ShopSite Forums

[Paula]

I went into my ShopSite dashboard to look at orders needing to be processed and a message appears that my dashboard was accessed from a different computer. It gave an IP address, which happens to be my IP address, so I don't know which other computer they can be referring to. Then when I went back into the orders area, the message, along with my password reminder, disappeared.

Also, unsure what the numbers before the IP address are. It reads - - (then my IP address). And under View Security Access Log, what do the numbers under the ID column refer to?

Any thoughts on this?

Also, I went to change my password but was unable to; something about not being able to access. Is this something Shopsite needs to do? I recall there being some issue with this when I first started using Shopsite.

Thanks,.

[Jim]

The number before the IP is just a somewhat random number that is generated and stored in a cookie in the browser of the machine accessing the store. If you have multiple browsers on the same machine and access the store from each of them, you would get a different number for each browser. And since the number is stored in a cookie in the browser, clearing the cookies would remove the number so the next time the store was accessed ShopSite would think it was a new computer and give the alert you saw.

So to explain the message about the store being accessed from a different computer even though it has your IP, it could indicate that you used a different browser or you had deleted the cookie from your regular browser so when you logged in the number couldn't be found a thus didn't match the one stored in your ShopSite log.

Changing the password could be affected by several things. First, the web server login (basic authentication) method just prompts for a username and password, while the newer ShopSite login method requires the username, password and storeid. So which method of login were you using?
The first method was used from at least ShopSite version 3 (when I joined ShopSite) and can still be used in ShopSite 11sp2 the current version. The newer method was added in ShopSite 11. And it is possible to have both those login methods enable at the same time so you have to login with the storeid as the username and a password and then you have to login with a ShopSite user name, password and the storeid. Some hosts have overridden the Basic authentication method with a single sign on so you log into your hosting account control panel and the control panel login is also used for the ShopSite login.
If using the web server basic authentication method for login, the password can be changed on the server using the server change password command. When the password was initial setup it it used the ShopSite encryption which was also understood by the server and thus could be changed from within ShopSite. However, if the password is changed using the server change password command it will be slightly different than what the ShopSite password encrypted value would be. ShopSite can still be accessed if the password has been changed in this way, but it will no longer be possible to change the password from within ShopSite.


SPECIAL NOTE FOR WINDOWS - ShopSite stores running on a Windows server use a type of basic authentication that has the StoreID as an actual user on the Windows server, which means that changing the password requires changing it while logged into the server itself so there is no option in the backoffice to change the Password. The newer ShopSite login is also available on windows and if this is configured then the option to change the ShopSite user's password will be available.

Now to get the answer for your question about changing the password. What type of login is your store using, Basic Authentication or ShopSite login, or hosting account Single sign on?
If Basic Authentication and the password was changed on the server, contact your host for assistance in getting the password reset so you can change it from the backoffice. They may need to contact ShopSite for assistance in doing this if they have not done it before.
If your host has the single sign on then you would change the password for your hosting account and that would be used and it can't be changed from within ShopSite.
If using the ShopSite login method you should click the forgot password link at the login prompt and then follow the steps in the email that you receive.

[Paula]

Jim,

Thanks for explaining about the possible reasons for that message. I did change browsers, which explains that.

As for the password issue, when I login, it asks for username and password, no store ID. So am assuming this is the Basic method. (I use Shopsite 11 Pro). So looks like I need to contact my host.

[Jim]

To enable the ShopSite login method you go to Utilities > User Accounts and follow the setup wizard. If you want to switch to using the ShopSite login only, then there will be a step in the wizard (providing your store is not using the same cgis as other stores on the server) that allows you to disable the older access method (.htaccess and .htpasswd) and will make a backup of those in case you really need to go back to using the old method.
Once the ShopSite login has been enabled if you forget your password you can have a link sent to your email address to allow you to get back into the store by answering security questions. It is also possible to entirely lock your self out of the store if you attempt to login too many times and don't get the password correct. So make sure you know what the password is when you setup the account. You might also want to create a second login as admin level ones you have it enabled, just incase you forget one password you will have another possible way to get logged in and reset the first password. If you get locked out and can't get back in using the emailed password info then it is a pain to get back into the store admin area (Note this is a security feature so it is intentionally hard to get pass the security ) It will require server access and special instructions from ShopSite as to how it is done.

[Paula]

Jim,

I think I would like to stick with the method I have - just entering user ID and password. In this case, does the password get changed on the Hostmonster end?

[Jim]

I'm not sure how Host Monster does it. Do you just login to your Host Monster control panel and then access ShopSite from there, or can you login directly to the start.cgi script without ever accessing your Host Monster control panel?

[ShopSite Nicole]

The password for ShopSite should only be changed through your ShopSite Backoffice (Utilities > Change Password). If the password is, by chance, changed by the Hostmonster technicians or using the Hostmonster control panel, then the ShopSite files which control the password are corrupted.

[Paula]

I must have misread Jim's post. I did try to change the password on my own through Utilities > Change Password. I get as far as entering the old password, then a new password, but then get a page with the following message: Unable to open ./.htpasswd for updating! Any ideas on why this happens?

The password for ShopSite should only be changed through your ShopSite Backoffice (Utilities > Change Password). If the password is, by chance, changed by the Hostmonster technicians or using the Hostmonster control panel, then the ShopSite files which control the password are corrupted.

[Jim]

Either someone messed with the permissions on that file, (or removed it entirely) or the password was changed outside of ShopSite on the server itself. Check with your host to see if they can help you get permissions reset. If they can't get it working you can ask them to contact ShopSite for assistance or you can purchase a support incident at http://www.shopsite.com/support_pricing.html

[Paula]

Ok, I found an old email from April. Seems I was having an issue with this and I never followed up with it. I sent a request. Thanks.

Either someone messed with the permissions on that file, (or removed it entirely) or the password was changed outside of ShopSite on the server itself. Check with your host to see if they can help you get permissions reset. If they can't get it working you can ask them to contact ShopSite for assistance or you can purchase a support incident at http://www.shopsite.com/support_pricing.html