I have installed OpenCart in a folder on a hosted server. The reason why it’s in a folder and not the root, is that I only want people who login to have access to the shop and stay logged in while shopping. This has nothing to do with logging into OpenCart as they would have to do that as well to see the prices. I just don’t want anyone to see the shop before logging in.
I have resorted to using the .htaccess .htpasswd method, which seems to work fine, to an extent. There is a popup that wants you to login, and when you do, it takes you to a blank page, not the shop. So it works fine on the directory, but once logged in, there is nothing. I’m wondering if it’s because there is other stuff in the .htaccess file from OpenCart. I’m very new at all of this, and therefore I don’t know what any of that stuff does.
The problem is, that it appears that OpenCart, in the .htaccess file, hides the urls, so instead of going to an index.html page, there is nothing.
I added this to the .htaccess file from another post on stack overflow:
AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user
And I changed the path of course. But when that wasn’t working, it said to try adding this:
<Directory /path/to/the/directory/of/htaccess>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
and again, I changed the path. But then I noticed that perhaps that might interfere with other things that were already in the file such as:
## No directory listings
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>
## No-Referrer-Header
<IfModule mod_headers.c>
Header set Referrer-Policy "no-referrer"
</IfModule>
## Suppress mime type detection in browsers for unknown types and prevent FLOC
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set Permissions-Policy "interest-cohort=()"
</IfModule>
## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
## Prevent Directory listing
Options -Indexes
## Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.twig|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
## SEO URL Settings
RewriteEngine On
## If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /testing2/
## Rewrite Rules
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|webp|js|css|svg)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
Also, some of these things said to restart the server, but I don’t have access to that. But because I’m new at this, I don’t know if any of these things work against each other. If it had been a clean, new .htaccess file, I could understand it would be simpler, but because it already has things in it because of OpenCart, then maybe it’s not so simple after all. Is there another way to keep people from seeing the products, not just the prices in OpenCart (which is their standard option)?
You need to sign in to view this answers
