That's a good question. I'm not sure what is the answer. I'll do some research and get back to you if I find an useful answer. You should email the people at iPage as they probably could give you help..
I downloaded the "sun" module. or whatever you call it, from John Faller. Instructions were followed to the letter, I'm sure: 1. Cut and paste sql from admin.sql file into phpmyadmin or in similar fashion..
2. Copy application_top.php and header.php into \catalog\admin\includes folder.
3. Copy adminLogin.php, adminProcesslogin.php and adminLogout.php into \catalog\admin\.
This allowed me to assure that people who visited mysite/com/oscommerce/admin had to login. But it does not assure that no one can access my admin panel by typing in mysite.com/oscommerce/admin/configure.php..
Is your webserver Unix (Linux) based, or being hosted on a Windows server?..
I have found that people who have used that have had a problem in understanding how it works. your best bet is to use your host control panel and set your access password there, which in effect blocks the directory from any access, asks for a name and password. it also stores the password outside of the document root, which is another added safety factor...
Well you don't have to store your htpasswd file in the web document root; not all hosts have web control panels either. I'm using my own server so I don't have one..
If the webserver is running Apache (which is quite common on Unix or Linux servers) and offers no customer control panel, .htaccess files are probably the best way to go...
If you run your own server, then you have access to the root, which most people do not have. the control panel sets up an htaccess file, which the majority of the hosts use..
If you have access to your control panel, there is also a contribution which shows how to setup an htaccess file, just search on htaccess in contribution..
I've used the advice found in this forum for disabling someone from simply going to /oscommerce/catalog/admin page and just having access to my admin. This, for me was a great leap forward. However; I have no way of assuring that someone knowing to go to oscommerce/catalog/admin/configuration.php does not have access to my admin panel..
I've visited a few sites done with OsCommerce and have asked for help from store owners and have received no replies. What I am hoping to find is a way to prevent access to this link without a password..
Please don't mis-understand my request by thinking that I am asking how to prevent oscommerce/admin from going straight to my admin page; but that I am actually asking how to prevent someone that knows the correct address from accessing it without a password..
Whew. That was pulling teeth..
What method did you use to prevent access to the /catalog/admin? If you used the .htaccess method, any file or directory (folder) below the admin directory should be protected as well...