"There was a security error when trying to login" - v1.3.8

[crisand]

I shall give that a go, thanks. Have to work today but will post when I have tried it to see if it works!

[chuck]

How do I compare the remote files using Winmerge? I am experiencing the same login error problem for returning customers. I get the message"there was a security error when trying to login" when I login as a returning customer. Ever since I uploaded my customised header on the newly installed zencart template "Slovak_Classic" I am facing this login error problem. I would really appreciate if you could help me find a solution to this problem. I am stuck because of this.

I downloaded the software Winmerge after reading the forums, but can't figure out how to view the remote files using winmerge as the browse button opens the folders on my PC only.

Indicana

Whenever I've done a compare, I've always done a full download of all the files from my website using FTP. Then do the compare. This doubles as a backup of all my website files (I can zip them up or burn to a CD etc), which is an even more important upgrade step than comparing! Should also do a database-backup while you're at it. See the FAQs area for backup tips.

[crisand]

I am still getting the above error.
I am not updating as I started with the most recent version.
Customer login was fine and then this error started.
I have done the cross check on the two files mentioned and they have not changed.
Is there anything else you can recommend to fix this problem.

[DrByte]

my customer login was fine one day and not the next.
...
the only thing I did do was the 'Steps in securing your Zen Cart store' , and then customer login stopped working giving me the security error.
I have compared the tpl_time_out & tpl_login_default with an older backup and they look fine, can you suggest somewhere else to look?

I am still getting the above error.
...
Customer login was fine and then this error started.

...

Is there anything else you can recommend to fix this problem.

Maybe you need to undo the changes you said you *did* make, to see what part of those changes is causing the problem for your particular site and server configuration.

[crisand]

Hi,
This is what I changed.
-I renamed my /admin folder
-I set my /includes/configure.php file to 444 and am now not able to change back to 644 without an error message coming up on my site. While it is changed I did try to login as a customer with no luck.
- I had moved my /cache folder but moved it back.
And I honestly haven't done anything else thats why I am so confused, not being a computer buff doesn't help either.
If there is anything else you can recommend it would be very much appreciated.

[DrByte]

Is your cache folder writable?
Did you change any .htaccess files?
What version of PHP is on your server?
What are your settings in Admin->Configuration->Sessions? Have you changed any from the defaults? If so, why?
Who are you hosted with?
What is your URL?
If you set ENABLE_SSL to 'false', does it change anything?

If you install a new copy of Zen Cart in another folder+database, do these same problems happen?

[crisand]

Is your cache folder writable? - I changed this from 777 to 755
Did you change any .htaccess files? - Not that I am aware of, I stay away from anything I don't need to touch.
What version of PHP is on your server? 5.2.5
What are your settings in Admin->Configuration->Sessions? Have you changed any from the defaults? If so, why? - Didn't change anything here unless it said to in the manual.
Who are you hosted with? - MD Web hosting Australia
What is your URL? http://www.thelittleonlinecardshop.com.au
If you set ENABLE_SSL to 'false', does it change anything? It is set to false anyway, so I am not sure about this.

If you install a new copy of Zen Cart in another folder+database, do these same problems happen? _ I have no idea how you mean to do this, sorry.
This is the error on my site when includes/configure.php is changed to 644
Warning: I am able to write to the configuration file: /home/thelittl/public_html/includes/configure.php. This is a potential security risk - please set the right user permissions on this file (read-only, CHMOD 644 or 444 are typical). You may need to use your webhost control panel/file-manager to change the permissions effectively. Contact your webhost for assistance. See this FAQ
Sorry, I am not much help I know.

[Website Rob]

Doesn't seem to be an SSL problem with your site, it is with your Hoster.

From the looks of things, they are providing you with a Shared SSL Cert which expired.

Cert Issued to: www.dividends.net.au
Expired: 10/09/2007

[DrByte]

It has nothing to do with 644 or 444 on your configure.php files.

Whatever is causing it is preventing your visitors from being able to establish a PHP session. You can't even add anything to the cart and have it be remembered. That's a classic problem with sessions.

When did your hosting company upgrade to PHP 5.2.5? Maybe they busted this on you without knowing it.

[crisand]

Thanks to both of you, I have put these points to my hosting co. and await a reply! I thought everything was going so well as well.
Much appreciated.