allowed to download a file?
What is the best way of achieving this on a website, preferably in plain HTML?
This can't be achieved in HTML.
With client side technologies, the best you are likely to be able to achieve is a JavaScript prompt that you use the data from to direct people to a secret URI.
This is something that really should be handled by the web server.
You won't be able to do this with plain HTML. Easiest way is probably to place the protected file in a directory protected by an .htaccess and .htpasswd file.
I agree with David...this can't really be done. Putting up a JavaScript prompt only protects you so far as well...that isn't really secure.
If you are on an Apache server, you could setup a .htaccess file and setup some user authorization options that point at a page which has the link to your download file. A simple implementation would give you 1 user/password combo that you could distribute to your users. The Apache documentation for this may be found here. Unfortunately I'm not really familiar with how IIS handles this sort of thing.
If you don't want to distribute a generic username/password combo to your users, you're pretty much going to be stuck creating a (or making use of an exsitng) user-management system. There are quite a few modules strewn throughout the web, and a simple Google search should bring you to quite a number of tutorials or existing implementations, depending on what you require.
first download phpmyadmin.open the file.click on create login.name it as login.php.then create a new want again name file.php.after you click yes it popout a logon information.enter the usrname you want and password you want
hope this help!