Customer log in issue with SEO mod installed

[smatric]

[Initial info]
Version: Zen Cart v1.3.8a/v1.3.8
Changes: There were some code changes but unfortunately I know nothing about them
URL: https://amazingdiscoveries.org/store
[/Initial info]

Hi,

I have a problem with customer logging in. (Our store uses SSL ) Here is what to reproduce problem:

1) Restart web browser (probably cookies or other data need to be shreded)
2) Enter https://amazingdiscoveries.org/store
3) Fill in the log in form:

Code:

<form method="post" action="https://amazingdiscoveries.org/store/index.php?main_page=login&action=process&zenid=b231ce7a01753cc8bbcf6e0da29b1ccc" name="login"/>
Email: <input id="login-email-address" type="text" value="Email address ..." onfocus="this.value=(this.value=='Email address ...')? '' : this.value ;" onblur="if (this.value == '') this.value = 'Email address ...';" size="15" name="email_address"/>
Password: <input id="login-password" type="password" size="15" name="password"/>
<input type="hidden" value="8682c8e2d1459ff9da73c49dd17236ce" name="securityToken"/>
</form>

and click submit button.

4) A user will be directed back to the same place (will not be logged in). The only difference is that URL will change to f.ex.:
https://amazingdiscoveries.org/store...cf6e0da29b1ccc



When a user tries to log in again the same story repeats.

The way to log in is to first click on any product (f.ex. http://amazingdiscoveries.org/store/...41f67333720ca8) or to delete ?zenid=b231ce7a01753cc8bbcf6e0da29b1ccc (sample id) from URL and log in again.

Can you please help me to fix it. Or give me any suggestion which files should I look into for making changes.

[smatric]

Let me add one more thing. A webstore visitor cannot log in as long as all the links have zenid in get paramiters. As soon as zenid is cleared (in one of two ways describet in previous post) everything is as it should be.

I don't know if it changes enything but we use SEO for Zen Cart.

[DrByte]

It's almost certainly your so-called "SEO" addon causing your problems.

[smatric]

Thanks, you were right. After turning off Search Engine Optimization the problem is gone. Of course this is not a solution but now I know what is the cause of the problem.

[smatric]

Maybe someone will find it useful. The problem described above could be solved for our webstore by adding following three lines to includes/classes/seo.url.php to the end of SEO_URL class constructor:

Code:

if(!empty($this->attributes['SID']) && !empty($_COOKIE[zen_session_name()])) {
        $this->attributes['SID'] = '';
}

[DrByte]

Sounds like a dangerous edit to be making. Future readers are advised to use with caution.

[yellow1912]

You should also state which SEO module you are using as well :)

[smatric]

Sounds like a dangerous edit to be making. Future readers are advised to use with caution.

That's true, but as you said:

"The zenid parameter is ONLY added by Zen Cart when the visitor's browser has not yet set a cookie to track that session ID. For most people, the 2nd click anywhere on your site causes the zenid parameters to disappear because the cookie has been set and takes over instead."

and SEO_URL->attributes['SID'] variable is storing just zenid and it's used only for creating links.

You should also state which SEO module you are using as well :)

"Ultimate SEO URLs For Zen Cart, version 2.101"

[thekanyon]

I'm not sure if this helps but I found a solution for my "zenid" problem with Ultimate SEO Module.

PROBLEM: I'm using the Ultimate SEO Module and my EZPages links are broken on the first visit to the site. This is because the zenid=xxxxxxx appends to the URI like

index.php&zenid=xxxxxx

I placed a regular expression in "includes/functions/html_output.php" to set the $separator variable to "?" when the URI ends with ".html" or ".php".

if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);

$link = str_replace('&', '/', $link);
$link = str_replace('?', '/', $link);
$link = str_replace('&', '/', $link);
$link = str_replace('=', '/', $link);

$separator = '?';
}

/* ===== BEGIN Fix for zenid =====*/

// set "$separator" to "?" if URL ends with ".php" or ".html"
if (ereg('\.php$', $link)) {
$separator = '?';
}
if (ereg('\.html$', $link)) {
$separator = '?';
}
/* ===== END Fix for zenid ===== */

if (isset($sid)) {
$link .= $separator . zen_output_string($sid);
}

// clean up the link after processing
while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);

$link = ereg_replace('&', '&', $link);
return $link;
}

I understand that we should not modify "html_output.php" directly because it can be overwritten by any updates. I found another thread on this forum that uses a copy of "init_general_funcs.php" in a subdirectory called "overrides". This file is modified to point to the new "html_output.php" file. I can't remember where I found it but I'm sure you can find it with a simple search.

[tracstev]

Hi

Just wondering if anyone has used "smatric" bug fix with any success. this login issue will effect anyone using Chemos SEO URLS, if you want to keep your existing customers we will need to fix this problem. Oh how I wish i never used this mod in the first place

Thanks!