"There was a security error when trying to login" - v1.3.8

Quote:

---

Originally Posted by kuroi

The hosting company won't be able to help you. The template clearly hasn't been written for the current version of Zen Cart. However, this thread should contain all the information that you need to solve the problem, so it's most likely a problem with the way in which you have made the changes, but we'd need more information about your template and how precisely your have made the changes to help your further.

---

I uploaded the zc_install folder again and successfully upgraded the database from 1.3.6 to 1.3.7 but when i try to upgrade from 1.3.7 to 1.3.8 i get another error

***************
1062 Duplicate entry 'Customers who have never completed a purchase' for key 2
in:
[INSERT INTO ataste_query_builder (query_category, query_name, query_description , query_string) VALUES ('email,newsletters', 'Customers who have never completed a purchase', 'For sending newsletter to all customers who registered but have never completed a purchase', 'SELECT DISTINCT c.customers_email_address as customers_email_address, c.customers_lastname as customers_lastname, c.customers_firstname as customers_firstname FROM TABLE_CUSTOMERS c LEFT JOIN TABLE_ORDERS o ON c.customers_id=o.customers_id WHERE o.date_purchased IS NULL');]

***************

The site now has "Your database appears to need patching to a higher level. See Tools->Server Information to review patch levels." so I checked the Tools -> Server info and yes it tells me its at 1.3.7

any ideas how to get it to upgrade again?

Many thanks
Ellie

i went back in to the zc_install and ran the install, It tells me that the database appears to be version 1.3.8 already so that my explain the "duplicate"!

But on the site it still tell me i might need a patch !

grr!

Ellie

! Another phenomenon but different for login-gremlin pros ... for both customer and admin logins, only the very first attempt with correct data input is bringing up the message 'There was a security error while trying to login'. The password asterisks stay in place, and simply tapping return once more
then gets you in to the store/admin with apparently full functionality. After this first occurrence, admin and any successive (test) customers can log in & out as much as they wish without further issues until (I assume) the session gets terminated (i.e. by navigating elsewhere before returning to the zensite URL), and the one-off glitch pops up again. Clearing the cache doesn't provoke the security message.

Version Zencart is 1.3.8, on apache (unix) with php 5.2.5, MySQL 4.1.22, using shared certificate SSL applied to both admin and store (which is when the glitches showed). I've switched database referents to a prior populated database (also generation 1.3.8), and checked the obvious here - the database fields are all present & correct - but an attempted reinstallation to apply the SSL choked on a blank database update page.

Config files are consistent AFAICT with each other & the SSL config. Having checked some threads on login probs, I've verified that the upgraded session security token codings are present in the following files

tpl_timeout_default.php
tpl_login_default.php
admin/login.php

and that the customised files replicate the updated templates for the first two. Sessions.php is version $id 6662 2007-08-12 21:37:17Z wilt$; the fault recurs at each new session event so seems related to dedicated session variables somehow. Also noted that there was a php 5.2 patch pasted into the code ...

Switching to classic template did not stop login snagging; changing databases does not avoid it either.

Attempting diy diagnosis using the admin-developer toolkit search, the error message ERROR_SECURITY_ERROR is generated only when the following trap is triggered in either the modules/pages/login/ or modules/pages/time_out/header_php.php files

$_SESSION['securityToken']!==$_POST['securityToken']

which (I think) is saying 'if the posted encryption string does not match the generated key (then slap up the security error slogan). What might make these fall out with each other just once ? Is this likely to be a shared-SSL or database access issue ? There's no customisation applied to admin, very little to catalog. Any light shed on what's going awry would be much appreciated, TIA

Well, that's a conversation killer, 8-| !! What happened next, was: an anomaly between some legacy HTML-frame coding and the shared SSL cert links needed sorting out ... and after this, the snagging disappeared for the catalog (i.e. for test customers using the store), at least as a predictable recurring event. It has come back for old time's sake here and there, but it looks to have been resolved by clearing out the frames. As for the admin pages, snagging is still there. Not for us to question why sometimes ...

I didn't read every message in this thread, so if I am repeating someone, sorry.

I just wanted to add that this situation also came up when using a commercial template that had it's own copy of tpl_login_default.php.

The same solution applies.

I was getting this error can came to the forum and have corrected it by reading through all of this, a couple of the posts explain very well what lines were missing in tbl_login_default.php but what I don't understand is the zen cart i am working on is not an upgrade it is a complete new install at v1.3.8, so why was I getting this error? I hadn't customized tbl_login_default.php but now it is customized with the lines that were missing and should have been there...

I've just started experiencing this error today, but I reckon I know the cause - today I installed GooglePayments, and two of the files that mod replaced were "- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php" and "- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php".

Obviously I cant simply reinstate those two files from my most recent backup as presumably the changes in them are required by GooglePayments, so can anyone summarise the bit that the mod has apparently not included in the mod? While we're at it, is it possible for someone to change the files in the download (I got it from here just a couple of hours ago) or failing that to put an addendum on the mod download page that alerts downloaders about the changes they'll need to make?

Help much appreciated - I cant get any customer login to work at the moment!!!

S'okay, I found it on the previous page (post 98 for those looking!).

I'm still confused as to why the download of the Google Payments mod still has the old files though!

I am new to Zen Cart. I just did a fresh install of 1.3.8. Actually, Godaddy did it on a shared hosting account.

Can't login to admin or customer account. Get a "Security blah blah blah message" on the customer account.

When I try to resend the password for the admin account it appears to do nothing.

I have tried different browsers and they are all set to receive cookies.

I have read through all of these forums posts and I do not know why a fresh copy of zen cart 1.3.8 would be having these issues.

Any suggestions on resolving this matter?

Atticus - does this describe the phenomenon:
"... for both customer and admin logins, only the very first attempt with correct data input is bringing up the message 'There was a security error while trying to login'. The password asterisks stay in place, and simply tapping return once more then gets you in to the store/admin with apparently full functionality."
Not sure why that happens, but it can be lived with if so ... (dscvry post above fr June 2008) - sweet if that's the issue.

Quote:

---

Originally Posted by DrByte

It has nothing to do with 644 or 444 on your configure.php files.

Whatever is causing it is preventing your visitors from being able to establish a PHP session. You can't even add anything to the cart and have it be remembered. That's a classic problem with sessions.

When did your hosting company upgrade to PHP 5.2.5? Maybe they busted this on you without knowing it.

---

I'm having the same problem that crisand, I'm not using a webhosting since i have control over the host myself, i think i have a problem with sessions too, but i have tried to stablish a php session between 2 pages for testing and it works fine, besides the admin works fine too.

Please I need your help urgent, i don't know what to do.

I have SSL in false, but i do have a certified installed.

Quote:

---

Originally Posted by dscvry

Atticus - does this describe the phenomenon:
"... for both customer and admin logins, only the very first attempt with correct data input is bringing up the message 'There was a security error while trying to login'. The password asterisks stay in place, and simply tapping return once more then gets you in to the store/admin with apparently full functionality."
Not sure why that happens, but it can be lived with if so ... (dscvry post above fr June 2008) - sweet if that's the issue.

---

I've been experiencing exactly the same problem as described above. I'm using a fresh installation of Zencart v1.38a, so all the security tokens are in place. The tutorial regarding this issue actually says to add
<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>
after every occurence of the password field (zen_draw_password_field function). This is already present in
- /includes/templates/MY_TEMPLATE/templates/tpl_login_default.php and
- /includes/templates/MY_TEMPLATE/templates/tpl_timeout_default.php

My question is, where is it meant to go in /admin/login.php (see my code below)? There is no "zen_draw_password_field." I can only guess that the line <input type="hidden" name="securityToken" value="<?php echo $_SESSION['securityToken']; ?>"> is doing the same job. Is this correct?

I'm currently using my own customised template, and have made some cosmetic css alterations to the appearance of the admin login pages (see code plus jpg example below). Other addons that are installed include: About Us Page, Column Divider Pro, Column Layout Grid, CSS Menu, Flash Hacks, Newsletter Subscribe, Time Zone Offset and RFQ. The problem was also happening before AND after I had installed an SSL, and even after I've installed the latest security patch. I've read all the posts regarding this issue but none seem to really resolve this.

To me, it seems like a random occurence. It doesn't always happen but sometimes it even happens after I've just rebooted the computer or cleared the cache etc. I am able to get through past the login via the store front or admin after my second or third attempt and everything else seem to function without a problem thereafter. I've only come across this problem once in the store front when trying to log in as a customer. The message occurs more in the admin, maybe because I've been logging in to the admin section more than the store front.

I am happy to just ignore this occurence and simply just live with it as suggested, but I want to be sure that I am not ignoring a serious security issue that will come back to bite me later down the track after the store has gone live. I am actually just inclined to change the message from "There was a security error when trying to login" to a less menacing warning like "There was an error when trying to login" in order to prevent my client and the shop customers from panicking when seeing this message. At this point I am very hesitant to go live until this problem is completely resolved. So, if anyone has a solution, please, please share.

Code:

---

<?php
//
// +----------------------------------------------------------------------+
// |zen-cart Open Source E-commerce                                      |
// +----------------------------------------------------------------------+
// | Copyright (c) 2003 The zen-cart developers                          |
// |                                                                      |
// | http://www.zen-cart.com/index.php                                    |
// |                                                                      |
// | Portions Copyright (c) 2003 osCommerce                              |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the GPL license,      |
// | that is bundled with this package in the file LICENSE, and is        |
// | available through the world-wide-web at the following url:          |
// | http://www.zen-cart.com/license/2_0.txt.                            |
// | If you did not receive a copy of the zen-cart license and are unable |
// | to obtain it through the world-wide-web, please send a note to      |
// | [email protected] so we can mail you a copy immediately.          |
// +----------------------------------------------------------------------+
//  $Id: login.php 6522 2007-06-20 23:34:31Z wilt $
//

  require('includes/application_top.php');

  $message = false;
  if (isset($_POST['submit'])) {
    $admin_name = zen_db_prepare_input($_POST['admin_name']);
    $admin_pass = zen_db_prepare_input($_POST['admin_pass']);
    $sql = "select admin_id, admin_name, admin_pass from " . TABLE_ADMIN . " where admin_name = '" . zen_db_input($admin_name) . "'";
    $result = $db->Execute($sql);
    if ((!isset($_SESSION['securityToken']) || !isset($_POST['securityToken'])) || ($_SESSION['securityToken'] !== $_POST['securityToken'])) {
    $message = true;
      $pass_message = ERROR_SECURITY_ERROR;     
    }
    if (!($admin_name == $result->fields['admin_name'])) {
      $message = true;
      $pass_message = ERROR_WRONG_LOGIN;
    }
    if (!zen_validate_password($admin_pass, $result->fields['admin_pass'])) {
      $message = true;
      $pass_message = ERROR_WRONG_LOGIN;
    }
    if ($message == false) {
      $_SESSION['admin_id'] = $result->fields['admin_id'];
      if (SESSION_RECREATE == 'True') {
        zen_session_recreate();
      }
      zen_redirect(zen_href_link(FILENAME_DEFAULT, '', 'SSL'));
    }
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<link href="includes/stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body id="login" onload="document.getElementById('admin_name').focus()">
<form name="login" action="<?php echo zen_href_link(FILENAME_LOGIN, '', 'SSL'); ?>" method = "POST">
  <fieldset>
    <!--<legend><?php echo HEADING_TITLE; ?></legend>-->
    <span class="loginMessage"><?php echo $pass_message; ?></span>
    <br /><br />
    <label class="loginLabel" for="admin_name"><?php echo TEXT_ADMIN_NAME; ?></label>
<input style="float: left" type="text" id="admin_name" name="admin_name" value="<?php echo zen_output_string($admin_name); ?>" />
<br class="clearBoth" />
    <label  class="loginLabel" for="admin_pass"><?php echo TEXT_ADMIN_PASS; ?></label>
<input style="float: left" type="password" id="admin_pass" name="admin_pass" value="<?php echo zen_output_string($admin_pass); ?>" />
<br class="clearBoth" />

    <input type="hidden" name="securityToken" value="<?php echo $_SESSION['securityToken']; ?>">
    <input type="submit" name="submit" class="button" value="Login" />
   
 <br /><br /> 
   
    <?php echo '<a class="resend_password" href="' . zen_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL') . '">' . TEXT_PASSWORD_FORGOTTEN . '</a>'; ?>
<br />
<br />
<br />

<!--<?php /*?>    <span class="loginMessage"><?php echo $pass_message; ?></span><?php */?>-->
  </fieldset>
</form>
</body>
</html>
<?php require('includes/application_bottom.php'); ?>

---

I installed the puple lily zencart. I upgraded to 1.3 8a. What i didn't realize the purple lily was 1.37 but i really love the site.

I get a security error for customers to log in. I read some of the help but I';m still confused where to find the file to merge and how to merge it.

Please help

I struggled with this same error message for hours last night when i upgraded to 1.3.8a and i've pulled out all my hair. luckily i number every strand so they're easily replaced in just such an emergency. i beleive i've discovered one very simple error that drove me nuts and will hopefully prevent this with someone else.

basically, when you update both configure.php files on the admin and store sides, you need to actually make sure they updated. when i do any updates, i use a FTP program or the CP file manager to upload my updated files. happens no matterhow i make the update.

i know the following is basic programming, but sometimes we need a reminder.
when you want to update these configure.php files, the first thing you must do is to change the permissions of each file to 644, and not 444. the 6 allows you to rewrite, or overwrite the file. if you do not do this and attempt to overwrite the original file, it will not overwrite, even though it looks like it did. nothing will actually be rewritten and the original error causing file still exists. permissions must be set to 644 to make changes.

basically, i thought i was updating the files in reality the system was blocking this.
i found this out using the CP file manager. I wanted to update the configure.php on the admin side and had to change the ENABLE SSL from "false" to "true". i did not change the permissions at first and only used the EDIT FILE link. i edited the file from false to true and then saved it thinking hte update had been made. no such luck.

when i tried to log into an account on the website, same error again. when i went back to the file manager to edit the same file i just edited, it still showed "false", like i made no update at all.

that's when i realised the permissions were preventing any update. before you edit the file using CP file manager, or an FTP client, change the persmissions of the configure.php file to 644 and save. then open and edit the file, make your changes, then save the file. then edit persmissions again back to 444 (if you don't set it back to 444, you'll get another error message at the top of your home page saying you're vulnerable, simply set back to 444 and it will be solved).

now try it and see if this solved it. i tried for hours never realising that my updates were never being accepted. same with an FTP program. chaneg the permissions first, then you can overwrite the file, then change the permissions back to 444.
hope this helps someone else out there.

i know this is obvious to many of you, but i spent hours trying to solve the problem and read every single post about this problem and this is what solved it for me. maybe it'll save someone a few hair follicles.

i believe its only the configure.php files that require you to change the permissions. other filed do not need as they are not critical and security related.
peace,
jbrird

Thanks for posting the problem and solution to this issue ...

You would be amazed how many people do not see that the configure.php file on the server is not actually getting updated via FTP due to the permissions being set at 444 ...

Setting the permissions to 644 or deleting the file on the server and then uploading the new file is the solution as you have noted ...

Thanks for posting your upgrade nightmare ... :cool:

NOTE: and yes ... have done it myself more times than I care to count ... fortunately after the first dozen times I am faster now at catching this one ... :smartalec:

Unfortunately, this still doesn't solve my issue as my version of zen cart was a fresh install of v1.38a. My file permissions for both my config files were set to 644 so there were no problems there. I have just experienced the second occurrence of the error in the shop front whilst logging in as a customer. I have provided a screen shot. Again I was able to login without further problems after I hit the login button a second time.

I meant to add that I will reset the file permissions back to 444 as suggested so I hope this solves my problem too. Thanks

After no upgrades or any site tweaking I started getting this error. It started last night. What would cause this to just happen?

Just an update with my security error during login ... I'm still getting the error message both in admin and when I login as a customer. This was after I set the permissions back to 444 for the config files. If anyone has any other ideas, please let me know. Thanks.

ok i know lot people was asking for same god dam help.. even i myself ask for help.. here and all the help i got from here it did not work for me.

but i made it to work.. n trust me it waorks like charm.........


for people who has install difarent templates all u have to do is .. go back template_default/templates

copy this 2 file tpl_login and tpl_logoff overright to your new templates.. that's all and trust me it'll work..
let me know...

xshaanx -

That worked perfect. Thanks!

A better solution would be to remove the tpl_login file that's already there.

If this worked it suggests that you're using one of those templates that mistaken copies all the files from template_default and so overrides new versions released with security fixes.

By simply copying the new file in there instead, you'll then override any future changes to these files and have the same problem again in the future.

Well I have been having this issue with my zencart and when I checked for that coding, it was in fact already on those pages/scripts, yet I am still getting the security error for customers who try to log in. I have read through the thread, and still not sure why it continues to do this?
If anyone would like to help me out, with fixing my site, I'd gladly pay for your time and help. I just don't know what else to do at this point.

www . lanikshair . com

My client's site recently started having this issue. Her site is hosted with Netfirms and they recently did a major server migration of a number of their clients which is when the trouble began. (Prior to the migration all was FINE!!)

Initially we thought that the issue was due to the fact that Netfirms had not properly re-installed her SSL certificate, but now they have corrected the SSL issue.
However the error persists..

I tried disabling SSL in the store to see if the security error goes away, and it does indeed persist whether SSL is on or not.. So I'm fairly certain that the SSL certificate is no longer the issue..

This store does not use a packaged template, it is a custom template but it was built following all the proper guidelines for creating a custom template, and it does NOT have customized template "login" files. So I checked the following files in the default template:

• /includes/templates/default_template/templates/tpl_login_default.php
• /includes/templates/default_template/templates/tpl_timeout_default.php

I verified that the required security code was in place, but to be safe I deleted and then replaced both files with ones from the Zen Cart zip file download.

And though I wasn't encountering the error in the Admin area, I deleted and replaced this file as well:

• /admin/login.php

I did delete and replace one additional file (based on a suggestion I saw DrByte had posted in another thread on this topic.. http://www.zen-cart.com/forum/showthread.php?t=88106)

• /includes/functions/sessions.php

If I switch to the Classic template, instead of the custom template, the problem continues.. This store does not have FEC or COWOA installed. Clearing browser and cookies doesn't help, and I have confirmed that others still have the same issue..

Server Information:
Zen Cart 1.3.8a
Server OS: Linux 2.6.35.8-nx
Database: MySQL 5.0.91-log
HTTP Server: Apache/2
PHP Version: 5.2.17 (Zend: 2.2.0)

I am plum out of ideas:frusty:, and could use another set of eyes here (Kuroi, DrByte??? PLEASE!!!)

Not my area of expertise, but it looks to me as though the site may be having problems reading or writing to visitor's session data or creating a session.

When I look at the login form code being sent to the browser, the hidden security token is declared, but has no value. The value should be taken from the session array, but if that's not accessible, then no value can be assigned.

The security error then arises because when the form is submitted, Zen Cart checks for the security token, ready to compare it back to the value being held in the session for this visitor. But because it's not there, concludes that this is probably a fraudulent submission.

So the issue most likely comes back to why cart couldn't read the session to get the original token, or why it couldn't put it in the session in the first place.

At this point my knowledge runs out and I can suggest only that you ask the webhost what changes they've made that could affect session handling.

**sigh** I had already communicated to my client that I suspected that Netfirms has modified something which is the root cause of the issue.. I suggested it was either files, or server settings, but I'm clueless as well.. **sigh**I get that my client is frustrated, but she seems to think there is something magical that I can do to resolve all of these issues.. I am out of ideas..

Thanks for the insight though.. I've passed the information back on to my client.. Maybe DrByte will pass though and offer some additional insights..

Quote:

---

Originally Posted by kuroi

Not my area of expertise, but it looks to me as though the site may be having problems reading or writing to visitor's session data or creating a session.

When I look at the login form code being sent to the browser, the hidden security token is declared, but has no value. The value should be taken from the session array, but if that's not accessible, then no value can be assigned.

The security error then arises because when the form is submitted, Zen Cart checks for the security token, ready to compare it back to the value being held in the session for this visitor. But because it's not there, concludes that this is probably a fraudulent submission.

So the issue most likely comes back to why cart couldn't read the session to get the original token, or why it couldn't put it in the session in the first place.

At this point my knowledge runs out and I can suggest only that you ask the webhost what changes they've made that could affect session handling.

---

I met the friendly guys at Netfirms at a networking event a couple years ago, and from that conversation opted to try them out for a site I wanted to set up. I found their unconventional control panel to be slow and confusing at best, and most of the time quite useless. When I finally got a store up and running it was obvious that the servers were very poorly tuned and couldn't handle running database-driven sites with any degree of speed or reliability. They seem to serve static pages fine, but that's an extremely limited market.
I took the site to a shared hosting account on another server and it immediately sprang to life, and have had no issues with it running reliably there.

I lost some money in wasted months of hosting that I didn't use, and overpriced domain-name-registration fees. But the move to reliable and speedy hosting more than made up for that loss. I probably should have gone back and asked for money back, but I chose to keep the service until the paid months expired. I tested a few other experimental Zen Cart coding ideas with it, and various caching and other addons, but nothing could fix or overcome the performance problems on their servers.

I suggest you do the same, given that their problems are even worse and from I'm seeing posted lately it doesn't look like they know how to fix what they've broken.

How many sales have you lost? How long has your store been down? How does that equate to the costs of changing?

Preaching to the choir sir.. **sigh** That is my recommendation, but she is STUCK on these folks. I've been on her case about Netfirms since the day I took over this site from her previous web developer (who built a static website and could not figure out how to "connect" it to the old osCommerce store). She has a TON of other sites hosted here (I think she let's "friends" host their sites on her hosting account) and she is reluctant to pay money to fix the problem..

I've pointed out (again) that her hosting company is problematic AND the need to upgrade to Zen Cart 1.3.9, but she is trying to save money. All the while her store is down and she has lost far more than she has saved.. (Store's been down since Friday.. WHO KNOWS how many sales she's lost..)

Since this posting I discovered that they (Netfirms) screwed up a number of things in this migration:

• Not re-installing the SSL cert (initially they told my client she didn't have one..)
• They made a modification to the /includes/functions/sessions.php file which looked like some sort of temporary change to explicitly call out a file path. I have replaced that file with a clean one I had in my site backups for this client.
• They mucked up the FTP settings so that I could not access the site via FTP and was relegated to using their crappy cPanel FileManager until they fixed that.
• Somehow in trying to fix the SSL or FTP issues they did something which caused a 500 error when accessing the site admin.
• Today they removed the sideboxes folder from the default_template (rendering all her WordPress sideboxes INOPERABLE)

**sigh** will try ONE MORE TIME to convince her to let me move and upgrade this site..

Thanks for weighing in DrByte.. I've passed on what you an Kuroi have posted here.. She's passed it on to Netfirms..

Though I'm pretty sure I'll see a live unicorn before they (Netfirms) fixes this..

It's tough being a small professional services business. But there comes a time when you have to ask whether you can really add value to the business of a client who refuses to take your advice.

We've resigned an account like that in the past year, and it was a big relief once we'd done so. We've also had to say "change your web host, or change your developer, twice". Happily both clients chose the developer!

Quote:

---

Originally Posted by kuroi

It's tough being a small professional services business. But there comes a time when you have to ask whether you can really add value to the business of a client who refuses to take your advice.

---

Don't I know it..:smile:

I've "resigned" a few clients over the years because it was the best thing for my peace of mind and my business.. In fact I just recently "resigned" a client.. This client refused to take my advice, failed to provide required materials for the site build, failed to make crucial business decesions which would inform the site build and then questioned me about why the site build was not going as planned.. They mistakenly thought that since I was a small business I would just "take it".. They were wrong.. I've had NO regrets at all about ending that contract and setting them free..:smile:

Quote:

---

Originally Posted by kuroi

We've resigned an account like that in the past year, and it was a big relief once we'd done so. We've also had to say "change your web host, or change your developer, twice". Happily both clients chose the developer!

---

Sadly this may the place where I am at here too..:wacko:

I managed to get this upgrade to work by disabling the "Recreate Session" feature in Session under Configuration. Not sure if this is the right thing to do though?

None of the suggestions seem to work for me in this read.

The above fix has stopped working after a couple of hours.

This is what Ive done now.

I have managed to get my to work by modifying the file init_tlds.php in \includes\init_includes\ to look like this

Quote:

---

<?php
/**
* set some top level domain variables
* see {@link http://www.zen-cart.com/wiki/index.p...als#InitSystem wikitutorials} for more details.
*
* @package initSystem
* @copyright Copyright 2003-2005 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: init_tlds.php 2753 2005-12-31 19:17:17Z wilt $
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
$http_domain = zen_get_top_level_domain(HTTP_SERVER);
$https_domain = zen_get_top_level_domain(HTTPS_SERVER);
$current_domain = $current_domain = (($request_type == 'NONSSL') ? $http_domain : $https_domain);
if (defined('HTTP_COOKIE_DOMAIN') && ($request_type == 'NONSSL'))
{
$current_domain = HTTP_COOKIE_DOMAIN;
} elseif (defined('HTTPS_COOKIE_DOMAIN') && ($request_type != 'NONSSL'))
{
$current_domain = HTTPS_COOKIE_DOMAIN;
}

---

This made the whole site function as it should. Not that I changed from cookieDomain to current_domain which is what it was in the new file.

Quote:

---

Originally Posted by Kim

... doesn't anyone ever read the instructions - NEVER NEVER NEVER upgrade your live site without doing a test upgrade and without backups.

---

Nope guess no, i upgraded from 1.3.8. to 1.3.9. g and it worked out perfect just right on top of the other!, guess i was lucky , but i had to change and move and find files that should be in other places! its good i can zen cart backwards by now, or i would never had done it!:smartalec:

Please let me know if this resolve has worked for you long term, because I just tried it and it worked like a charm for me. I had the same problem with the customer login after moving my zen cart from one server to another server on the same hosting company. I have been going crazy trying to get this corrected. Thank you so much for your post.

YOU REALLY NEED TO UPGRADE to the latest version.
If you continue using the old version which has known security problems, you're setting yourself up to be hacked.

Unfortunately I need to revive this thread (although I'm on 1.3.9h). I've read through every post in it as well as many other threads. These issues started on my client's site last week for no apparent reason. I have not made any changes to the site in two months. Currently there is an SEO expert executing some magic on the site but I doubt this was caused by his changes.

I'm experiencing the following issues:

• Admin Login:
  -Does not log you in, looks like a page refresh, no error message (even when the debugger is on), the securityToken does have a value
  -Forgot password does not send anything (not in junk mail, nothing is sent)
  
  
• Customer Login:
  -Says "There was a security error when trying to login."
  -Forgot password says the email address doesn't exist when it does exist in the DB. Does not send email.

Have tried:

• Deleting .htaccess in /admin
• Deleting my cookies
• In Chrome and Safari
• Turning SSL off
• SSL has not recently changed or been reissued
• Changed permissions for configure.phps to 644 (/includes/configure.php was on 444, /admin/configure.php was 705)
• I've never customized /includes/functions/sessions.php
• session.user_cookies are On
• session.use_only_cookies On

Host is GoDaddy
PHP 5.3.24
ZC 1.3.9h (can't upgrade until end of the year)

Any suggestions or pointings in the right direction is most appreciated.

Please please I need urgent help!
Out of no where and without making any upgrades my ZEncart website went blank. When I click on the web link here what I see and what my customers see:Your database appears to need patching to a higher level. See Admin->Tools->Server Information to review patch levels.
I tried to log in to the admin but the password is not working. I tried to request a new password but my email is not being recognized.
I am desperate for help to be able to retrieve access to the admin. Any help is appreciated.

Quote:

---

Originally Posted by www.flaresbridal.com

Please please I need urgent help!
Out of no where and without making any upgrades my ZEncart website went blank. When I click on the web link here what I see and what my customers see:Your database appears to need patching to a higher level. See Admin->Tools->Server Information to review patch levels.
I tried to log in to the admin but the password is not working. I tried to request a new password but my email is not being recognized.
I am desperate for help to be able to retrieve access to the admin. Any help is appreciated.

---

Well SOMEONE attempted to run an upgrade on your site otherwise this error wouldn't come up at all.. Suggest you check with your host and see if they "auto-upgraded" your site.. Additionally your post REALLY should have been a NEW post, as your issue is very much NOT related to the subject of this post..