xshaanx -
That worked perfect. Thanks!
Printable View
xshaanx -
That worked perfect. Thanks!
A better solution would be to remove the tpl_login file that's already there.
If this worked it suggests that you're using one of those templates that mistaken copies all the files from template_default and so overrides new versions released with security fixes.
By simply copying the new file in there instead, you'll then override any future changes to these files and have the same problem again in the future.
Well I have been having this issue with my zencart and when I checked for that coding, it was in fact already on those pages/scripts, yet I am still getting the security error for customers who try to log in. I have read through the thread, and still not sure why it continues to do this?
If anyone would like to help me out, with fixing my site, I'd gladly pay for your time and help. I just don't know what else to do at this point.
www . lanikshair . com
My client's site recently started having this issue. Her site is hosted with Netfirms and they recently did a major server migration of a number of their clients which is when the trouble began. (Prior to the migration all was FINE!!)
Initially we thought that the issue was due to the fact that Netfirms had not properly re-installed her SSL certificate, but now they have corrected the SSL issue.
However the error persists..
I tried disabling SSL in the store to see if the security error goes away, and it does indeed persist whether SSL is on or not.. So I'm fairly certain that the SSL certificate is no longer the issue..
This store does not use a packaged template, it is a custom template but it was built following all the proper guidelines for creating a custom template, and it does NOT have customized template "login" files. So I checked the following files in the default template:
- /includes/templates/default_template/templates/tpl_login_default.php
- /includes/templates/default_template/templates/tpl_timeout_default.php
I verified that the required security code was in place, but to be safe I deleted and then replaced both files with ones from the Zen Cart zip file download.
And though I wasn't encountering the error in the Admin area, I deleted and replaced this file as well:
- /admin/login.php
I did delete and replace one additional file (based on a suggestion I saw DrByte had posted in another thread on this topic.. http://www.zen-cart.com/forum/showthread.php?t=88106)
- /includes/functions/sessions.php
If I switch to the Classic template, instead of the custom template, the problem continues.. This store does not have FEC or COWOA installed. Clearing browser and cookies doesn't help, and I have confirmed that others still have the same issue..
Server Information:
Zen Cart 1.3.8a
Server OS: Linux 2.6.35.8-nx
Database: MySQL 5.0.91-log
HTTP Server: Apache/2
PHP Version: 5.2.17 (Zend: 2.2.0)
I am plum out of ideas:frusty:, and could use another set of eyes here (Kuroi, DrByte??? PLEASE!!!)
Not my area of expertise, but it looks to me as though the site may be having problems reading or writing to visitor's session data or creating a session.
When I look at the login form code being sent to the browser, the hidden security token is declared, but has no value. The value should be taken from the session array, but if that's not accessible, then no value can be assigned.
The security error then arises because when the form is submitted, Zen Cart checks for the security token, ready to compare it back to the value being held in the session for this visitor. But because it's not there, concludes that this is probably a fraudulent submission.
So the issue most likely comes back to why cart couldn't read the session to get the original token, or why it couldn't put it in the session in the first place.
At this point my knowledge runs out and I can suggest only that you ask the webhost what changes they've made that could affect session handling.
**sigh** I had already communicated to my client that I suspected that Netfirms has modified something which is the root cause of the issue.. I suggested it was either files, or server settings, but I'm clueless as well.. **sigh**I get that my client is frustrated, but she seems to think there is something magical that I can do to resolve all of these issues.. I am out of ideas..
Thanks for the insight though.. I've passed the information back on to my client.. Maybe DrByte will pass though and offer some additional insights..
Quote:
Originally Posted by kuroi
I met the friendly guys at Netfirms at a networking event a couple years ago, and from that conversation opted to try them out for a site I wanted to set up. I found their unconventional control panel to be slow and confusing at best, and most of the time quite useless. When I finally got a store up and running it was obvious that the servers were very poorly tuned and couldn't handle running database-driven sites with any degree of speed or reliability. They seem to serve static pages fine, but that's an extremely limited market.
I took the site to a shared hosting account on another server and it immediately sprang to life, and have had no issues with it running reliably there.
I lost some money in wasted months of hosting that I didn't use, and overpriced domain-name-registration fees. But the move to reliable and speedy hosting more than made up for that loss. I probably should have gone back and asked for money back, but I chose to keep the service until the paid months expired. I tested a few other experimental Zen Cart coding ideas with it, and various caching and other addons, but nothing could fix or overcome the performance problems on their servers.
I suggest you do the same, given that their problems are even worse and from I'm seeing posted lately it doesn't look like they know how to fix what they've broken.
How many sales have you lost? How long has your store been down? How does that equate to the costs of changing?
Preaching to the choir sir.. **sigh** That is my recommendation, but she is STUCK on these folks. I've been on her case about Netfirms since the day I took over this site from her previous web developer (who built a static website and could not figure out how to "connect" it to the old osCommerce store). She has a TON of other sites hosted here (I think she let's "friends" host their sites on her hosting account) and she is reluctant to pay money to fix the problem..
I've pointed out (again) that her hosting company is problematic AND the need to upgrade to Zen Cart 1.3.9, but she is trying to save money. All the while her store is down and she has lost far more than she has saved.. (Store's been down since Friday.. WHO KNOWS how many sales she's lost..)
Since this posting I discovered that they (Netfirms) screwed up a number of things in this migration:
- Not re-installing the SSL cert (initially they told my client she didn't have one..)
- They made a modification to the /includes/functions/sessions.php file which looked like some sort of temporary change to explicitly call out a file path. I have replaced that file with a clean one I had in my site backups for this client.
- They mucked up the FTP settings so that I could not access the site via FTP and was relegated to using their crappy cPanel FileManager until they fixed that.
- Somehow in trying to fix the SSL or FTP issues they did something which caused a 500 error when accessing the site admin.
- Today they removed the sideboxes folder from the default_template (rendering all her WordPress sideboxes INOPERABLE)
**sigh** will try ONE MORE TIME to convince her to let me move and upgrade this site..
Thanks for weighing in DrByte.. I've passed on what you an Kuroi have posted here.. She's passed it on to Netfirms..
Though I'm pretty sure I'll see a live unicorn before they (Netfirms) fixes this..
It's tough being a small professional services business. But there comes a time when you have to ask whether you can really add value to the business of a client who refuses to take your advice.
We've resigned an account like that in the past year, and it was a big relief once we'd done so. We've also had to say "change your web host, or change your developer, twice". Happily both clients chose the developer!
Don't I know it..:smile:Quote:
Originally Posted by kuroi
I've "resigned" a few clients over the years because it was the best thing for my peace of mind and my business.. In fact I just recently "resigned" a client.. This client refused to take my advice, failed to provide required materials for the site build, failed to make crucial business decesions which would inform the site build and then questioned me about why the site build was not going as planned.. They mistakenly thought that since I was a small business I would just "take it".. They were wrong.. I've had NO regrets at all about ending that contract and setting them free..:smile:
Sadly this may the place where I am at here too..:wacko:Quote:
Originally Posted by kuroi