Admin redirects to home page upon log in

[kman55]

Hello Zenners -

Happy New Year to all of you. Wish you all a very successful 2014.

My ZC has been running like a charm. I have not added any addons, messed with the code etc. all of 2013.

A couple of days ago, when I logged into the admin section, after entering my password and hitting enter, I was redirected to my homepage. The redirected url looks like this "http://www.homepage.com//". With two forward slashes. I'm not sure how or what happened. As I mentioned, I have not done anything on the back end in a while. I can manually edit the url to include my secret admin folder like this "http://www.homepage.com/secretadminfolder" and hitting enter takes me inside the admin section. Everything else works in the admin menu other than the "Admin Home" link. When I click that, instead of refreshing the admin page, it takes me to the homepage and the url again becomes "http://www.homepage.com//". again, I can enter the secretadminfolder after the first forward slash, hit enter and I can go into the admin section.

I've checked the admin->includes->configure.php file and it looks okay to me...can you someone please guide me as to what they think the problem might be?

[twitchtoo]

Did your host make any 'improvements' to their server they forgot to mention to you?

[dbltoe]

Settings in the configure.php files do not generally get touched by a host and should not be affected by a php update, etc. You need to start here. http://www.zen-cart.com/wiki/index.p...ing_From_Hacks

[kman55]

Settings in the configure.php files do not generally get touched by a host and should not be affected by a php update, etc. You need to start here. http://www.zen-cart.com/wiki/index.p...ing_From_Hacks

Thanks for the direction. I changed passwords on admin several days ago. When I try to log into the admin section, I am still asked for a password. Once I enter the password, I'm redirected to the home page and then have to manually again type the secretadminfolder to enter the admin section. Without entering the password, you cannot get into the admin page. I will also bring this up with my host. However, I am curious to understand why you feel this might be a hack attempt. I look forward to your reply.

[dbltoe]

However, I am curious to understand why you feel this might be a hack attempt. I look forward to your reply.

No problem.
With the advent of 1.5, the admin configure.php file was modified to use constants and automatically recognize the change in an admin directory. Along with this, the admin configure.php also used this method to get to the main admin page and, also, to get to the catalog from the admin.

The fact that submitting your information in the admin login does NOT take you to where it should and that it DOES add the extra / says that your admin configure.php file is corrupt or has been modified by person or persons unknown.

If your admin configure.php file (located in the YOURADMIN/includes folder) does not look like this in the first thirty-eight lines, you may have been hacked.

* @copyright Copyright 2003-2011 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* File Built by zc_install on 2012-02-16 12:47:21
*/


/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

/**
* WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
* To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
*/
define('HTTP_SERVER', 'http://yoursite.com');
define('HTTPS_SERVER', 'https://yoursite.com');
define('HTTP_CATALOG_SERVER', 'http://yoursite.com');
define('HTTPS_CATALOG_SERVER', 'https://yoursite.com');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
$t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p1) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p2) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_HTTPS_CATALOG', '/');

Short but sweet - Links using constants don't change on their own or by a host tweaking a server. I prefer paranoia when it comes to our sites.

"Just because you're paranoid, doesn't mean everybody's not out to get you."

[kman55]

I compared the admin/includes/configure.php file with what you listed above...nothing seems to have been changed. I can't find a copy of the admin/includes/configure file that came with the zc1.5.0 package. I downloaded a fresh copy of 1.5.0 and there is no configure.php file for admin/includes...I guess it gets created on the fly. I am posting my configure.php files with critical information blocked off...perhaps, maybe someone can find if something is off...or any other direction that I can be pointed to would be appreciated.

PHP Code:

<?php
/**
 * @package Configuration Settings circa 1.5.0
 * @copyright Copyright 2003-2011 Zen Cart Development Team
 * @copyright Portions Copyright 2003 osCommerce
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * File Built by zc_install on 2012-06-28 09:56:40
 */


/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/***************       The 2 files should be kept separate and not used to overwrite each other.      ***********/

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'https://www.abcdefghi.com');
  define('HTTPS_SERVER', 'https://www.abcdefghi.com');
  define('HTTP_CATALOG_SERVER', 'https://www.abcdefghi.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.abcdefghi.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  $t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

  define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p1) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p2) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
  define('DIR_WS_HTTPS_CATALOG', '/');

  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
  define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');

// * DIR_FS_* = Filesystem directories (local/physical)
  define('DIR_FS_ADMIN', realpath(dirname(__FILE__) . '/../') . '/');
  //the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
  define('DIR_FS_CATALOG', '/home/abcdefghi/public_html/');

  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_CATALOG_TEMPLATES', DIR_FS_CATALOG . 'includes/templates/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

// define our database connection
  define('DB_TYPE', '');
  define('DB_PREFIX', '');
  define('DB_CHARSET', '');
  define('DB_SERVER', '');
  define('DB_SERVER_USERNAME', '');
  define('DB_SERVER_PASSWORD', '');
  define('DB_DATABASE', '');

  // The next 2 "defines" are for SQL cache support.
  // For SQL_CACHE_METHOD, you can select from:  none, database, or file
  // If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache 
  // or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
  // ie: /path/to/your/webspace/public_html/zen/cache   -- leave no trailing slash  
  define('SQL_CACHE_METHOD', 'none'); 
  define('DIR_FS_SQL_CACHE', '/home/abcdefghi/public_html/cache');


// Define the webserver and path parameters
  // Main webserver: eg-http://www.your_domain.com - 
  // HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
  // HTTP_CATALOG_SERVER is your Main webserver: eg-http://www.your_domain.com
  // HTTPS_CATALOG_SERVER is your Secure webserver: eg-https://www.your_domain.com
  /* 
   * URLs for your site will be built via:  
   *     HTTP_SERVER plus DIR_WS_ADMIN or
   *     HTTPS_SERVER plus DIR_WS_HTTPS_ADMIN or 
   *     HTTP_SERVER plus DIR_WS_CATALOG or 
   *     HTTPS_SERVER plus DIR_WS_HTTPS_CATALOG
   * ...depending on your system configuration settings
   */
// EOF

[lat9]

The only thing that looks "funny" to me is

Code:

define('HTTP_CATALOG_SERVER', 'https://www.abcdefghi.com');

Try it without the s

Code:

define('HTTP_CATALOG_SERVER', 'http://www.abcdefghi.com');

[kman55]

Thanks lat9. I tried changing that but that did not work. I still get redirected to my home page. In my home page url, once I put my admin folder name and hit enter, it takes me to admin dashboard...this is so random. I am not sure what happened.