i have just upgraded and now getting this error when trying to login from customer screen "There was a security error when trying to login"
Printable View
i have just upgraded and now getting this error when trying to login from customer screen "There was a security error when trying to login"
You didn't upgrade your /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php file to use the new code.
Remember, when upgrading, you need to merge the changes from the new code into all your customized files, or else you will end up missing new functionality.
Thanks Mr Byte
what about in admin - getting the same thing there
I guess a little explanation would be helpful. I have a demo zencart with no changes. I uploaded the new version. Database changes made. Now can't get in.
Also installed a brand new cart - no problems at all there.
I'm getting the same thing and I'm not sure what Dr Byte's answer is telling me.
Would you mind giving a bit of detail to explain what to do?
Sorry to be a noob. I didn't think I was, but it seems I am here.:lookaroun
Steven
where is your problem? admin or as customer in the cart?
... doesn't anyone ever read the instructions - NEVER NEVER NEVER upgrade your live site without doing a test upgrade and without backups.
Ah, and if the world was only perfect! Since I upgraded a clean (test) installation of zencart, I need answers.
I'm upgrading from 1.3.7 to 1.3.8 on a completely new host so my real site is safe until I've got it all working smoothly. I've copied my db and my old zencart over to the new host, but obviously mucked something up.
Currently I can't make the database upgrade, I just get a blank page in the install and I can't get a customer login due to the security error mentioned above.
any help will be appreciated.
Steven
we have run 3 seperate upgrades ( all test sites ) with no errors at all
Merlin, I'm no newbie. I'm now going to install a brand new 1.37 and then upgrade it to see if I can get one to go smoothly. That's not the problem though. I've got lots of upgrades to do in the near future with my clients and I've got to get a firm grasp on this quickly.
If I simply uploaded the new version over the old and the admin login isn't working, where can the problem be? The functions/sessions.php file and the login files are only 2 files where the changes have been made, correct?
Server configuration? phpInfo?
my dedicated server where most of my customer carts are:
http://ddhosting.com/phpinfo.php
For the admin login problem. Can u try a few things.
If u have been using IE as your browser, can u test in Firefox, or check your security settings in IE. Does lowering those settings help.
Whichever browser you use, try clearing both the cookies and the cache, and restarting the browser.
If you have https enabled for admin, try disabling it in configure.php
Ensure the host setting (HTTP_SERVER) in configure.php is actually correct and matches your server's Hostname.
Wilt, thanks for the assistance.
I've tried in both Firefox and IE and I receive the same error.
I also noticed that if I try to "add to cart", previously i would get errors telling me to fill out my various attributes, now it just says my shopping cart is empty.
I'm still confused what Dr Byte is saying about merging my tpl_login_default.php
I've not changed my template yet, I've stuck with the default and I can't see anything in this file using winmerge that would need merging.
Help please. :blink:
Steven
Have you ever created a new template or are you just using the default/classic template the install came with? Had you changed any files before the upgrade?Quote:
Originally Posted by Nedward
Install any mods? Did you just upload all the new files to the site or just a few?
If you've not made any changes to the login template and are still using the default template, where did you put the new login template?
It sounds like you haven't uploaded everything to all the right places.
Hi Delia, it's a complete fresh install using 1.3.8 and I'm using my backed up sql file to populate the database. The only files I've changed are both configure.php files and then changed a few texts to change the "sales message goes here" etc. I haven't touched the template.
Delia quote "If you've not made any changes to the login template and are still using the default template, where did you put the new login template?"
Delia, when you say where did you put it, I didn't put it, I just left it where it was from the copy over of the 1.3.8 files.
thanks for the assistance
Steven
Nedward,
If you read this thread from the top, including the title, you'll note that my response about the tpl_login_default.php file is related to the "There was a security error when trying to login."
If that's not the problem you're experiencing, I'm not surprised that you're confused by the answers posted.
Just see this:Quote:
Originally Posted by DrByte
"There was a security error when trying to login"
--------------------------------------------------------------------------------
Situation:
I have just upgraded and now getting this error when trying to login from the customer screen "There was a security error when trying to login"
Cause:
Zen Cart™ v1.3.8 has an added security feature to prevent spoofed external logins. A "security token" field has been added to all login forms. This token must be current (not expired), and must be submitted with login username+password in order for logins to work properly.
Remedy:
If you have customized template "login" files, the new security features need to be merged into your customized template files.
The following files are affected:
- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php
And if you're encountering it in your Admin area, this file is affected as well:
- /admin/login.php
But what do I need to edit in the above files to get this to work?
FAQ on the "security error when trying to login" issue:
https://www.zen-cart.com/tutorials/i...hp?article=312
Just merge all the new changes from the new version of those files into your customized versions of those files.Quote:
Originally Posted by Adds
If you've been doing an upgrade, you're already using some sort of merge/compare tool, right?
Just continue with the rest of your upgrade ... an upgrade doesn't include just updating your "core" files ... you ALSO ALWAYS need to merge all the new changes from the default (template, language, modules, etc) files into your customized versions of those same files. Otherwise you'll be missing features ... such as the one discussed in this thread.
Issue resolved.Quote:
Originally Posted by Adds
Thanks for the support.
My problem turned out to be simple - new computer, new install of ftp client with a setting that I finally discovered did not overwrite many of the files on the server.
Nedward - did you upgrade the database after importing your original sql?
If not, just run the install again to upgrade.
Could you tell us more about that FTP Client setting. I've had a whole spate of Stock by Attribute users reporting problems that come down to the same issue of files not being over-written by uploads during installation - but I've never actually had this problem myself.Quote:
Originally Posted by delia
I use ws_ftp (ipswitch) pro. Under options / transfers there's a check box for
Don't transfer older/same files when transferring folders. Turns out it was default checked! It's been so long since I installed it that I forgot about that option. Since files transferred to the server show the transfer date that royally made a mess.
However, I just found out that my cart is showing the index page title wrong! Soon as I figure that out I'll let y'all know.
Perhaps this issue? http://www.zen-cart.com/forum/showthread.php?t=81766Quote:
Originally Posted by delia
That's because there's new code to be merged into the meta_tags.php language file ... which is a discussion for another thread.Quote:
Originally Posted by delia
Ah, missed that earlier. Of course! Meta tags changes. Got to imprint that one on my brain.
More importantly ... imprint the fact that all upgrades require merging *all* files ... not just core files.Quote:
Originally Posted by delia
Any override files need to be assessed ... ie: merge new features/entries into your customized files.
Nevertheless, I digress from the topic at hand.
You are so right - and now I'm going to go back and reread the list of changes.
I have the same error. I am in progress of comparing and merging old/new version but have a question relative to the database upgrade not the zip files.
Is there an upgrate script or do we have to build one ourselves ?
Comparing the old database to the new I have made the following changes:
Change the Table: authorizenet authorization_type field to varchar 50
Create tables: Table: nochex_apc_transactions and Table: nochex_sessions
with this script
CREATE TABLE `rws_zen_nochex_sessions` (
`unique_id` int(11) NOT NULL auto_increment,
`session_id` text collate latin1_general_ci NOT NULL,
`saved_session` mediumblob NOT NULL,
`expiry` int(17) NOT NULL default '0',
PRIMARY KEY (`unique_id`),
KEY `idx_session_id_zen` (`session_id`(36))
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1 ;
CREATE TABLE `rws_zen_nochex_apc_transactions` (
`nochex_apc_id` int(11) unsigned NOT NULL auto_increment,
`order_id` int(11) unsigned NOT NULL default '0',
`nc_transaction_id` varchar(30) collate latin1_general_ci NOT NULL,
`nc_transaction_date` varchar(100) collate latin1_general_ci NOT NULL,
`nc_to_email` varchar(255) collate latin1_general_ci NOT NULL,
`nc_from_email` varchar(255) collate latin1_general_ci NOT NULL,
`nc_order_id` varchar(255) collate latin1_general_ci NOT NULL,
`nc_custom` varchar(255) collate latin1_general_ci NOT NULL,
`nc_amount` decimal(9,2) NOT NULL,
`nc_security_key` varchar(255) collate latin1_general_ci NOT NULL,
`nc_status` varchar(15) collate latin1_general_ci NOT NULL,
`nochex_response` varchar(255) collate latin1_general_ci NOT NULL,
`last_modified` datetime NOT NULL default '0001-01-01 00:00:00',
`date_added` datetime NOT NULL default '0001-01-01 00:00:00',
`memo` text collate latin1_general_ci,
PRIMARY KEY (`nochex_apc_id`),
KEY `idx_order_id_zen` (`order_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1 ;
Exported my old database to an sql file and changed all swedish_general_ci to
latin1 COLLATE latin1_general_ci;
CREATE DATABASE `mydabasename` DEFAULT CHARACTER SET latin1 COLLATE latin1_general_ci;
but now when I try to login I get the security error. I will now look at the login files like you mentioned to look for the security token code.
Maybe I overwrote it by accident.
Have I missed anything database side ?
The database upgrade is the easiest bit of all. You simply navigate to www.YOUR_SITE.com/zc_install and make sure that you select the database upgrade option.Quote:
Originally Posted by FromTheRiviera
Thanks I'll try to start again . Didn't know this option existed. Must have gone too fast.
I just made a fresh install on a copy of my old database but must have missed this option ?
I have got to the part :
Is this what you are referring to ? If so , I do not think this will upgrade the structure of my database without overwriting the old data.Quote:
Upgrade Detection
Check for Zen Cart™ updates when logging into Admin
This will attempt to talk to the live Zen Cart™ versioning server to determine if an upgrade is available or not. If an update is available, a message will appear in admin. It will NOT automatically APPLY any upgrades.
You can override this later in Admin->Config->My Store->Check if version update is available.
It is ALWAYS recommended that you do an upgrade on a testing site, where you can afford to BREAK anything and can just restore it back easily.
With that said, if you are already doing it on a test site, just go ahead and try the options, if things don't go your way, simply copy the backup files and database back.
I finally figured out that there is an sql script in the folder called ZC_INSTALL
mysql_upgrade_zencart_137_to_138
I was looking for this option in the installatoion proceedure.
Would it not be a good idea to put it there ? For newcomers like me who are first time upgraders.
Thanks for all your help.
When upgrading you need to upload the zc_install directory from the *new* version to your site and run the upgrade procedure ...
Just ran
mysql_upgrade_zencart_137_to_138
and get error
Table 'mydbname.linkpoint_api' doesn't exist
What version did this table get created in cause I don't see it in 1.3.8 either.
Should it not read CREATE TABLE rather than ALTER TABLE ?
That is a warning not an error and can be safely ignored.
I read the FAQ but it is not quite for my problem.Quote:
Originally Posted by DrByte
I am a ZC newbie. I did my first install on Nov. 30, so by chance, I started with v1.3.8. I did the install with SSL 'false' in the various files because the SSL certificate I'd just purchased hadn't been installed yet. Everything went very well, and the login process was functioning correctly.
Today, with my SSL certificate in place, I went about installing the Google Checkout payment module. I customized various "login" files, and I changed those SSL 'false' lines to 'true'.
Then I discovered the "There was a security error when trying to login" problem.
At first I thought I'd erred in the SSL settings. But having read this thread, I think the Google module I downloaded from Google.com lacks the new "security token" portions in the files:
- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php
(and (?) /admin/login.php).
Since I'm new, started with v1.3.8, have nothing old to copy from, and am not much of a programmer, I really don't know what code I need to insert into those files, and exactly where I should insert it. I'm also not 100% sure that my SSL setting is unrelated to the problem.
I would greatly appreciate any advice.
Thanks!
Your URL?
Hmmm... After upgrading from 1.3.7.1 I am having this problem with my admin login. The user login works fine and all the data in mysql seems to have transfered over fine.
I checked, and my admin/login.php file is exactly the same as the one that 1.3.8 came with.
Any ideas? :(
Here's the link I am using:
http://birdingdepot.com
You need to add a "/demo" to that link to see my site in 1.3.8. I didn't want to add it because the next thing I know Google will index it!! :)
Try clearing your browser cache and cookies.
Thank for the tip, but unfortunately it didn't work. I tried it with several browsers, on two computers, cleared the cache and cookies. No dice... :( It won't let me log on to admin.
Yeah! I think I figured it out.
Since I was using a test site in a different directory, I had to change a lot of lines in my configure.php to reflect this directory. I only changed the first four. After changing all 7, it worked like a charm! :)
Thanks for the update.
Any reason why the new tpl_login_default.php is an older build than the the one written by DrByte in June this year?
It's because the new securityToken feature was built in February, but other fixes built earlier were included for the June PayPal patch and released as part of the July v1.3.7.1 release. There has been no need to update the v1.3.8 edition of the file since February.Quote:
Originally Posted by numinix
It's a lot of fun keeping multiple software versions in sync. :smile:
That's why we got the mastermind DrByte ;)
Btw, for those who have blank login pages, it may be something to do with create_account.php found in the modules folder. This file needs to be merged with the latest version if you have the CAPTCHA module installed.
I am getting this error when I try the login via the login sidebox module addon. Whoever is going to update this module for 1.3.8 may want to add the security token to the code and that of course should fix this problem.
to fix, change this line:
to:Code:$content .=LOGIN_BOX_PASSWORD . '<br />' . zen_draw_password_field('password', '', 'size="13"') . '<br />';
that just adds the security token in there.Code:$content .=LOGIN_BOX_PASSWORD . '<br />' . zen_draw_password_field('password', '', 'size="13"') . zen_draw_hidden_field('securityToken', $_SESSION['securityToken']) . '<br />';
I had the same problem after I installed the Google checkout Mod to 1.3.8.
Go to:
/includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
and find:
<label class="inputLabel" for="login-password"><?php echo ENTRY_PASSWORD; ?></label>
<?php echo zen_draw_password_field('password', '', 'size="18" id="login-password"'); ?>
<br class="clearBoth" />
<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>
</fieldset>
The bold lines above are removed when you add the Google checkout mod.
Check your file and if it is missing simply copy the bold lines above back into your file and you should be able to log back into the customer area!
The same will go for the following file:
/includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php
It will be missing this line:
<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>
This is what it should look like:
<label class="inputLabel" for="login-password"><?php echo ENTRY_PASSWORD; ?></label>
<?php echo zen_draw_password_field('password', '', zen_set_field_length(TABLE_CUSTOMERS, 'customers_password') . ' id="login-password"'); ?>
<br class="clearBoth" />
<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>
</fieldset>
The login sidebox contribution was updated earlier to include the securityToken.
The tpl_timeout_default.php template file included in v1.3.8 already contains the securityToken. If yours doesn't, then you've not done a thorough upgrade.
I am also stuck on this. I have replaced both of the above mentioned files (though this has been an obtuse thread - no mention of a practical solution - until page 6, and btw the FAQ merely restates the problem with no help!)
Despite replacing them with fresh copies from the install, i still get the same security error on customer log-in. Any further suggestions?
Please list the names of all the files in your custom template folder, ie: /includes/templates/NAME_OF_YOUR_TEMPLATE/templatesQuote:
Originally Posted by johnga
BTW these problems are on holidaytoyexpress.com. I am waiting until I solve them to upgrae my other site!
These are the files :
tpl_about_us_default.php
tpl_checkout_confirm.php
tpl_checkout_payment.php
tpl_checkout_shipping.php
tpl_checkout_success.php
tpl_login_default.php
tpl_modules_product_listing.php
tpl_time_out_default.php
and I just found these in there:
tpl_gc_return_display.php
tpl_gc_return_noproduct.php
tpl_shopping_cart_default.php
Okay ... and have you done an upgrade of ALL of THOSE files, by comparing them to the matching filenames in the template_default/templates folder, using a tool like WinMerge?Quote:
Originally Posted by johnga
Well, I just downloaded TextWrangler , because I am a Mac user. But having never used it before, I will have to spend some time learning how to make it work. The mystery is:
What exactly am I looking for? Once I compare my files, am I looking for something that is not in my files that should be, or am I looking for something that is in my files that shouldn't be. Is there an explanation of what this new security feature does and which files it involves so people that don't know a lot about coding stand a chance of finding where they went wrong?
BBedit can do comparisons too.Quote:
Originally Posted by johnga
New lines were added to the original files.Quote:
Originally Posted by johnga
In some cases, existing lines were changed.
And, in your customized files, *you* have made some changes of some sort ... otherwise you wouldn't have copied those files into your custom template folder, right?
When comparing the files, you should see the differences highlighted.
You need to compare the files and integrate the "new" and/or "changed" stuff from the master files ... into your customized files.
One thing that makes it easier is to do a compare of the "old" master file vs your "old" customized file ... so you can clearly see the changes *you* have made. Then when you're merging the "new" master file contents into your customized file, you'll know whether the changes are affecting one of your intended customizations.
Things that are just "new" from the "new" file can be copied over into your custom file directly.
Things that are changed in the new file but also affect a customization you had made in your custom file, will require some careful re-customizing based on the new file contents.
In *some* cases (not likely with the files in *this* particular upgrade) some of your customized files may have to be dumped and the customization redone using the new version of the file. This isn't very common unless huge changes were required in the master file or if you did extensive customizations to the file for your own purposes. In these cases, comparing "old" default vs "old" customized will show you very quickly how *you* had changed your file, and give you a clue where to start.
You need to do this for *all* files on your site ... all the default files, as well as all your customized files.
It sounds a whole lot more complicated than it is. It takes a bit of time, but is generally fairly straightforward.
This is largely the same concept described in the upgrade documentation in the /docs/ folder of your site, and also in the FAQ area. Those docs contain a bit more information about the procedure, and also reference how to do the database side, which contains all your product/customer/order data.
And here I am off topic again :(
Thanks for the details- I guess I have my Sunday plans made for me!
Hello absolute beginner here....have read and re-read this thread and have located the files but not sure what to do with them...
I just installed a Zen Cart for the first time and using the Purple Lily Template and am getting the "There was a security error when trying to login" message....located the files but not sure what to do.
Changed templates and the login works...I'll figure it out!
Having the same customer login problem. Just HOW do you perfoerm this "merge"?
If you have installed WinMerge or a similar comparison program, then you can drag the old file into one side of the compare windows, and the new file into the other one, and visually see the differences, and copy the appropriate changes from one to the other, either by copy-and-paste or by telling it to copy an entire line of code, if appropriate, etc.Quote:
Originally Posted by hardtokill
It's a tool and skill you should have for anything you're doing when changing files on your site, including upgrades and installing of new addons etc.
hi anyone could help me on this.. everytime I logged in to my account in zencart it says "There was a security error when trying to login.".. What happened to this?? please get back to me asap.. I really need to get this fixed immediately..
I've never upgraded my zencart.
I have attached a screenshot..
There is no screenshot, but a URL would be better anyway. What version of Zen Cart are you using? What add-on modules do you have installed?Quote:
Originally Posted by guysoul
go to this site.. http://bestmilagechip.com click on login then
username : [email protected]
password : pokemon
Tnx for the quick response. i've never upgraded my zencart.
version is Zen Cart 1.3.8a.. what modules??
I apologize for the posting my queries twice. I posted it in the wrong topic. Again im so sorry.
I tried to switch it back to the default template and it logs me in. But if I use my template it wont log me in.. what do I need to change?
No problem. Your post count shows that you're new and still finding your way around.Quote:
Originally Posted by guysoul
The news here is not so good. I suspect that you're using a Template Monster template that is not compatible with the security features built into Zen Cart 1.3.8. That's why when you switch back to the default template it works. Your Zen Cart is fine, the template is the problem.Quote:
Originally Posted by guysoul
There's a limit to what we can advise here as TM really hack the Zen Cart code badly, so we don't know precisely how their login over-ride is constructed (and don't really want to!). But basically you have three options:
1) Go back to TM and insist on a version of the template that is compatible with the current version of Zen Cart.
2) Try temporarily deleting your template's includes/templates/theme020/templates/tpl_login_default.php file so that you are using the Zen Cart default instead (keep a copy so that you can put it back
3) apply the changes explained earlier in this thread to the above file (don't know how easy this would be to do, as it would depend on what else they've done to the file)
hi.. what do i need to change in the customized template? It says here
If you have customized template "login" files, the new security features need to be merged into your customized template files.
The following files are affected:
- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php
Dont know what to add on those files tpl_login_default.php and tpl_timeout_default.php
Any response will be appreciated.
Thanks.
Posts 52 and 53 above are responses to a different instance of this problem, but highlight the lines that you are probably missing in your template.Quote:
Originally Posted by guysoul
It works man.. Thanks for your help.. :D May the Lord bless you.. :D
thanks - this did the job for me...
Hi, please help as I am very lost and have been trying to fix this for days.
I am unable to login as me test customer, the above message keeps coming up.
I am new to this so have the current version and the only difference is the Cherry Zen upgrade.
This is an extract from my tpl_login_default.php which I thought looked O.K. when compared to what you have suggested here.
<label class="inputLabel" for="login-password"><?php echo ENTRY_PASSWORD; ?></label>
<?php echo zen_draw_password_field('password', '', zen_set_field_length(TABLE_CUSTOMERS, 'customers_password') . ' id="login-password"'); ?>
<br class="clearBoth" />
<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>
</fieldset>
With thanks
Hi DrByte,
How do I compare the remote files using Winmerge? I am experiencing the same login error problem for returning customers. I get the message"there was a security error when trying to login" when I login as a returning customer. Ever since I uploaded my customised header on the newly installed zencart template "Slovak_Classic" I am facing this login error problem. I would really appreciate if you could help me find a solution to this problem. I am stuck because of this.
I downloaded the software Winmerge after reading the forums, but can't figure out how to view the remote files using winmerge as the browse button opens the folders on my PC only.
Indicana
Hi,
Just to clarify, my customer login was fine one day and not the next.
I have done no upgrades because am runnung the latest version, the only thing I did do was the 'Steps in securing your Zen Cart store' , and then customer login stopped working giving me the security error.
I have compared the tpl_time_out & tpl_login_default with an older backup and they look fine, can you suggest somewhere else to look?
PLEASE help!
Quote:
Originally Posted by crisand
[FONT=Verdana]If you do have a back up of these files (tpl_time_out_default.php & tpl_login_default.php) and at the time those back up files were the good working ones. Try uploading these backup files over the existing files, as sometimes when compared together all the wording can look the same but there may still be a problem with the php.file. I have done this before and it worked for me. It's worth a try. Make sure you always keep copies before you change any files as you may need to put the file back if it doesn’t work. [/FONT]
I shall give that a go, thanks. Have to work today but will post when I have tried it to see if it works!
Whenever I've done a compare, I've always done a full download of all the files from my website using FTP. Then do the compare. This doubles as a backup of all my website files (I can zip them up or burn to a CD etc), which is an even more important upgrade step than comparing! Should also do a database-backup while you're at it. See the FAQs area for backup tips.Quote:
Originally Posted by indicana
I am still getting the above error.
I am not updating as I started with the most recent version.
Customer login was fine and then this error started.
I have done the cross check on the two files mentioned and they have not changed.
Is there anything else you can recommend to fix this problem.
Quote:
Originally Posted by crisand
Maybe you need to undo the changes you said you *did* make, to see what part of those changes is causing the problem for your particular site and server configuration.Quote:
Originally Posted by crisand
Hi,
This is what I changed.
-I renamed my /admin folder
-I set my /includes/configure.php file to 444 and am now not able to change back to 644 without an error message coming up on my site. While it is changed I did try to login as a customer with no luck.
- I had moved my /cache folder but moved it back.
And I honestly haven't done anything else thats why I am so confused, not being a computer buff doesn't help either.
If there is anything else you can recommend it would be very much appreciated.
Is your cache folder writable?
Did you change any .htaccess files?
What version of PHP is on your server?
What are your settings in Admin->Configuration->Sessions? Have you changed any from the defaults? If so, why?
Who are you hosted with?
What is your URL?
If you set ENABLE_SSL to 'false', does it change anything?
If you install a new copy of Zen Cart in another folder+database, do these same problems happen?
Is your cache folder writable? - I changed this from 777 to 755
Did you change any .htaccess files? - Not that I am aware of, I stay away from anything I don't need to touch.
What version of PHP is on your server? 5.2.5
What are your settings in Admin->Configuration->Sessions? Have you changed any from the defaults? If so, why? - Didn't change anything here unless it said to in the manual.
Who are you hosted with? - MD Web hosting Australia
What is your URL? http://www.thelittleonlinecardshop.com.au
If you set ENABLE_SSL to 'false', does it change anything? It is set to false anyway, so I am not sure about this.
If you install a new copy of Zen Cart in another folder+database, do these same problems happen? _ I have no idea how you mean to do this, sorry.
This is the error on my site when includes/configure.php is changed to 644
Warning: I am able to write to the configuration file: /home/thelittl/public_html/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance. See this FAQ
Sorry, I am not much help I know.
Doesn't seem to be an SSL problem with your site, it is with your Hoster.
From the looks of things, they are providing you with a Shared SSL Cert which expired.
Cert Issued to: www.dividends.net.au
Expired: 10/09/2007
It has nothing to do with 644 or 444 on your configure.php files.
Whatever is causing it is preventing your visitors from being able to establish a PHP session. You can't even add anything to the cart and have it be remembered. That's a classic problem with sessions.
When did your hosting company upgrade to PHP 5.2.5? Maybe they busted this on you without knowing it.
Thanks to both of you, I have put these points to my hosting co. and await a reply! I thought everything was going so well as well.
Much appreciated.
Hi,
My hosting company says it is definitely an error at my end.
A friend has been helping and has suggested these things which I have done.
Firstly to download a new version of Zen and give it a name. I did this brought up the new site signed up and then tried to login, with no luck.
I have deleted and then transferred my backup from prior to the error on the following files -
includes/functions/sessions.php
includes/languages/english/login.php
includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php
Would you have any other suggestions that might fix this ongoing problem?
My site has not been working for 3 weeks now so I am desperate to get it working, and you guys seem to know more about what to do than MD.
With much thanks once again.
Hosting companies often say things like this. Many times it just means "I've had a quick look and couldn't see anything obvious at this end". Occasionally they go deeper in which case they will hopefully have provided some explanation as to why they believe that it is definitely a problem at your end, in which case please share that explanation since it may be helpful in diagnosing your problem.
Also, I notice that you haven't answered DrByte's question about the timing of the PHP upgrade to 5.2.5. We're interested in its proximity to the start of these problems.
Problem seems to have started when you switched Templates.
What happens when you switch to using the Classic Template?
If all else fails you could make a post in the Commercial Section of the Forum. Usually faster to have an experienced eye have a look at things first-hand, when it comes to solving certain problems such as situations like this.
The PHP version is the same as when I joined, so there was no upgrade.
My template upgrade was done a couple of months before this happening.
I shall phone them tomorrow, emailing is taking way too long with their response at least 48hrs after I send through details.
For customized templates, all you need to do is add this new Security Feature to 2 files tpl_login_default.php and tpl_time_out_default.php
Find the text "<label class="inputLabel" for="login-password"><?php echo ENTRY_PASSWORD; ?></label>" in both file tpl_login_default.php & tpl_time_out_default.php and add "<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>"
below the "<br class="clearBoth" />" (2-3 lines under)
That will do the trick.
thankyou! saved my bacon! The security addition worked for me!
Hi, I have a very similar problem. After upgrading my customers were unable to log in. However after adding the new security token code to the timeout and login files "<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>" it seemed to have worked. However, it only works if the customer logs in before they add an item to the shopping cart. If they log in after (where it shows a different page) they can still log in but it shows a black banner and error symbol where the security log in error used to display! Any ideas? It's great that they can now log in but no customer is going to appreciate what looks like an error come up when they log in the complete a purchase! Please help, the url to my site is as below. Many thanks!
http://www.ethicsandgrace.co.uk/shop...=shopping_cart
I forgot to say, if the customer then refreshes the shopping cart page the black error banner disappears! Thanks
Hi folks,
I have read the entire thread and done all the changes and I still get this "There was a security error when trying to login." when i log in. As I am using a bought template the errors occurs.
I installed a fresh clean copy of zen 1.3.8a on a testing domain and it all works fine and its on the same server the broken one is on, so its the same version of php etc
Should I now talk to the template company now or ask the hosting company as someone earlier suggested.
Thanks
Ellie
The hosting company won't be able to help you. The template clearly hasn't been written for the current version of Zen Cart. However, this thread should contain all the information that you need to solve the problem, so it's most likely a problem with the way in which you have made the changes, but we'd need more information about your template and how precisely your have made the changes to help your further.Quote:
Originally Posted by elliesupport