How does the ShopSite backoffice password protection work? (.htaccess, .htpasswd)
How does ShopSite backoffice password protection work?
Solution ID: S03971
If you are using htaccess/htpassword (Apache webserver on Linux/UNIX servers) this is how htaccess/htpassword works . The .htaccess file in the backoffice directory contains information indicating that the directory should require authentication to be accessed, and it also contains the path to the password file, .htpasswd. The ShopSite install creates this .htpasswd file and it contains a list of all storeid/password combinations of stores using the same ShopSite CGI directory. The passwords are encrypted. Once the browser detects that you are trying to access this .htaccess protected directory it will prompt you for your username and password. You reply and it checks against the .htpasswd file. If the username and password you provide match one of those in the .htpasswd file, then you are authenticated and the webserver will allow you to access the ShopSite cgi's in the backoffice directory. Then ShopSite uses the environment variable REMOTE_USER provided by the webserver to determine which user you are and displays the proper pages, products, settings, etc, for your ShopSite store.
Merchants may change their ShopSite password under the chpass.cgi (Utilities > Change Password). If you're having difficulties with your password, your hosting provider should be able to determine the cause.
Suggested troubleshooting for the server administrator: Check if these files have been deleted or see if the webserver setup is changed to look for a different file.
In the case of Windows 2000 and 2003 Servers using IIS, using htaccess or htpassword files is not applicable since these environments make use of the user's machine login name. The system administrator is the only one who can configure it.
Related solution: S03713, S03182, S03049
No related articles were found.
No attachments were found.