"There was a security error when trying to login" - v1.3.8

Quote:

---

Originally Posted by kuroi

The hosting company won't be able to help you. The template clearly hasn't been written for the current version of Zen Cart. However, this thread should contain all the information that you need to solve the problem, so it's most likely a problem with the way in which you have made the changes, but we'd need more information about your template and how precisely your have made the changes to help your further.

---

I uploaded the zc_install folder again and successfully upgraded the database from 1.3.6 to 1.3.7 but when i try to upgrade from 1.3.7 to 1.3.8 i get another error

***************
1062 Duplicate entry 'Customers who have never completed a purchase' for key 2
in:
[INSERT INTO ataste_query_builder (query_category, query_name, query_description , query_string) VALUES ('email,newsletters', 'Customers who have never completed a purchase', 'For sending newsletter to all customers who registered but have never completed a purchase', 'SELECT DISTINCT c.customers_email_address as customers_email_address, c.customers_lastname as customers_lastname, c.customers_firstname as customers_firstname FROM TABLE_CUSTOMERS c LEFT JOIN TABLE_ORDERS o ON c.customers_id=o.customers_id WHERE o.date_purchased IS NULL');]

***************

The site now has "Your database appears to need patching to a higher level. See Tools->Server Information to review patch levels." so I checked the Tools -> Server info and yes it tells me its at 1.3.7

any ideas how to get it to upgrade again?

Many thanks
Ellie

i went back in to the zc_install and ran the install, It tells me that the database appears to be version 1.3.8 already so that my explain the "duplicate"!

But on the site it still tell me i might need a patch !

grr!

Ellie

! Another phenomenon but different for login-gremlin pros ... for both customer and admin logins, only the very first attempt with correct data input is bringing up the message 'There was a security error while trying to login'. The password asterisks stay in place, and simply tapping return once more
then gets you in to the store/admin with apparently full functionality. After this first occurrence, admin and any successive (test) customers can log in & out as much as they wish without further issues until (I assume) the session gets terminated (i.e. by navigating elsewhere before returning to the zensite URL), and the one-off glitch pops up again. Clearing the cache doesn't provoke the security message.

Version Zencart is 1.3.8, on apache (unix) with php 5.2.5, MySQL 4.1.22, using shared certificate SSL applied to both admin and store (which is when the glitches showed). I've switched database referents to a prior populated database (also generation 1.3.8), and checked the obvious here - the database fields are all present & correct - but an attempted reinstallation to apply the SSL choked on a blank database update page.

Config files are consistent AFAICT with each other & the SSL config. Having checked some threads on login probs, I've verified that the upgraded session security token codings are present in the following files

tpl_timeout_default.php
tpl_login_default.php
admin/login.php

and that the customised files replicate the updated templates for the first two. Sessions.php is version $id 6662 2007-08-12 21:37:17Z wilt$; the fault recurs at each new session event so seems related to dedicated session variables somehow. Also noted that there was a php 5.2 patch pasted into the code ...

Switching to classic template did not stop login snagging; changing databases does not avoid it either.

Attempting diy diagnosis using the admin-developer toolkit search, the error message ERROR_SECURITY_ERROR is generated only when the following trap is triggered in either the modules/pages/login/ or modules/pages/time_out/header_php.php files

$_SESSION['securityToken']!==$_POST['securityToken']

which (I think) is saying 'if the posted encryption string does not match the generated key (then slap up the security error slogan). What might make these fall out with each other just once ? Is this likely to be a shared-SSL or database access issue ? There's no customisation applied to admin, very little to catalog. Any light shed on what's going awry would be much appreciated, TIA

Well, that's a conversation killer, 8-| !! What happened next, was: an anomaly between some legacy HTML-frame coding and the shared SSL cert links needed sorting out ... and after this, the snagging disappeared for the catalog (i.e. for test customers using the store), at least as a predictable recurring event. It has come back for old time's sake here and there, but it looks to have been resolved by clearing out the frames. As for the admin pages, snagging is still there. Not for us to question why sometimes ...

I didn't read every message in this thread, so if I am repeating someone, sorry.

I just wanted to add that this situation also came up when using a commercial template that had it's own copy of tpl_login_default.php.

The same solution applies.

I was getting this error can came to the forum and have corrected it by reading through all of this, a couple of the posts explain very well what lines were missing in tbl_login_default.php but what I don't understand is the zen cart i am working on is not an upgrade it is a complete new install at v1.3.8, so why was I getting this error? I hadn't customized tbl_login_default.php but now it is customized with the lines that were missing and should have been there...

I've just started experiencing this error today, but I reckon I know the cause - today I installed GooglePayments, and two of the files that mod replaced were "- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php" and "- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php".

Obviously I cant simply reinstate those two files from my most recent backup as presumably the changes in them are required by GooglePayments, so can anyone summarise the bit that the mod has apparently not included in the mod? While we're at it, is it possible for someone to change the files in the download (I got it from here just a couple of hours ago) or failing that to put an addendum on the mod download page that alerts downloaders about the changes they'll need to make?

Help much appreciated - I cant get any customer login to work at the moment!!!

S'okay, I found it on the previous page (post 98 for those looking!).

I'm still confused as to why the download of the Google Payments mod still has the old files though!

I am new to Zen Cart. I just did a fresh install of 1.3.8. Actually, Godaddy did it on a shared hosting account.

Can't login to admin or customer account. Get a "Security blah blah blah message" on the customer account.

When I try to resend the password for the admin account it appears to do nothing.

I have tried different browsers and they are all set to receive cookies.

I have read through all of these forums posts and I do not know why a fresh copy of zen cart 1.3.8 would be having these issues.

Any suggestions on resolving this matter?

Atticus - does this describe the phenomenon:
"... for both customer and admin logins, only the very first attempt with correct data input is bringing up the message 'There was a security error while trying to login'. The password asterisks stay in place, and simply tapping return once more then gets you in to the store/admin with apparently full functionality."
Not sure why that happens, but it can be lived with if so ... (dscvry post above fr June 2008) - sweet if that's the issue.