Admins and Customers Cannot Login. No Error Messages.

[SgtPepper]

I've read through many threads and cannot pinpoint this issue. This started on my client's site last week for no apparent reason. I have not made any changes to the site in two months. Currently there is an SEO expert executing some magic on the site but I doubt this was caused by his changes.

Experiencing the following issues:

• Admin Login:
  -Does not log you in, looks like a page refresh, no error message (even when the debugger is on), the securityToken does have a value
  -Forgot password does not send anything (not in junk mail, nothing is sent)
  
• Customer Login:
  -Does not log you in
  -Returns with "There was a security error when trying to login."
  -Forgot password says the email address doesn't exist when it does exist in the DB. Does not send email.

Have tried:

• Deleting .htaccess in /admin
• Deleting my cookies
• In Chrome and Safari
• Turning SSL off
• SSL has not recently changed or reissued
• Hosting has not been changed and has been running fine according to GoDaddy
• Changed permissions for configure.phps to 644 (/includes/configure.php was on 444, /admin/configure.php was 705)
• Never customized /includes/functions/sessions.php
• session.user_cookies are On
• session.use_only_cookies On
• Created a new admin account through the database, made no difference

Host is GoDaddy (contacted them, they say SSL and hosting are good, no recent changes)
PHP 5.3.24
ZC 1.3.9h (can't upgrade until end of the year)
Logging in works on other sections of the site such as WordPress, issue appears to be ZC specific
Everything else on the store's front end looks peachy. No sign of any other issues.

Lost on this one and the client is losing money since no one can login to place/fulfill orders. Any suggestions or pointings in the right direction is most appreciated.

[lhungil]

First step is determining what has changed... Did the hosting provider move the site? Update the server hosting your account? Update PHP? Update the email server? Add load balancing or proxying? Etc? I'd also check to see how your Zen Cart installation differ from the stock Zen Cart files to verify no files have been tampered with (or updated / changed). (diagnose obscure issues)?


I'd also make gaining access access to your Zen Cart administrative area a priority. If email is not working, you can follow the instructions to Reset Your Admin Password (via "Delete the old User and Create a new User").


Once you have access into the Zen Cart administrative area, you can check your configured email settings against the settings your hosting provider (GoDaddy) says you need to use. Goal here is to adjust email settings for Zen Cart to match those required by the hosting provider so the "Forgotten password" button (and other emails) work again. The article Troubleshoot Email Problems may be of assistance (along with your hosting provider).


"There was a security error when trying to login." (ERROR_SECURITY_ERROR) usually indicates the securityToken submitted did not match the one stored in the session. This could indicate a problem with session handling (as it appears you have already identified). Have you checked the following:

A) The paths in both of the "configure.php" files (versus what is reported by phpinfo()).

B) The path configured for sessions in the database (admin - configuration - sessions - session directory). Is this correct and writable?

C) The PHP setting for "session.hash_bits_per_character". If this is "6", see this post.

D) Is the SecurityToken sent in POST on customer login page (you identified it does for admin, does it for customers)?