Cannot sign-in with shared SSL and 1and1

[rayw1679]

Yes, I'm using shared SSL. There's a limit on SSL's, and I have 4 stores (one is my bread & butter, the others are for relatives and a friend.
This is the new test store I made last night:

<?php
/**
* @package Configuration Settings circa 1.5.1
* @copyright Copyright 2003-2012 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* File Built by zc_install on 2013-02-10 06:49:24
*/


/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

/**
* WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
* To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
*/
define('HTTP_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net');
define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/rdswebs.net');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
$t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p1) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_CATALOG', '/pannys.net/store/');
define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p2) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_HTTPS_CATALOG', '/pannys.net/store/');

define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');

// * DIR_FS_* = Filesystem directories (local/physical)
define('DIR_FS_ADMIN', realpath(dirname(__FILE__) . '/../') . '/');
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/homepages/5/d232125156/htdocs/pannys.net/store/');

//the following path is a COMPLETE path to the /logs/ folder eg: /var/www/vhost/accountname/public_html/store/logs ... and no trailing slash
define('DIR_FS_LOGS', '/homepages/5/d232125156/htdocs/pannys.net/store/logs');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_CATALOG_TEMPLATES', DIR_FS_CATALOG . 'includes/templates/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_CHARSET', 'latin1');
define('DB_SERVER', 'localhost:/tmp/mysql5.sock');
define('DB_SERVER_USERNAME', 'dboxxx');
define('DB_SERVER_PASSWORD', 'xxx');
define('DB_DATABASE', 'dbxxx');

// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'database');
define('DIR_FS_SQL_CACHE', '/homepages/5/d232125156/htdocs/pannys.net/store/cache');


// Define the webserver and path parameters
// Main webserver: eg-http://www.your_domain.com -
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
// HTTP_CATALOG_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_CATALOG_SERVER is your Secure webserver: eg-https://www.your_domain.com
/*
* URLs for your site will be built via:
* HTTP_SERVER plus DIR_WS_ADMIN or
* HTTPS_SERVER plus DIR_WS_HTTPS_ADMIN or
* HTTP_SERVER plus DIR_WS_CATALOG or
* HTTPS_SERVER plus DIR_WS_HTTPS_CATALOG
* ...depending on your system configuration settings
*/
// EOF

[lat9]

Ah-ha! I've seen some threads on the shared SSL and enabling SSL in your admin before. It's got to do with the auto-detected definitions for the admin directories. Try changing:

Code:

define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p1) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_CATALOG', '/pannys.net/store/');
define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', $p2) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
define('DIR_WS_HTTPS_CATALOG', '/pannys.net/store/');

to

Code:

define('DIR_WS_ADMIN', '/pannys.net/store/YOUR_ADMIN/');
define('DIR_WS_CATALOG', '/pannys.net/store/');
define('DIR_WS_HTTPS_ADMIN', '/pannys.net/store/YOUR_ADMIN/');
define('DIR_WS_HTTPS_CATALOG', '/pannys.net/store/');

[rayw1679]

Thank you for your help. You have no idea how much I appreciate it; I've barely slept in the past month.

I kept the test store config "clean" for DrByte. This is that section from my main store, and it's doing the same thing. I think it's what you suggested (let me know if I missed something, please):

define('DIR_WS_ADMIN', '/reliablegokarts.com/store/MY_ADMIN/');
define('DIR_WS_CATALOG', '/reliablegokarts.com/store/');
define('DIR_WS_HTTPS_ADMIN', '/reliablegokarts.com/store/MY_ADMIN/');
define('DIR_WS_HTTPS_CATALOG', '/reliablegokarts.com/store/');

Just in case, I also downloaded a fresh copy of 1.5.1 (I used a previous download for the test store) and ran WinMerge on it and the test store. The only difference is the test store has a file that is apparently written during the installation, application_top_php.modified.txt.

[lat9]

There's something weird going on with the session's security token when the switch to PHP 5.4 is made. I'm not sure why (yet) but the security token value is changing each time a login attempt is made.

[rayw1679]

I have no idea what that means, but I appreciate your not giving up. Let me know if I need to do anything.

[lat9]

One of the differences I'm seeing between the session-related phpinfo() is that session.use_only_cookies is Off for 5.2.17 and On for 5.4.11.

Session-related issues are not my forte, so I have no idea whether this is/isn't germane; all I'm looking for is differences at this point.

[lat9]

Another difference: session.entropy_file is "no value" for 5.2.17 and /dev/urandom for 5.4.11.

[Design75]

For what it's worth, I am running a ZEN Cart 1.5.1 on:
PHP versie: 5.4.6-1ubuntu1.1 (Zend versie: 2.4.0)
Database: MySQL 5.5.29

without any problem

[lat9]

OK, I have absolutely no idea why the following works ... but it does.

My admin's /includes/configure.php file contains the following setup towards the beginning:

Code:

  define('HTTP_SERVER', 'https://ssl.perfora.net');
  define('HTTPS_SERVER', 'https://ssl.perfora.net');
  define('HTTP_CATALOG_SERVER', 'http://www.mysite.com');
  define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/mysite.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  $t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

  define('DIR_WS_ADMIN', '/mysite.com/myadmin/');
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_ADMIN', '/mysite.com/myadmin/');
  define('DIR_WS_HTTPS_CATALOG', '/');

My admin's Configuration->Sessions is using all the default settings.

The bit of magic that made this work was my creation of the file /MY_ADMIN/includes/extra_configures/custom_cookie_path.php that contains:

Code:

<?php
define('CUSTOM_COOKIE_PATH', '/mysite.com/myadmin');  // Same value as DIR_WS_ADMIN but missing the trailing backslash

That's it! Now my 1and1 Zen Cart v1.5.1 admin is running with shared SSL using PHP v5.4.11.

P.S. If any of the session "gurus" could supply the how-come-it-works, I'd appreciate it.

[rayw1679]

Thank you, lat9. You are a genius! I had to change the options slightly because I’m on a server, rdswebs.net. This is what I ended up with:

define('HTTP_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net/pannys.net');
define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
$t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

define('DIR_WS_ADMIN', '/pannys.net/store/adminxxx/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/pannys.net/store/adminxxx/');
define('DIR_WS_HTTPS_CATALOG', '/');


define('CUSTOM_COOKIE_PATH', '/rdswebs.net/pannys.net/store/adminxxx');


One more question, please. This was a test store. My real stores have the old configurations without the application_top.modified.txt file. I assume the symbolics are to access the cookie code, but I don’t read PHP. Will I be able to insert that code into the old configs?