Results 1 to 10 of 13

Hybrid View

  1. #1
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default admin password problem

    I upgraded my site to 1.5, changed the admin cofigure files to allow ssl in the admin in order to install the authorize.net module.

    1. I still cannot install authorize.net (AIM), it still says:
    ALERT: For security reasons, Installation of this module is disabled until your Admin is configured for SSL.

    2. Every time I log on as admin, It forces me to reset the password. Here is the error:

    Note: Your password has expired because your site has changed from non-SSL (less secure) to being SSL-protected (more secure). Changing your password under SSL is an important step to greater security. Sorry for any inconvenience. Standard password expiry rules apply.

    I found another post about issue 2 above in June, but there were not any replies.

    Sadie

  2. #2
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: admin password problem

    Simply set your admin HTTP_SERVER and HTTPS_SERVER to BOTH be an https URL, as explained here: http://www.zen-cart.com/content.php?...alled-zen-cart

    And make sure the file actually gets uploaded (it won't be uploaded if the file is read-only).

    Under normal circumstances (ie: a traditionally configured server with traditional correctly installed SSL certificate, and no URL-rewriting or redirects in .htaccess), none of your symptoms in your "#2" would persist beyond the first instance of requiring the new password.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default Re: admin password problem

    I've already made those changes. After the changes the 1.3 store works fine, but the other 1.5 store I am building gets errors: Here is my admin configure file, with my website removed:

    define('HTTP_SERVER', 'https://www.____.net');
    define('HTTPS_SERVER', 'https://www.##########.net');
    define('HTTP_CATALOG_SERVER', 'https://www.##########__.net');
    define('HTTPS_CATALOG_SERVER', 'https://www.##########__.net');

    // secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_ADMIN', 'true');

    // secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_CATALOG', 'true');

  4. #4
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: admin password problem

    Here's how it works:

    AIM expects that the URL being used at the point of accessing the module's installation screen must be an https URL.
    If it's not https, then you'll see the message you're reporting.

    The password reset because of changing from NON-SSL to SSL is triggered by logging into the Admin over NON-SSL and then later accessing over SSL.
    So, if you're triggering that, then it means your admin has let you log in without using only https URLs.

    Thus, that tells me you're flipping back and forth between modes.
    So, this suggests that you're using multiple configure.php files when accessing the same database. This would be a problem with your development environment.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Aug 2004
    Posts
    262
    Plugin Contributions
    0

    Default Re: admin password problem

    Quote Originally Posted by DrByte View Post
    Here's how it works:

    AIM expects that the URL being used at the point of accessing the module's installation screen must be an https URL.
    If it's not https, then you'll see the message you're reporting.

    The password reset because of changing from NON-SSL to SSL is triggered by logging into the Admin over NON-SSL and then later accessing over SSL.
    So, if you're triggering that, then it means your admin has let you log in without using only https URLs.

    Thus, that tells me you're flipping back and forth between modes.
    So, this suggests that you're using multiple configure.php files when accessing the same database. This would be a problem with your development environment.
    Your were right. When I watched my admin clicks, every other click was non-SSL. I'm not sure why there was a problem, since I made changes to each the secure and non-secure admin configure files when I made changes. I have a copy of my entire store in the secure (SSL)section of my hosting account. I deleted the configure file from the secure section, and then copied the configure file from the non-secure section over to the secure section, and the problem was fixed.

  6. #6
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: admin password problem

    Quote Originally Posted by sadie View Post
    I have a copy of my entire store in the secure (SSL)section of my hosting account. I deleted the configure file from the secure section, and then copied the configure file from the non-secure section over to the secure section, and the problem was fixed.
    I STRONGLY suggest that you work with your hosting company to find a way to symlink your "secure" section to look directly at your non-secure section. There's NO good reason to have to separate them on contemporary webservers nowadays. If your host can't do that, then you've got a lotta work to do every day when trying to keep things in sync between the two places. It's a very outdated server architecture, and not well-suited for ecommerce or any other dynamically-driven site.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. v151 Problem changing admin password
    By elvisstuff in forum General Questions
    Replies: 4
    Last Post: 13 Feb 2015, 09:51 PM
  2. v153 Going in Circles with DP Patch / Admin password problem
    By grumpkat in forum Upgrading to 1.5.x
    Replies: 2
    Last Post: 7 Aug 2014, 02:16 AM
  3. Problem retrieving admin password
    By pausambeat in forum General Questions
    Replies: 3
    Last Post: 10 Feb 2009, 01:40 PM
  4. Admin Password Reset Problem
    By IRevelar in forum Installing on a Linux/Unix Server
    Replies: 7
    Last Post: 15 Oct 2008, 12:39 AM
  5. Problem with admin password
    By tekram in forum Installing on a Linux/Unix Server
    Replies: 1
    Last Post: 29 Jun 2008, 08:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg