access denied on index.php
I've found a strange issue with my install. Whenever a customer clicks on Log In, put in their credentials, and click login, they get the following:
Quote:
You don't have permission to access /zencart/index.php on this server
However, if they go back to the main page via bookmark or address bar, it takes them to the main page and they are logged in.
If they click on Log Out, they again get the permission denied. But, again, if they manually go back to the main page, it is working and they are logged out.
I found out what it is doing, but what I do not know is why.
The URL on my store is:
[FONT="Courier New"]mydomain.com/zencart/index.php (which works fine)[/FONT]
The URL on the address bar which gives them the error when they log out is:
[FONT="Courier New"]myhostingcompany.com/zencart/index.php?main_page=index......[/FONT]
when in reality, it SHOULD be:
[FONT="Courier New"]myhostingcompany.com/MYDOMAIN/zencart/index.php?main_page=index....[/FONT] (if I manually type in the "mydomain/" in the URL, it works).
I must have changed something somewhere which is causing this behavior, but I don't know what it is. :( Help! :cry:
Re: access denied on index.php
Please post your /includes/configure.php file here ... but skip the database password.
Re: access denied on index.php
<?php
/**
*
* @package Configuration Settings
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
// HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
define('HTTP_SERVER', 'http://justclickplay.net');
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/zencart/');
define('DIR_WS_HTTPS_CATALOG', '/justclickplay/zencart/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
define('DIR_WS_PHPBB', '/www/justclickplay/zencart/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/www/justclickplay/zencart/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', 'zen_');
define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty
define('DB_SERVER_USERNAME', '****');
define('DB_SERVER_PASSWORD', '****');
define('DB_DATABASE', 'justclickplay_net_-_zencart');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', 'db'); // leave empty '' for default handler or set to 'db'
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'file');
define('DIR_FS_SQL_CACHE', '/www/justclickplay/zencart/cache');
?>
Re: access denied on index.php
Two things:
1. I'd suggest making this change:
Code:
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
define('DIR_WS_HTTPS_CATALOG', '/justclickplay/zencart/');
becomes:
Code:
define('HTTPS_SERVER', 'https://plus24.safe-order.net/justclickplay');
define('DIR_WS_HTTPS_CATALOG', '/zencart/');
2. You are using a very old copy of Zen Cart. Many bugs have been fixed since the version you're using ... perhaps even the logout problem you mentioned. I strongly recommend upgrading to the latest version before progressing much further.
Re: access denied on index.php
1. Thanks, DrByte! You are the man (woman? :smile: ). I really appreciate your assistance. That change seems to have helped.
2. I thought so. The version installed is what my provider had pre-packaged. I actually downloaded 1.3.8a last night. Is that the newest version? I've just been hesitant to upgrade because, although I am a computer tech, my specialty is Windows Server and I'm a little shakey on my knowledge of Linux (which is what my hosting company uses), not to mention I'm not too proficient with PHP and CSS. I plan on working on the upgrade.
How complicated is it? Do you think, based on your perception of my technical skills, it is something I should be able to handle with relative ease? I've printed out these instructions; should that get me going?
Thanks again for your help!!
Re: access denied on index.php
Help, Doc!
I'm working on upgrading to 1.3.8a. I did a clean install into a new dir/db and have gotten as far as installing it (haven't even chmod'd configure.phps yet) and I can't access my admin site -- I get a 403 Forbidden. Here's my admin/includes/configure.php:
<?php
/**
* @package Configuration Settings circa 1.3.8
* @copyright Copyright 2003-2007 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
// Define the webserver and path parameters
// Main webserver: eg-http://www.your_domain.com -
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
// HTTP_CATALOG_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_CATALOG_SERVER is your Secure webserver: eg-https://www.your_domain.com
/*
* URLs for your site will be built via:
* HTTP_SERVER plus DIR_WS_ADMIN or
* HTTPS_SERVER plus DIR_WS_HTTPS_ADMIN or
* HTTP_SERVER plus DIR_WS_CATALOG or
* HTTPS_SERVER plus DIR_WS_HTTPS_CATALOG
* ...depending on your system configuration settings
*
* If you desire your *entire* admin to be SSL-protected, make sure you use a "https:" URL for all 4 of the following:
*/
define('HTTP_SERVER', 'http://justclickplay.net');
define('HTTPS_SERVER', 'https://plus24.safe-order.net');
define('HTTP_CATALOG_SERVER', 'http://justclickplay.net');
define('HTTPS_CATALOG_SERVER', 'https://plus24.safe-order.net');
// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_ADMIN', '/candles/admin/');
define('DIR_WS_CATALOG', '/candles/');
define('DIR_WS_HTTPS_ADMIN', '/justclickplay/admin/');
define('DIR_WS_HTTPS_CATALOG', '/justclickplay/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_ADMIN', '/home/www/justclickplay/candles/admin/');
define('DIR_FS_CATALOG', '/home/www/justclickplay/candles/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_CATALOG_TEMPLATES', DIR_FS_CATALOG . 'includes/templates/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_SERVER', 'localhost');
define('DB_DATABASE', 'sbcandles');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'db');
// for STORE_SESSIONS, use 'db' for best support, or '' for file-based storage
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', '/home/www/justclickplay/candles/cache');
// EOF
Re: access denied on index.php
// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');
For testing purposes, both the above should be set to 'false' -- same for your other config file.
Also, you should change this line in both config files.
from
define('SQL_CACHE_METHOD', 'none');
to
define('SQL_CACHE_METHOD', 'database');