Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default admin password problem

    I upgraded my site to 1.5, changed the admin cofigure files to allow ssl in the admin in order to install the authorize.net module.

    1. I still cannot install authorize.net (AIM), it still says:
    ALERT: For security reasons, Installation of this module is disabled until your Admin is configured for SSL.

    2. Every time I log on as admin, It forces me to reset the password. Here is the error:

    Note: Your password has expired because your site has changed from non-SSL (less secure) to being SSL-protected (more secure). Changing your password under SSL is an important step to greater security. Sorry for any inconvenience. Standard password expiry rules apply.

    I found another post about issue 2 above in June, but there were not any replies.

    Sadie

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: admin password problem

    Simply set your admin HTTP_SERVER and HTTPS_SERVER to BOTH be an https URL, as explained here: http://www.zen-cart.com/content.php?...alled-zen-cart

    And make sure the file actually gets uploaded (it won't be uploaded if the file is read-only).

    Under normal circumstances (ie: a traditionally configured server with traditional correctly installed SSL certificate, and no URL-rewriting or redirects in .htaccess), none of your symptoms in your "#2" would persist beyond the first instance of requiring the new password.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default Re: admin password problem

    I've already made those changes. After the changes the 1.3 store works fine, but the other 1.5 store I am building gets errors: Here is my admin configure file, with my website removed:

    define('HTTP_SERVER', 'https://www.____.net');
    define('HTTPS_SERVER', 'https://www.##########.net');
    define('HTTP_CATALOG_SERVER', 'https://www.##########__.net');
    define('HTTPS_CATALOG_SERVER', 'https://www.##########__.net');

    // secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_ADMIN', 'true');

    // secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_CATALOG', 'true');

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: admin password problem

    Here's how it works:

    AIM expects that the URL being used at the point of accessing the module's installation screen must be an https URL.
    If it's not https, then you'll see the message you're reporting.

    The password reset because of changing from NON-SSL to SSL is triggered by logging into the Admin over NON-SSL and then later accessing over SSL.
    So, if you're triggering that, then it means your admin has let you log in without using only https URLs.

    Thus, that tells me you're flipping back and forth between modes.
    So, this suggests that you're using multiple configure.php files when accessing the same database. This would be a problem with your development environment.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default Re: admin password problem

    Quote Originally Posted by DrByte View Post
    Here's how it works:

    AIM expects that the URL being used at the point of accessing the module's installation screen must be an https URL.
    If it's not https, then you'll see the message you're reporting.

    The password reset because of changing from NON-SSL to SSL is triggered by logging into the Admin over NON-SSL and then later accessing over SSL.
    So, if you're triggering that, then it means your admin has let you log in without using only https URLs.

    Thus, that tells me you're flipping back and forth between modes.
    So, this suggests that you're using multiple configure.php files when accessing the same database. This would be a problem with your development environment.
    Your were right. When I watched my admin clicks, every other click was non-SSL. I'm not sure why there was a problem, since I made changes to each the secure and non-secure admin configure files when I made changes. I have a copy of my entire store in the secure (SSL)section of my hosting account. I deleted the configure file from the secure section, and then copied the configure file from the non-secure section over to the secure section, and the problem was fixed.

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: admin password problem

    Quote Originally Posted by sadie View Post
    I have a copy of my entire store in the secure (SSL)section of my hosting account. I deleted the configure file from the secure section, and then copied the configure file from the non-secure section over to the secure section, and the problem was fixed.
    I STRONGLY suggest that you work with your hosting company to find a way to symlink your "secure" section to look directly at your non-secure section. There's NO good reason to have to separate them on contemporary webservers nowadays. If your host can't do that, then you've got a lotta work to do every day when trying to keep things in sync between the two places. It's a very outdated server architecture, and not well-suited for ecommerce or any other dynamically-driven site.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jan 2007
    Location
    Los Angeles, California, United States
    Posts
    10,023
    Plugin Contributions
    32

    Default Re: admin password problem

    Quote Originally Posted by DrByte View Post
    I STRONGLY suggest that you work with your hosting company to find a way to symlink your "secure" section to look directly at your non-secure section. There's NO good reason to have to separate them on contemporary webservers nowadays. If your host can't do that, then you've got a lotta work to do every day when trying to keep things in sync between the two places. It's a very outdated server architecture, and not well-suited for ecommerce or any other dynamically-driven site.
    I made one client changes hosts (Yahoo) for this reason.. I think Yahoo still uses this kind of server setup..
    My Site - Zen Cart & WordPress integration specialist
    I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.

  8. #8
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default Re: admin password problem

    I’m not sure it is my host’s fault. I’ve had two hosts, and it has always been set up like this for years. When I switched hosts a few years ago, they transferred my site exactly as it was.

    Once I finish with the last few design changes, and put the site live, I will look into how to make it work the way DrByte suggested. It certainly would save disc space, since I am not on an unlimited plan, and had to move up to a more expensive plan just to have the disc space to work on the upgrade, and have my separate live site.

  9. #9
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,107
    Plugin Contributions
    11

    Default Re: admin password problem

    It certainly would save disc space, since I am not on an unlimited plan, and had to move up to a more expensive plan just to have the disc space to work on the upgrade, and have my separate live site.
    Unless you have thousands of HUGE images, you need to find a new host. One of our largest sites is only 85m!

    That would be less than 200m for two sites. Most hosts default at about ten times that. Most will allow multiple databases as well.

  10. #10
    Join Date
    Jan 2007
    Location
    utah
    Posts
    26
    Plugin Contributions
    0

    Default Re: admin password problem

    I'm having a similar problem. I've changed everything as suggested, in the config files my ssl is working at www.langeoriginals.com (I've just upgraded from 1.3.1-1.5.1) I login to the admin area and on the second page and subsequent pages I lose the SSL. As a result I'm locked out of the payment modules. I'm using webmasters.com for hosting and I believe they did away with a separate area for secure files. I'm not seeing "duplicate" config files. Please advise.

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v151 Problem changing admin password
    By elvisstuff in forum General Questions
    Replies: 4
    Last Post: 13 Feb 2015, 09:51 PM
  2. v153 Going in Circles with DP Patch / Admin password problem
    By grumpkat in forum Upgrading to 1.5.x
    Replies: 2
    Last Post: 7 Aug 2014, 02:16 AM
  3. Problem retrieving admin password
    By pausambeat in forum General Questions
    Replies: 3
    Last Post: 10 Feb 2009, 01:40 PM
  4. Admin Password Reset Problem
    By IRevelar in forum Installing on a Linux/Unix Server
    Replies: 7
    Last Post: 15 Oct 2008, 12:39 AM
  5. Problem with admin password
    By tekram in forum Installing on a Linux/Unix Server
    Replies: 1
    Last Post: 29 Jun 2008, 08:29 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR