euroblaze | OXID e-Commerce User Blog

If your shop is under development and you’d like to restrict access to it from the public (or search-engine crawlers), you may use .htpasswd Authentication for temporarily locking down your site.

Offering .htpasswd Authentication entails the following steps:

1. Generate a password file using the htpasswd command, which contains the authorized users and their respective hashed passwords
2. Place directives in your OXID shop’s .htaccess file to require a match of username/password from this file.

To generate a password file

# .htpasswd -c /home/some_non-www_path/pwd_file admin

Upon running this command, a new password is requested for the user “admin”

Include this block of directives in your OXID Shop’s .htaccess file

AuthUserFile /home/some_path/pwd_file

If you have ever misplaced the OXID/Admin password, these steps will help you reset it.

Step 1

Login to your MySQL database with your favorite client (like mysql, mysql5 or phpmyadmin)  and change the email address (also username) of the admin user in the table oxuser.

Upward of OXID CE 4.2.x, you can use the following command:

update oxuser set oxusername=’user@domain.com’ where oxid=’oxdefaultadmin’;

Step 2

Go to the front end and reset the password pertaining to this email address (user@domain.com)  using the Reset Password function.

Notes

1. This method can be used not only to change the administrator password, rather also the username.  You will need this for changing the default username on the Debian/Lenny Virtual Machine for OXID.

Starting Version 4.3.x

The /n/ username starting OXID 4.3 is enforced to be an email address.  Hence for all newer versions, namely 4.4.x, 4.5.x etc.., you can skip Step-1 above, and use the Forgot Password tool from the shop front-end to have a password-reset link send by email.