Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Bypass the .htpasswd checks for IIS

  • Loading branch information...
commit 5878f2a3342861f52818724dafac81e4a0c9d2b8 1 parent c5606ad
@markkevans markkevans authored haraldpdl committed
Showing with 9 additions and 3 deletions.
  1. +9 −3 catalog/admin/administrators.php
View
12 catalog/admin/administrators.php
@@ -14,6 +14,7 @@
$htaccess_array = null;
$htpasswd_array = null;
+ $is_iis = stripos($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'iis');
$authuserfile_array = array('##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####',
'AuthType Basic',
@@ -22,7 +23,7 @@
'Require valid-user',
'##### OSCOMMERCE ADMIN PROTECTION - END #####');
- if (file_exists(DIR_FS_ADMIN . '.htpasswd_oscommerce') && tep_is_writable(DIR_FS_ADMIN . '.htpasswd_oscommerce') && file_exists(DIR_FS_ADMIN . '.htaccess') && tep_is_writable(DIR_FS_ADMIN . '.htaccess')) {
+ if (!$is_iis && file_exists(DIR_FS_ADMIN . '.htpasswd_oscommerce') && tep_is_writable(DIR_FS_ADMIN . '.htpasswd_oscommerce') && file_exists(DIR_FS_ADMIN . '.htaccess') && tep_is_writable(DIR_FS_ADMIN . '.htaccess')) {
$htaccess_array = array();
$htpasswd_array = array();
@@ -225,7 +226,7 @@
} else {
$secMessageStack->add(HTPASSWD_SECURED, 'success');
}
- } else {
+ } else if (!$is_iis) {
$secMessageStack->add(HTPASSWD_PERMISSIONS, 'error');
}
?>
@@ -283,8 +284,13 @@
$aInfo = new objectInfo($admins);
}
+
$htpasswd_secured = tep_image(DIR_WS_IMAGES . 'icon_status_red.gif', 'Not Secured', 10, 10);
+ if ($is_iis) {
+ $htpasswd_secured = 'N/A';
+ }
+
if (is_array($htpasswd_array)) {
for ($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
@@ -398,4 +404,4 @@
<br>
</body>
</html>
-<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>
+<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>
Please sign in to comment.
Something went wrong with that request. Please try again.