There was a security error when trying to login and no admin access

[dimsumgurl]

hello ALL!!

I understand that this question has been asked countless times and the suggestions worked for some and not others....

I have read as much as I could find and implement the suggests with no luck.

I currently have a website running under www.greatintl.com. When zencart is finished, it will be replaced. Currently, the website's files are in the webroot and zencart in it's own folder.

I installed zencart v1.3.8 on december. I have been working on it to change the display and adding products etc.

I used cherry_zen template and added various add ons such as easy populate.

Until recently when I tried to change several information that I can no longer access my admin or log into the store, unless ofcourse I revert back.

I made sure the configure.php files were writable first then made the changes. I tried the fix_cache_key as well. It did not report any issues.

Below are the steps I took to create this problem:

I moved no files from it's original folder.
I have not enabled my SSL yet.

my cart was working fine with the following settings:

admin/includes/configure.php
define('HTTP_SERVER', 'http://zencart.greatintl.com');
define('HTTPS_SERVER', 'https://zencart.greatintl.com');
define('HTTP_CATALOG_SERVER', 'http://zencart.greatintl.com');
define('HTTPS_CATALOG_SERVER', 'https://zencart.greatintl.com');

define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');

includes/configure.php

define('HTTP_SERVER', 'http://zencart.greatintl.com');
define('HTTPS_SERVER', 'https://zencart.greatintl.com');

define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

Problems occurred after the following changes:

admin/includes/configure.php

define('HTTP_SERVER', 'http://greatintl.com');
define('HTTPS_SERVER', 'https://greatintl.com');
define('HTTP_CATALOG_SERVER', 'http://greatintl.com');
define('HTTPS_CATALOG_SERVER', 'https://greatintl.com');

define('DIR_WS_ADMIN', '/zencart2010/admin/');
define('DIR_WS_CATALOG', '/zencart2010/');
define('DIR_WS_HTTPS_ADMIN', '/zencart2010/admin/');
define('DIR_WS_HTTPS_CATALOG', '/zencart2010/');

includes/configure.php

define('HTTP_SERVER', 'http://greatintl.com');
define('HTTPS_SERVER', 'https://greatintl.com');

define('DIR_WS_CATALOG', '/zencart2010/');
define('DIR_WS_HTTPS_CATALOG', '/zencart2010/');

It has nothing to do with 644 or 444 on your configure.php files.

Whatever is causing it is preventing your visitors from being able to establish a PHP session. You can't even add anything to the cart and have it be remembered. That's a classic problem with sessions.

When did your hosting company upgrade to PHP 5.2.5? Maybe they busted this on you without knowing it.

from http://www.zen-cart.com/forum/showthread.php?t=81743

I feel like I am having an issue with this... the php sessions... if so how can I go about to solve this?

I also followed the tutorial about adding the follow code to the files indicated:

<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>

- /includes/templates/YOUR_TEMPLATE/templates/tpl_login_default.php
- /includes/templates/YOUR_TEMPLATE/templates/tpl_timeout_default.php

When I opened those files, that line of code was already there... unless I have to have 2 lines?

Also that tutorial mentioned about admin/login.php... does that mean the

<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>

would have to be placed in that file as well?

THANK YOU for reading this long post

[dimsumgurl]

For those who are reading and trying to help, I have reverted back to my original state for site maintenance purposes. Im not sure if that would interfere with you trying to help.

[dimsumgurl]

So lets just say...... I took everything I learned through these forums from topics of various problems that were similar to mine that could have affected the functionality.

and LETS JUST SAY Im TOTALLY relieved and feel that my brain was able to cross the finish line of understanding. I seriously couldn't sleep because I keep thinking "why why why...."

Here is what I learned:

define('HTTP_SERVER', '');
define('HTTPS_SERVER', '');
define('HTTP_CATALOG_SERVER', '');
define('HTTPS_CATALOG_SERVER', '');

For me, these settings need to have the www. in them.
I had to change:

define('DB_SERVER', '');

Not sure if it's safe to state what it was to what I changed it to.

ALSO, I during the research, someone posted (sorry I don't remember!) how overrides worked exactly. If your custom template doesn't have it, then don't put the default tpl file in there. I didn't know that... I had the

tpl_login_default

in my custom folder for cherry_zen. The reason I had that was because I read there was a security update and you needed to have 2 files changed with a certain line code.

I had it working as in I can login and goto admin. however, my login session did not last. That's when I realized maybe it was the
tpl_login_default.