AbanteCart Community

Shopping Cart Operations => Support => Topic started by: userdelr00t on March 20, 2015, 11:51:33 AM

Title: Few things
Post by: userdelr00t on March 20, 2015, 11:51:33 AM

First of all thank you for the nice cart.  Nice job, and please for the love of pete keep up with it.

Second, a few things that need to be addressed it isn't a emergency but would like to see it fixed on an update.

I have not tested this on user accounts because I am still working on the site, however it should not ever happen for the admin account.
You are able to continuously attempt to login as the ADMIN. I could not find an option to disable multiple attempts etc.
Can there be a setting for this as it is a security concern that automated scripts could continuously try to guess your login info.
Add a Captcha after the 2nd failed login attempt.  The admin account could check a file on the server .lck-adm.  That way the file could be deleted so the actual admin could get back in.
Just some ideas, but that needs to be addressed as soon as you all can.

The other part is if you go to  demo.abantecart.com on your cell phone, and turn your cell phone into landscape mode, The menu item is above the AbanteCart logo and out of place. 

Keep up the good work.

Title: Re: Few things
Post by: eCommerce Core on March 23, 2015, 09:05:57 AM

Quote from: userdelr00t on March 20, 2015, 11:51:33 AM

I have not tested this on user accounts because I am still working on the site, however it should not ever happen for the admin account.
You are able to continuously attempt to login as the ADMIN. I could not find an option to disable multiple attempts etc.
Can there be a setting for this as it is a security concern that automated scripts could continuously try to guess your login info.
Add a Captcha after the 2nd failed login attempt.  The admin account could check a file on the server .lck-adm.  That way the file could be deleted so the actual admin could get back in.
Just some ideas, but that needs to be addressed as soon as you all can.

I do not think this is necessary. Admin URL suppose to be kept private with unique parameter identifier. This parameter can be changed easily if needed. No scripts can get to this URL (unless you make this URL public, that you should never do)

Additionally, there is warning in the notification that will indicate failed login attempts. If you see them and it was not anyone you know, you can change URL.

Title: Re: Few things
Post by: eCommerce Core on March 23, 2015, 09:06:51 AM

Quote from: userdelr00t on March 20, 2015, 11:51:33 AM

The other part is if you go to  demo.abantecart.com on your cell phone, and turn your cell phone into landscape mode, The menu item is above the AbanteCart logo and out of place. 

We can check this issue. What is the phone and version of OS do you use? Can you please post a screenshot?

Title: Re: Few things
Post by: Basara on March 23, 2015, 09:11:40 AM

You can always find your unique admin parameter in configuration file on your server.

/system/config.php

Look for define('ADMIN_PATH', 'myuniqueadmin');

mydomain.net/index.php?s=myuniqueadmin