Admin area

[Angiex1]

Is this the version you requested?

Your version of Zen Cart® appears to be current.
(You are presently using: v1.5.7d)

[mc12345678]

Is this the version you requested?

Your version of Zen Cart® appears to be current.
(You are presently using: v1.5.7d)

That's part of it, though that describes the software version of the Zen Cart software and confirms that are using the latest published production version. Normally would suggest to include the information down to where the php info begins, but am afraid that the display may not be so well broken up at this point.

It would be basically at this link: YOUR_ADMIN/index.php?cmd=server_info

[Angiex1]

Erm I cannot find that server info am a bit unsure how.

Was the code I provided correct?

[Angiex1]

Swguy mentioned some old css but am not sure where that would of come from but would that have an effect?

[Angiex1]

Please is there any help with this.

I have uninstalled it removed database and user. New databas and user with all permissions. Re-downloaded a fresh copy of zencart new install followed the instructions including renaming the admin folder, cleared cache and the admin panel is still the same

[mc12345678]

Erm I cannot find that server info am a bit unsure how.

Was the code I provided correct?

Code provided (.htaccess) matches/matched what was provided in the original download of Zen Cart 1.5.7d, so "correct" to the Zen Cart version, but in part still need to *positively* identify that is proper for the server itself. At the same time, that particular .htaccess file may not be an issue. See more below

Swguy mentioned some old css but am not sure where that would of come from but would that have an effect?

His response was like the 95% issue that many face. They have an admin directory, they do an upgrade/install/reinstall to the same admin directory. Browsers remember that CSS files don't change often and so, internally reload the same CSS file. The upgraded version though has different content and causes the display to look wrong. Again, refreshing the cache of the browser would fix that sort of issue. But in your case as I previously mentioned, the css files in that directory are/were prevented from being loaded by the server/system. It has ZERO to do with the Zen Cart software as much as it does with something about the server setup, something in the root of the server or above that folder.

Please is there any help with this.

I have uninstalled it removed database and user. New databas and user with all permissions. Re-downloaded a fresh copy of zencart new install followed the instructions including renaming the admin folder, cleared cache and the admin panel is still the same

Don't change it, but is the admin directory the same or different from what it was before?

Is there an .htaccess file at: "filemanager/public_html"? If not one there, is there one at "filemanager/"?

When one is found at those directories, please post contents and obscure anything you believe needs to be "hidden" from public view. Remember to use the code tags as you have done previously.

[Angiex1]

admin folder name has changed as new install, frontend of site is working fine it is as though the setout of the admin is not working properly.
I have just asked my webhost if there could be an issue via the hosting side waiting on a reply.
there is no .htaccess file in file manager or public html but there is one in the admin folder which I have attached below permissions set at 644.

Code:

###############################
DirectoryIndex index.php

# deny *everything*
<FilesMatch ".*\..*">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
  </IfModule>
</FilesMatch>

# allow access to the root
<FilesMatch "^$">
  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
  </IfModule>
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch "(?i).*\.(php|html?|js|css|jpe?g|gif|webp|png|otf|ico|cur|map|eot|svgz?|ttf|woff2?|xml|xsl|csv|txt)$">
  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
  </IfModule>
</FilesMatch>

IndexIgnore */*

<limit POST PUT>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
  </IfModule>
</limit>


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI



##################
## Optional caching improvements
## Requires mod_header and mod_deflate to be enabled within Apache
##################
<IfModule mod_headers.c>
  Header unset Pragma
  FileETag None
  Header unset ETag
  #Header set Cache-Control "no-transform"
  <FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|svgz?)$">
    Header set Cache-control "max-age=864000, public, must-revalidate"
    Header unset Last-Modified
  </FilesMatch>
  <FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$">
    Header set Cache-control "max-age=7200, must-revalidate"
  </FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
  <FilesMatch "(?i)\.(js|css)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

##################
## Optional improvements
## Requires mod_expires to be enabled within Apache
##################
<ifmodule mod_expires.c>
  ExpiresActive On
  ExpiresDefault A300
  ExpiresByType application/x-javascript A3600
  ExpiresByType text/css A3600
  ExpiresByType image/gif A604800
  ExpiresByType application/pdf A604800
  ExpiresByType text/html A300
  ExpiresByType image/x-icon A86400
  ExpiresByType image/jpeg A2592000
  ExpiresByType image/png A2592000
  ExpiresByType text/cache-manifest "access plus 0 seconds"
  ExpiresByType image/svg A2592000
</ifmodule>


#turn off X-PHP-Originating-Script header when sending emails from admin
#uncomment to activate:
# php_flag mail.add_x_header Off

[mc12345678]

admin folder name has changed as new install, frontend of site is working fine it is as though the setout of the admin is not working properly.
I have just asked my webhost if there could be an issue via the hosting side waiting on a reply.
there is no .htaccess file in file manager or public html but there is one in the admin folder which I have attached below permissions set at 644.

Code:

###############################
DirectoryIndex index.php

# deny *everything*
<FilesMatch ".*\..*">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
  </IfModule>
</FilesMatch>

# allow access to the root
<FilesMatch "^$">
  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
  </IfModule>
</FilesMatch>

# but now allow just *certain* necessary files:
<FilesMatch "(?i).*\.(php|html?|js|css|jpe?g|gif|webp|png|otf|ico|cur|map|eot|svgz?|ttf|woff2?|xml|xsl|csv|txt)$">
  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
  </IfModule>
</FilesMatch>

IndexIgnore */*

<limit POST PUT>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
  </IfModule>
</limit>


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI



##################
## Optional caching improvements
## Requires mod_header and mod_deflate to be enabled within Apache
##################
<IfModule mod_headers.c>
  Header unset Pragma
  FileETag None
  Header unset ETag
  #Header set Cache-Control "no-transform"
  <FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|svgz?)$">
    Header set Cache-control "max-age=864000, public, must-revalidate"
    Header unset Last-Modified
  </FilesMatch>
  <FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$">
    Header set Cache-control "max-age=7200, must-revalidate"
  </FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
  <FilesMatch "(?i)\.(js|css)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

##################
## Optional improvements
## Requires mod_expires to be enabled within Apache
##################
<ifmodule mod_expires.c>
  ExpiresActive On
  ExpiresDefault A300
  ExpiresByType application/x-javascript A3600
  ExpiresByType text/css A3600
  ExpiresByType image/gif A604800
  ExpiresByType application/pdf A604800
  ExpiresByType text/html A300
  ExpiresByType image/x-icon A86400
  ExpiresByType image/jpeg A2592000
  ExpiresByType image/png A2592000
  ExpiresByType text/cache-manifest "access plus 0 seconds"
  ExpiresByType image/svg A2592000
</ifmodule>


#turn off X-PHP-Originating-Script header when sending emails from admin
#uncomment to activate:
# php_flag mail.add_x_header Off

For info/verification that the issue is resolved, you should be able to see content on screen when you use your browser to goto: YOUR_SITE/PATH_TO_ADMIN/includes/css/login.css
When the admin directory was known (based on it being included in a previous image) a 403 error was generated. That is a response indicating a denial of access to the file. While yes the file is behind the admin directory, access to it should not require a Zen Cart login. It does require one to know the name of the directory. I have no need to know that and why I am passing on a method of testing.

You might also (now that the admin directory is not public) attempt renaming the .htaccess file that is in the admin directory to see if doing so restores access to that file. If it does restore access, then need to troubleshoot the contents to identify where the issue may be. I have a bunch that the section of the above htaccess dealing with deflate may be the cause.

If the above rename restores access then may try changing:

Code:

<IfModule mod_deflate.c>
  <FilesMatch "(?i)\.(js|css)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

To:

Code:

# <IfModule mod_deflate.c>
#   <FilesMatch "(?i)\.(js|css)$">
#    SetOutputFilter DEFLATE
#   </FilesMatch>
# </IfModule>

By adding a hash tag followed by a space before each of those lines.

[Angiex1]

I have access to the admin panel, there was a 403 error but clearing cache sorted that.

Going to that link brings up a 403 error, also there is no login css in that file in filemanager either

[Angiex1]

Sorry it is there