Can't Login as Admin; Can't Access Admin Login Dialog Box

[RodG]

Zen Cart v 1.3.8a.1--I believe it was a one-click install from the hosting service. There was a security patch applied last September. Once I get it working again I WILL upgrade.

There was a time I had a bit of sympathy for those in your position. These days, I kinda just laugh about it and say 'it serves you right'. You've been doing your customers a great disservice for a couple of years now by running software with well known vulnerabilities that allows almost anyone with no technical skill whatsoever to access to their confidential information. I'll wager that your 'excuse' was that you didn't have the time or money to update. Guess what? You now need to spend 3 or 4 times the amount of time/money to fix things, and then you'll STILL need to upgrade.

Enough of the reprimand though, I'm sure you are already feeling bad enough about this.

In fact I attempted an upgrade today thinking it would fix the problem but the upgrade failed.

Sorry to say this, but this was a bad move too. Even if the upgrade was successful, the chances are the site will still have a 'back door' installed (an upgrade won't remove these), and it'll only be a matter of time before you are back here telling us that your V1.5.x installation was hacked.

The website is back up and when I click on the "Shop Now" links I get the Zen Cart page showing the shopping cart is under maintanence.

This is probably the result of your attempted upgrade. It is one of the 1st things the updater code does.

I want to put my shopping cart back into operation but I am now unable to access the Admin login dialog box.

There are ways to put it back into operation using other means, but doing so isn't going to help solve your problem. You are best leaving it in maintenance mode until it is safe to put it back online.

I had bookmarked the URL and if I try that bookmark I get a 404 (page not found error.) If I manually type in the login access URL, i.e.

http://mydomainname.com/zencart//admin/login.php

I get a 404 page not found error.

A 'page not found' error is pretty self explanatory. It means the page "zencart//admin/login.php" cannot be found on the server http://mydomainname.com

The 1st thing you need to do here is look at the files on your server using FTP/Cpanel, etc, to ensure there is a folder called 'zencart' that contains a folder called 'admin' that in turn contains a file called 'login.php'. If *you* can't find it, then neither can the server.

I suspect that as part of your 'security patches' last year you had changed the name of your /admin/ folder, in which case you should be accessing the site using the renamed folder name. Alternatively, your attempted upgrade may have made changes to your configure.php files, which is placing the /admin/ files somewhere else entirely.

How can I regain the ability to login as a Admin?

As stated above, the 1st thing you need to do is locate where your /admin/ files are *actually* located. Next you'll need to confirm that the same file path is defined in your configure.php files, and finally, point your browser to this exact same location.

When you DO finally get the login page, that is where your problems are really going to begin. Not only will you need to deal with problems caused by the hack itself, you have compounded the issue with the failed upgrade attempt.

The BEST advise in this situation is to restore the entire site from a backup copy (you DO have backups don't you?). Once the site is functional again, you'll need to follow the advise 'recovering from hacks', then you'll need to do the upgrade so you don't get hacked again. Then, and only then should you even consider putting the store back online.

I realise that this reply many not appear as being exactly 'friendly' towards you (it's nothing personal), but in all honesty and seriousness, if it were possible to give you an 'easy' solution to your problems I would most certainly do so.

Cheers
Rod

[powrwrap]

Sorry to say this, but this was a bad move too. Even if the upgrade was successful, the chances are the site will still have a 'back door' installed (an upgrade won't remove these), and it'll only be a matter of time before you are back here telling us that your V1.5.x installation was hacked. This is probably the result of your attempted upgrade. It is one of the 1st things the updater code does.

The 404 problem existed before I attempted an upgrade.

The 1st thing you need to do here is look at the files on your server using FTP/Cpanel, etc, to ensure there is a folder called 'zencart' that contains a folder called 'admin' that in turn contains a file called 'login.php'. If *you* can't find it, then neither can the server.

They are both present in my website folders.

I suspect that as part of your 'security patches' last year you had changed the name of your /admin/ folder, in which case you should be accessing the site using the renamed folder name. Alternatively, your attempted upgrade may have made changes to your configure.php files, which is placing the /admin/ files somewhere else entirely.

Security patch did not alter the name of the admin folder. The configue.php was not altered. WinMerge confirms it's the same as it was before the hack.

As stated above, the 1st thing you need to do is locate where your /admin/ files are *actually* located. Next you'll need to confirm that the same file path is defined in your configure.php files, and finally, point your browser to this exact same location.

I can double check this but I'm pretty sure it would be OK, since nothing was changed within these files.

The BEST advise in this situation is to restore the entire site from a backup copy (you DO have backups don't you?). Once the site is functional again, you'll need to follow the advise 'recovering from hacks', then you'll need to do the upgrade so you don't get hacked again. Then, and only then should you even consider putting the store back online.

Site was made operational by rolling back the files to two days before the hack. FWIW, yes, I do have backups.

[rct1974]

Hi powrwrap,

I'm facing the same issue as you do. I, too, am using GoDaddy Linux hosting plan.

I've tried to install and reinstall the latest version of Zen Cart, version 1.5.1, and still can't even find the correct admin page in GoDaddy.com where I can edit my site! I tried the "Applications" login (leads to a blank "error" page), and at "phpadmin" login at my GoDaddy hosting account page, but can't the correct admin page where I can edit and create my own customized ZenCart.

I'm so frustrated. I've contacted GoDaddy for the past 1 week and have not found a solution to this matter.

[stevesh]

Your Zencart admin won't be found in the GoDaddy control panel. It's at yoursitename.com/YOUR_RENAMED_ADMIN_FOLDER

[powrwrap]

Working with GoDaddy they told me there are two configuration files in ZenCart

zencart/admin/configuration.php

and

zencart/admin/includes/configure.php

and they said the password in configuration.php was incorrect. Once they corrected it I was able to access the Admin Login Dialog Box and was able to gain access to the ZenCart administration functions.

HOWEVER, if I examine the configuration.php file I don't see any place where there is a password. So I don't know if I'm getting BSed or if it was something only they can access on their side.

In any event, I'm back in business.

[DrByte]

Working with GoDaddy they told me there are two configuration files in ZenCart

zencart/admin/configuration.php

and

zencart/admin/includes/configure.php

and they said the password in configuration.php was incorrect. Once they corrected it I was able to access the Admin Login Dialog Box and was able to gain access to the ZenCart administration functions.

HOWEVER, if I examine the configuration.php file I don't see any place where there is a password. So I don't know if I'm getting BSed or if it was something only they can access on their side.

In any event, I'm back in business.

You misunderstood the information.
There are two configure.php files in Zen Cart:
/includes/configure.php
/your_renamed_admin/includes/configure.php