403 Forbidden on admin site in new install
:dontgetit
I'm working on upgrading my site from 1.3.0 to 1.3.8a, and I made a fresh install of 138a to do some playing and testing. Anyway, the install went okay for the most part, except that I can't access my admin pages -- I get a 403 Forbidden message.
My freshly installed site is at http://justclickplay.net/candles and the admin should be under http://justclickplay.net/candles/admin for now. My secure site URL is https://plus24.safe-order.net/justclickplay
Here's my admin/includes/configure.php :
<?php
/**
* @package Configuration Settings circa 1.3.8
* @copyright Copyright 2003-2007 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
// Define the webserver and path parameters
// Main webserver: eg-http://www.your_domain.com -
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
// HTTP_CATALOG_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_CATALOG_SERVER is your Secure webserver: eg-https://www.your_domain.com
/*
* URLs for your site will be built via:
* HTTP_SERVER plus DIR_WS_ADMIN or
* HTTPS_SERVER plus DIR_WS_HTTPS_ADMIN or
* HTTP_SERVER plus DIR_WS_CATALOG or
* HTTPS_SERVER plus DIR_WS_HTTPS_CATALOG
* ...depending on your system configuration settings
*
* If you desire your *entire* admin to be SSL-protected, make sure you use a "https:" URL for all 4 of the following:
*/
define('HTTP_SERVER', 'http://justclickplay.net');
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
define('HTTP_CATALOG_SERVER', 'http://justclickplay.net');
define('HTTPS_CATALOG_SERVER', 'https://plus24.safe-order.net');
// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_ADMIN', '/candles/admin/');
define('DIR_WS_CATALOG', '/candles/');
define('DIR_WS_HTTPS_ADMIN', '/justclickplay/admin/');
define('DIR_WS_HTTPS_CATALOG', '/justclickplay/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_ADMIN', '/home/www/justclickplay/candles/admin/');
define('DIR_FS_CATALOG', '/home/www/justclickplay/candles/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_CATALOG_TEMPLATES', DIR_FS_CATALOG . 'includes/templates/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_SERVER', 'localhost');
define('DB_DATABASE', 'sbcandles');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'db');
// for STORE_SESSIONS, use 'db' for best support, or '' for file-based storage
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', '/home/www/justclickplay/candles/cache');
// EOF
Re: 403 Forbidden on admin site in new install
Check these:
PHP Code:
define('DIR_WS_ADMIN', '/candles/admin/');
define('DIR_WS_CATALOG', '/candles/');
define('DIR_WS_HTTPS_ADMIN', '/justclickplay/admin/');
define('DIR_WS_HTTPS_CATALOG', '/justclickplay/');
and try:
PHP Code:
define('DIR_WS_ADMIN', '/candles/admin/');
define('DIR_WS_CATALOG', '/candles/');
define('DIR_WS_HTTPS_ADMIN', '/candles/admin/');
define('DIR_WS_HTTPS_CATALOG', '/candles/');
Re: 403 Forbidden on admin site in new install
Re: 403 Forbidden on admin site in new install
I changed HTTPS_ADMIN to '/justclickplay/candles/admin/' and CATALOG to '/justclickplay/candles/' and I can now get logged in. HOWEVER, if I click on any link, it takes me back to the login screen. It seems that the links are pointing to the unsecured "http://justclickplay.net/candles/admin/configuration.php?xxxx" rather than the secured location. If I copy/paste the link into my address bar and manually change "http://justclickplay.net/candles/admin" to "https://plus24.safe-order.net/justclickplay/candles/admin" then it works. Very annoying, but at least further than before. :sigh:
Re: 403 Forbidden on admin site in new install
Turn off the ENABLE on the secure ... does it work?
If so it is because your secure URL is also wrong:
PHP Code:
define('HTTP_SERVER', 'http://justclickplay.net');
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
define('HTTP_CATALOG_SERVER', 'http://justclickplay.net');
define('HTTPS_CATALOG_SERVER', 'https://plus24.safe-order.net');
You might try:
PHP Code:
define('HTTP_SERVER', 'http://justclickplay.net');
define('HTTPS_SERVER', 'https://plus24.safe-order.net/justclickplay');
define('HTTP_CATALOG_SERVER', 'http://justclickplay.net');
define('HTTPS_CATALOG_SERVER', 'https://plus24.safe-order.net/justclickplay');
Re: 403 Forbidden on admin site in new install
You should check with your Hoster to make sure you are using the correct SSL path.
These do not look right:
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
define('HTTPS_CATALOG_SERVER', 'https://plus24.safe-order.net');
You might need to use: https://plus24.safe-order.net/~username - or something similar.
Also, change the following:
from
define('SQL_CACHE_METHOD', 'none');
to
define('SQL_CACHE_METHOD', 'database');
Re: 403 Forbidden on admin site in new install
Whew, I got it working. Here's the changes I made. Figured I'd show you here so maybe it will make more sense to you than me. :)
PHP Code:
define('HTTP_SERVER', 'http://justclickplay.net');
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
define('HTTP_CATALOG_SERVER', 'http://justclickplay.net');
define('HTTPS_CATALOG_SERVER', 'https://plus24.safe-order.net');
AND
PHP Code:
define('DIR_WS_ADMIN', '/candles/admin/');
define('DIR_WS_CATALOG', '/candles/');
define('DIR_WS_HTTPS_ADMIN', '/justclickplay/candles/admin/');
define('DIR_WS_HTTPS_CATALOG', '/justclickplay/candles/');
I suppose I could have added the /justclickplay to the end of the safe-order.net links, but this works and I don't want to break it again. :smile: Still gotta make sure it stands the test of time. Anyone see any problems with this? Should I post my main /store/includes/configure.php to get some welcome criticism?
Re: 403 Forbidden on admin site in new install
I'd suggest try the change as that is how it should be written so that the paths work properly under all circumstances of going between the secure and non-secure pages ...
While it can probably function the way you have it, that is not technically correct based on the design ...
Re: 403 Forbidden on admin site in new install
I concur, with both of the last two posts. :wink:
Re: 403 Forbidden on admin site in new install
OK, thanks, Ajeh! I've changed it to move the /justclickplay from the DIR definitions to the HTTPS defnintions (after the server) and it works.
Thanks for all your help! And Happy 2008!!