Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Join Date
    Feb 2020
    Location
    Maine
    Posts
    6
    Plugin Contributions
    0

    Default Double slashes in URL, admin refreshes endlessly, security not right

    Let me spare you all the story and thank you in advance, and just get to it.

    Site: https://homegrownherbandtea.com/
    * you'll be able to see two of my 3 issues
    Admin: https://homegrownherbandtea.com/the-admin/
    * logging in is the issue so not sure how to do this other than accept guidance

    Upgrading/rebuilding 1.3.9 to 1.5.6. With my host cutting off PHP support had to do it and I'm happy to! Host is Dreamhost.
    All went fine following directions to create a separate site to make the merge and test. The only major difference with the live site is SSL. My test had no SSL.
    Today I moved all the files to the live directory, upgraded PHP, upgraded db successfully, then troubles began and never saw a working live site yet.
    I've read and tried things for like 4 hours on how to solve all these things but to no avail so I throw myself on the court for help.

    Issues detail:

    First I found admin just refreshes no error no login. I found solutions that didn't work and in this case I doubt its sessions issues because I've used mulitple devices and all have same trouble.

    I thought the catalog was working initially but now there's double slashes in the URL and after trying lots of combinations just can't seem to get rid of it.

    Lastly SSL seems way odd but it seems like getting the slashes figured out may help.


    Ok your info:

    What version of Zen Cart are you using?
    1.5.6c
    Has your site been upgraded? When? From what version(s)?
    1.3.9

    If you've upgraded, HOW did you upgrade? (official upgrade procedure or an automated script from your hosting company?)
    Official upgrade procedure

    What plugins/addons have you installed? When? If your problems are payment-related, what payment module(s) are you using? If it's shipping-related, which shipping module(s) are you using?
    Only new plugin was CKEdit. Otherwise just my template and new version.

    If your problems are language-pack related (non-English), have you checked that all the language files are loaded and correct?
    n/a

    HOW did you install Zen Cart? (upload via FTP and run zc_install, or a one-click install from your hosting company? (one-click installs might mean you don't have enough information about your site/server to make customizations easily))
    uploading/copying files

    What version of PHP and MySQL is your server using? (See Admin->Tools->Server Info)
    PHP Version: 7.3.12 (Zend: 3.3.12)
    mysqlnd 5.0.12-dev - 20150407 (i don't know if you needed all this)

    WHEN did the problem "start"? How does that compare with other events of your hosting company, changes you've made to your site files/addons, or your admin settings, etc?
    As stated it started when going live. After successfully upgrading db and then trying to get in to admin.

    Please post the contents of related "debug logs" generated by Zen Cart.
    Here's the code of the debug log. The odd thing is these were the pieces I ended up chasing down when getting my test going. I wouldn't expect them to end up being an issue here.
    Code:
    [16-Feb-2020 14:47:49 America/Los_Angeles] Request URI: /index.php?main_page=down_for_maintenance, IP address: 114.119.151.156
    #1  require(/home/jbloom/homegrownherbandtea.com/includes/modules/sideboxes/all_business/information.php) called at [/home/jbloom/homegrownherbandtea.com/includes/modules/column_left.php:28]
    #2  require(/home/jbloom/homegrownherbandtea.com/includes/modules/column_left.php) called at [/home/jbloom/homegrownherbandtea.com/includes/templates/all_business/common/tpl_main_page.php:92]
    #3  require(/home/jbloom/homegrownherbandtea.com/includes/templates/all_business/common/tpl_main_page.php) called at [/home/jbloom/homegrownherbandtea.com/index.php:97]
    --> PHP Warning: Use of undefined constant DEFINE_ABOUT_US_STATUS - assumed 'DEFINE_ABOUT_US_STATUS' (this will throw an Error in a future version of PHP) in /home/jbloom/homegrownherbandtea.com/includes/modules/sideboxes/all_business/information.php on line 25.

    If this is your first store, have you tested all aspects of transactions before going live?
    I did test it entirely on my test site. This isn't my first zen cart rodeo but it's definitely been a long time and I am no server or zen expert.

    In what ways is your site customized or different from a brand new uncustomized install?
    Just template and CKEditor

    Please post your site URL* so we can take a look at it. This is especially important if you're encountering display/layout problems, so the problem can be seen directly.
    If you're encountering problems that could be related to your server or hosting company, include the name of your hosting company (not their URL).
    HAVE YOU LOOKED IN THE FAQ AREA for answers to your question? (ie: a search for your error message or what you want to edit/change, etc)
    Yes.
    Have you searched the FORUM for your error message or for answers to the question you're asking?
    As stated I have looked all over for these things and it's either out of my ability or just not out there in this way.

    Thank you in advance and thank you for any help you can offer.

    Jeremy

  2. #2
    Join Date
    Jan 2004
    Posts
    65,335
    Blog Entries
    7
    Plugin Contributions
    229

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    the double-slash in example.com//index.php comes from what you've entered in HTTP_SERVER and HTTPS_SERVER. There should not be an ending '/' in those.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jul 2012
    Posts
    14,850
    Plugin Contributions
    17

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    Your current configure.php files should look more like what is provided at: includes/dist-configure.php for the catalog side and like admin/includes/dist-configure.php for the admin side. These files provide both instruction as well as example of how to incorporate the necessary information. Further, if they had been created or updated with the zc_install process, then a lot of the issues likely wouldn't exist.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  4. #4
    Join Date
    Feb 2020
    Location
    Maine
    Posts
    6
    Plugin Contributions
    0

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    You guys are the best thank you!

    Dr. Byte was right. After a long day I missed that the upload wasn't taking and had to delete the file then upload /includes/configure.php. That got rid of the // but the admin login loop and security problem remains.

    More I notice on the SSL... The homepage is NOT secure. Clicking on most of the categories then IS secure. Sub categories NO secure. Product IS secure. Seems to be every other layer is secured. I don't know if that makes sense. Just weird.

    So I'm hearing from mc12345678 that because these files may have been off during the db upgrade it made some knots and here I am. I've checked the rest of the config files against the examples and they are as they should be.

    Would you just wipe and re-install? I had the site all together in my test area I can't be far from success here.

  5. #5
    Join Date
    Jul 2012
    Posts
    14,850
    Plugin Contributions
    17

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    Quote Originally Posted by jeremyrainbow View Post
    You guys are the best thank you!

    Dr. Byte was right. After a long day I missed that the upload wasn't taking and had to delete the file then upload /includes/configure.php. That got rid of the // but the admin login loop and security problem remains.

    More I notice on the SSL... The homepage is NOT secure. Clicking on most of the categories then IS secure. Sub categories NO secure. Product IS secure. Seems to be every other layer is secured. I don't know if that makes sense. Just weird.

    So I'm hearing from mc12345678 that because these files may have been off during the db upgrade it made some knots and here I am. I've checked the rest of the config files against the examples and they are as they should be.

    Would you just wipe and re-install? I had the site all together in my test area I can't be far from success here.
    At the moment, wouldn't go for a full wipe as there are still some issues in at least the catalog side includes/configure.php.

    At some point effort was made to have the site all https by way of redirects prior to getting to the website itself. The problem is that the website (Zen Cart) isn't set up to sustain as full https:... and this is somewhat why you may be seeing every other page appear as secure and then not.

    Please ensure that the page is secured as described in this FAQ where it is desired for the full site to be https ("protected" by SSL): https://www.zen-cart.com/content.php...alled-zen-cart
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  6. #6
    Join Date
    Feb 2020
    Location
    Maine
    Posts
    6
    Plugin Contributions
    0

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    I'm not sure I follow the part about redirecting all the pages at some point but I did narrow in on the SSL stuff. I use dreamhost for my hosting service if that means anything.

    In the config files, things are as directed and I've given the settings below. The only real piece I wanted to mention is that while I seem to have a dedicated ssl as you describe them, I do not have a unique IP. Everything looks turned on at the control panel for dreamhost saying SSL is on and all that.

    I tinkered around to make sure again but still same results with looping admin and security oddity.

    Here's my settings for SSL in the two files if that helps you to see...

    /includes/configure.php
    Code:
      define('HTTP_SERVER', 'https://homegrownherbandtea.com/');
      define('HTTPS_SERVER', 'https://homegrownherbandtea.com/');
    
      // Use secure webserver for checkout procedure?
      define('ENABLE_SSL', 'true');
    /the-admin/includes/configure.php
    Code:
      define('HTTP_SERVER', 'https://homegrownherbandtea.com');
      define('HTTPS_SERVER', 'https://homegrownherbandtea.com');
      define('HTTP_CATALOG_SERVER', 'https://homegrownherbandtea.com');
      define('HTTPS_CATALOG_SERVER', 'https://homegrownherbandtea.com');
    
      // Use secure webserver for catalog module and/or admin areas?
      define('ENABLE_SSL_CATALOG', 'true');
      define('ENABLE_SSL_ADMIN', 'true');
    
    // NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
    // * DIR_WS_* = Webserver directories (virtual/URL)
      // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
      define('DIR_WS_ADMIN', '/the-admin/');
      define('DIR_WS_CATALOG', '/');
      define('DIR_WS_HTTPS_ADMIN', '/the-admin/');
      define('DIR_WS_HTTPS_CATALOG', '/');

  7. #7
    Join Date
    Jan 2004
    Posts
    65,335
    Blog Entries
    7
    Plugin Contributions
    229

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    Your post above shows that in your non-admin configure.php you still have the trailing '/' on the HTTP_SERVER and HTTPS_SERVER entries.

    As to your admin login issues, it appears to be a session problem. More specifically, it seems to not even be trying to start an Admin session. It's like it's thinking it's the storefront, even though it's showing the Admin login.
    This suggests to me that you may have copied some non-admin files into the admin directory structure (particularly various things in the /includes/ subdirectories).

    Further, since you said it seemed to work fine in your staging area, but not on the live store, that suggests an FTP issue. Thus, I'm guessing that maybe when you uploaded the files to the server you put things in the wrong place? (Remember, the naming of directories is very similar between admin and non-admin, but the actual files "in" those directories is very different in most cases.)
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  8. #8
    Join Date
    Feb 2020
    Location
    Maine
    Posts
    6
    Plugin Contributions
    0

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    I can't believe I made that mistake but the / really isn't there. And you're right about it feeling like it never really starts a session.

    I hear you on the FTP but I do the whole directory not really peacemeal. At least until you start tweaking and I could definitely make mistakes, obviously. :)

    You're point makes me think I just need to rebuild the files, like you would building the test in your instructions.

    I'll report back if I get it or find something new but any and all thoughts are continually welcome. Thanks again so much for all the help I can't say it enough.

  9. #9
    Join Date
    Feb 2020
    Location
    Maine
    Posts
    6
    Plugin Contributions
    0

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    I renamed my site folder, and uploaded the original 1.5.x install using brand new config files. I don't think any of the info was any different actually, but I used your dist- files to make them and it worked right away.

    Once the site worked I used WinMerge to help compare the original zen cart files with what I had made on the successful test site. I definitely found a couple of unneeded files and tested each change I made and it worked. Whew!

    The only thing is the homepage is not secure. It seems that every other page on the site IS secure however.

    The only other thing is my about page. It is not linking to the page I made using define pages editor. Just weird.

    Anyway thanks again I'm so appreciative of your work and help.

    Jeremy

  10. #10
    Join Date
    Jul 2012
    Posts
    14,850
    Plugin Contributions
    17

    Default Re: Double slashes in URL, admin refreshes endlessly, security not right

    It looks like your define for images: DIR_WS_IMAGES begins with a slash as I'm seeing on your main page that there are two issues, one is that where an image is to be displayed, there is a link generated with a slash before the images directory and then where the full path is provided there are the two slashes still. This may be a template thing, but it could also still be an issue with the defines in the includes/configure.php if they have been included to override the base locations. The other issue is that what is being seen on pages such as the main page is what is called mixed content.

    Mixed content is where the browser is perhaps on a webpage beginning with https but there are locations referenced (in this case there are html tags that have src="http: style references) or the reverse could be true where the page is http: but tags such as those have https:.

    In either case the result of mixed content is that the visitor is notified of these discrepancies in one way or another. Afterall, it "appears" that the page is secure but there is information being transferred without the SSL.

    Again this may be template related. A quick test for yourself is to momentarily change the template on the site to one of the default templates. Yes, sideboxes will likely not be positioned as expected, but the point is to see if the same issues exist or if they go away (possibly to identify something else).

    Another reason for some of the above issues is that Web addresses may be hard-coded instead of using the zen cart zen_href_link code to create the link(s) or if using the function that it is not given all of the information (typical of older templates)...

    Then, also, noticed that the admin/includes/configure.php file above has the admin folder name hard coded instead of using the self detection provided in ZC 1.5.1 and above... with the rebuild/copy over I don't know if that has been updated/fixed or that issue persists...
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Odd double slashes in path to Sidebox Title Image
    By Hell Guapo in forum Templates, Stylesheets, Page Layout
    Replies: 8
    Last Post: 3 Jan 2012, 07:37 PM
  2. New Cart install has double forward slashes (//)
    By zhenjie in forum General Questions
    Replies: 1
    Last Post: 18 Oct 2010, 07:47 AM
  3. double // in my url right after the top domain.
    By minshop.no in forum General Questions
    Replies: 8
    Last Post: 2 Jun 2008, 02:25 PM
  4. double slashes in URL ??
    By papadopoulos in forum General Questions
    Replies: 8
    Last Post: 14 Apr 2008, 04:32 PM
  5. Double slashes in URLs, mod_rewrite at fault?
    By rstevenson in forum Customization from the Admin
    Replies: 5
    Last Post: 16 Nov 2006, 04:33 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR