Ajax script problem!?

[MG01]

hi to all,
i am using older version of elxis cms on my site www.villamidea.com.
Due to new security measures on my new hosting provider server, i am getting note that there are some script (src=http://www.villamidea.com/administrator/includes/js/ajax_new.js ) that is used at front-end and running from admin folder. This is making problem such is prompting security check on front-end pages opening and problem with saving changes made on content in back-end. Please for help, because i do not know how to move that script to public folder!

best regards,

[datahell]

You have administration folder htaccess protected! Elxis 2009.x can't work this way.
Remove the htaccess login and instead rename the administration login page.

[MG01]

I am again returned to cms developer by my hosting!
This new protection is standard and only thing that is making problem is mentioned script, which has to be removed from admin folder..
Please for help because I cannot do anything on site without this change.
Also I have noticed that facebook like and box modules are not working anymore! Is that connected to this issue?

Best regards,

[datahell]

In order to to modify Elxis do this: copy the file inside your template's folder and add a link to that file in template's index.php.


<script type="text/javascript" src="https://www.elxis.org/templates/mytemplate/ajax_new.js"></script>

[MG01]

Thanks for your time, but after i have done this it is still prompting this security check on fronted page opening!

Do i need to delete ajax_new.js from admin folder?
Or to add all other scripts as well?

[datahell]

Open file includes/frontend.php  and comment lines 306-308:

Code: [Select]

//if ($mainframe->getCfg('sef') == 2) {
//$beforeCustom[] = '<script type="text/javascript" src="'.$mainframe->getCfg('ssl_live_site').'/administrator/includes/js/ajax_new.js"></script>';   
//}
Put the file in your template's index.php file as I told you.

[MG01]

I think i have done all above, and now i am not getting security check on page openning (i still need to check this from different computers), but it is still prompted at admin login and articles still can not be saved as usual!
Any ideas?

[datahell]

I told you that you must remove the htaccess protection in administration, it is stupid and doesn't protects you at all. If someone hacks the site from frontend he can access all files in site with a simple "include" and htaccess wont protect you from anything because such actions doesn't trigger apache. Do you understand this???
If you want to keep the htaccess then keep it but dont blame about security prompts and problems.