skip to Main Content

I have installed OpenCart in a folder on a hosted server. The reason why it’s in a folder and not the root, is that I only want people who login to have access to the shop and stay logged in while shopping. This has nothing to do with logging into OpenCart as they would have to do that as well to see the prices. I just don’t want anyone to see the shop before logging in.

I have resorted to using the .htaccess .htpasswd method, which seems to work fine, to an extent. There is a popup that wants you to login, and when you do, it takes you to a blank page, not the shop. So it works fine on the directory, but once logged in, there is nothing. I’m wondering if it’s because there is other stuff in the .htaccess file from OpenCart. I’m very new at all of this, and therefore I don’t know what any of that stuff does.

The problem is, that it appears that OpenCart, in the .htaccess file, hides the urls, so instead of going to an index.html page, there is nothing.

I added this to the .htaccess file from another post on stack overflow:

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user

And I changed the path of course. But when that wasn’t working, it said to try adding this:

<Directory /path/to/the/directory/of/htaccess>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>

and again, I changed the path. But then I noticed that perhaps that might interfere with other things that were already in the file such as:

## No directory listings
<IfModule mod_autoindex.c>
  IndexIgnore *
</IfModule>

## No-Referrer-Header
<IfModule mod_headers.c>
  Header set Referrer-Policy "no-referrer"
</IfModule>

## Suppress mime type detection in browsers for unknown types and prevent FLOC
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set Permissions-Policy "interest-cohort=()"
</IfModule>

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks

## Prevent Directory listing
Options -Indexes

## Prevent Direct Access to files
<FilesMatch "(?i)((.tpl|.twig|.ini|.log|(?<!robots).txt))">
 Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>

## SEO URL Settings
RewriteEngine On
## If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /testing2/
## Rewrite Rules
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*.(ico|gif|jpg|jpeg|png|webp|js|css|svg)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

Also, some of these things said to restart the server, but I don’t have access to that. But because I’m new at this, I don’t know if any of these things work against each other. If it had been a clean, new .htaccess file, I could understand it would be simpler, but because it already has things in it because of OpenCart, then maybe it’s not so simple after all. Is there another way to keep people from seeing the products, not just the prices in OpenCart (which is their standard option)?

3

Answers


  1. Chosen as BEST ANSWER

    I go to something.com/folder/ and am met by the request for username/password which I got by putting this in the file:

    AuthType Basic AuthName "restricted area" AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user

    Even without the password protection, I would go to something.com/folder/ to access the OpenCart. It would just go to the main page, no file name needed or URL. Am I supposed to tell it where to go specifically after logging in? Because I tried using index.php from OpenCart, but it won't let me do that either. I'm new to this so I don't know how to direct it to the right path after logging in. Am I missing some code that directs it to the main page in the folder?


  2. In your opencart settings there is an option to hide prices until a customer is logged in.

    IF you actually want to hide the entire store and force login you can add the following code to your /store/catalog/controller/common/header.php at the top:

    if (!$this->customer->isLogged() && !in_array($this->request->get['route'], ['account/login', 'account/register'])) {
        $this->redirect($this->url->link('account/login', '', 'SSL'));
    }
    

    Reset your htaccess back to what it was, its a bad way to manage this, if your still having issues loading the site even with default htaccess of opencart you need to make sure your path is set right here:

    RewriteBase /testing2/
    
    Login or Signup to reply.
  3. I tried putting it in different spots in the code but I keep getting errors. The first error, when put at the end:

    Warning: Undefined property: OpencartSystemEngineAutoloader::$customer in testing2/catalog/controller/common/header.php on line 98Call to a member function isLogged() on null: in testing2/catalog/controller/common/header.php on line 98

    I get the same error if I put it inside the function, and the second error if put at the top:

    syntax error, unexpected token "if", expecting "function" or "const": in testing2/catalog/controller/common/header.php on line 13

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search