Jump to content

Customer info update problems; passwords and billing addresses


SimChris

Recommended Posts

Hi, folks...

since the 5x upgrade from 4x, most things have gone smoothly - however we've run into about 5 customer complaints (which is a big problem, obviously), and both appear related to existing customers trying to update their data in some way to get in and do business with us; and since our business is very time sensitive information dissemination, we often need to turn around projects same day; and being unable to allow a customer to order a service, may turn away a bunch of business. Or, put another way, I have 5 customer problems that I know of, and may have other abandons based on inability to "get in."

FIRST:

password reset

I've had three customers so far unable to reset their password, or perhaps login once they've reset their password.

Situation #1:

two clients tried to login in by guessing their passwords couple of times, unable to; then went to recover password, sent email with the code, click link to form, code there, put in email, change password; then get error saying either "invalid account" or similar. Locked out for attempting access? How long is lock out and shouldn't password reset remove lock so they can now get in?

After clearing the error logs/cache, I was able to for one client use the link in the email they sent me, reset their password for them; login as them to check it worked, and then they could do so. For client 2 I simply went into the admin panel to their account, and reset it from the admin panel under customer list, search, edit icon, change, save. Neither client was able to reset their own password, using their correct email, new password, and the code from the email they got - both got some kind of 'invalid account' red error band on the reset page.

Situation #2:

yesterday, client tried to change their password, and was unable to; I used their email, went to the reset page with proper code populated, put in their valid email, new password; also got invalid account error message. I went into their account from admin, reset, worked.

Write permissions issue on store trying to update datafield for the passwords from the form, or ??? I'm waiting for login to bug tracker to see if this is reported issue, but unknown to me at this point. BIG problem. Old system was simpler in that it just resent the user a new password: DONE. This is causing customers to have to work to reset password, then it doesn't let them do so.

SECOND:

on a similar note; client today tried to change their billing info; they would go in and change address book, click SAVE, then it would take them back to main screen. If they then went to cart to checkout, it would ask them to enter a billing address, and say it was required after already being entered. I went into the admin panel and clicked the save as default button and then it worked for client. I was unable to replicate with my own pre existing test account ... however, in my test account after updating my billing, I did see this error across bottom of screen when preparing to checkout, on

screen: https://www.mysite.xyz/ecom/index.php?_a=gateway

Fatal error: Call to a member function update() on a non-object in /var/www/vhosts/mysite.xyz/httpdocs/ecom/classes/cart.class.php on line 934

In all cases there seems to be some issue in updating old, existing customer records, then allowing client to move forward to either login or checkout. Obviously, both are major problems for us at this time.

I will try to replicate using screen recorder, unless either or both are known issues.

For the address update it looks like the bug happens if client doesn't check the "make default" box, and I will see if I can put some kind of note on there for that screen when client on it. However, the second fatal error message shows something is going on, as I updated my own old test account, checked default but still generated a member function update error.

Link to comment
Share on other sites

https://forums.cubecart.com/uploads/monthly_08_2012/post-110915-0-09099100-1343928772.jpgOkay... was able to replicate this:

while logged in, already had a billing address in system.

1) on cart view page, I clicked 'update address'

2) added new billing address, checked 'billing address' box, but not 'default delivery'

3) clicked save, got "saved message"

4) clicked view cart box on right side of layout ('view cart')

5) DOES NOT SHOW CART == screen gives red errror:

The following errors were detected:

  • A billing address is required before you can proceed.

and shows the address screen again with blank address boxes except for name/address

URL is /ecom/index.php?_a=addressbook&action=add&redir=confirm

appears UNLESS "default delivery" is checked, it won't go past this screen to complete checkout once a new billing address has been entered.

Link to comment
Share on other sites

I wonder if it's a bug due to allowing folks to create 2 "billing addresses" but they are named the same.

Shouldn't the dbase increment a record with an ID 'billing address" to "billing address 2" or something similar?

Anyway... these are 2 issues we need to get sorted with next update!

THANKS ALL.

also, fyi

CubeCart Version 5.1.1 PHP Version 5.2.17 MySQL Version 50095 Image folder size 310.8 KB Download folder size 0 Bytes Max. Upload filesize 10M Browser user-agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Server Software Apache

Link to comment
Share on other sites

The difficulties here seem to point to a thorn that's been in my craw for a long time. I've (diplomatically) complained bitterly about it, but I have not seen a satisfactory solution as yet.

There was a point in the versioning of MySQL that STRICT_MODE is enabled by default. STRICT_MODE will cause problems.

The FYI info was needed, thanks for that, but also let us know if CC5 is installed on a dedicated/shared server (and with who might help). Beg for access to any error log files generated by your site. Please let us know how experienced you are at editing PHP code and configuring MySQL databases.

This is probably the bug you are experiencing:

http://bugs.cubecart...view.php?id=213

I didn't fix my copy of CC5 as there are two approaches and I don't know which one is the more involved.

1. Change the column types to Boolean

2. Change all the code to read and send "0" and "1" instead of false and true.

Link to comment
Share on other sites

I have a had a persistent customer registration issue which has caused quite a few abandoned carts which looks to be related.

here is a screen shot of the issue. customer has to re-submit details which will sometimes stick eventually.

It would be great to get a solution. CC support were unable to help with this one previously.

Link to comment
Share on other sites

I've had these problems since day one of using v5. I know it has to do with the database but I am not good enough with coding to fix it. I just go in and delete the address, and change the email so that I don't lose the order, yet it is no longer tied to the custommer. This allows the customer to reorder. I'm ONLY having these issues with customers who registered before I upgraded to v5.

The last time I emailed Al about it no one could find what was wrong either and it isn't one that I can get to reproduce consistently.

Link to comment
Share on other sites

The difficulties here seem to point to a thorn that's been in my craw for a long time. I've (diplomatically) complained bitterly about it, but I have not seen a satisfactory solution as yet.

There was a point in the versioning of MySQL that STRICT_MODE is enabled by default. STRICT_MODE will cause problems.

The FYI info was needed, thanks for that, but also let us know if CC5 is installed on a dedicated/shared server (and with who might help). Beg for access to any error log files generated by your site. Please let us know how experienced you are at editing PHP code and configuring MySQL databases.

Hi,

still waiting since yesterday for login to the bugtrac; so link to bug reports is useless for those without a login, obviously.

We have dedicated Linux RHES5, Plesk10.4.4/40 fully PCIDSS certified; 12GB RAM, Xeon multicore, 10,000GB Bandwidth; all current patches, including ioncube, et al.

I've been editing cgi/html by hand since 1994; used to run a hosting company, did Oprah Winfrey's first ecom solution for her "Begin with Love" video series. Currently hacking the skins to put in help info for clients for usability, help info, et al.

(Our server is with SoftLayer in Dallas, not that it matters; and we have monthly security/system upgrade check by their team; and then daily tech support contract with TTS/Total Server Solutions.) So... "advanced" user likely applies.

mysql 5.0.95-1.el5_7.1

php 5.2.17-1.el5.art

We're running about 100 MySQL dbase sites with no issues, except on this stuff with the updating of user data. And, the bug for having to check "default shipping" address if more than one billing address entered in address book, or it won't "commit" billing info to the checkout page. Using IE9 reveals the php error across bottom of screen as noted.

Of course, since we paid to have the upgrade done, you would have expected the dbase to have been properly enabled. But, hey, you know what assuming getsya. ;-)

I have not yet checked error log, as often these came up with a "help customer on phone to sort out if user error or store bug while trying to keep sale and customer," as we're in a high deadline service business for information dissemination and management. Since I could reproduce the bug without any mods to the core files, no plugins installed, I thought I would post the above info while I had it an fresh in my brain, since the issues can be replicated - and up to six customer complaints so far, with potential walk-aways I don't know about.

Will be running some tests, and then checking error log once I get a breather.

Since strict mode has been around for, what, six years, that doesn't seem like it should impact a mature new product written for mysql 5x; generally strict mode only impacts old apps written for mysql 4. Generally it should be "on" for security purposes.

Still waiting to get into bugtrac, so hopefully I can see something there.

Yes, I can use phpmyadmin without my head exploding; however being able to edit something without knowing what to edit is a bit irrelevant at this stage, obviously.

All feedback appreciated! :-)

Link to comment
Share on other sites

And, obviously I don't want to hack anything which would cause 5.1.2 upgrade to fail. Trying to avoid doing anything major until that version with current known bugs comes in.

Right now only messing with one skin, common style sheet, and we renamed the admin file to pass PCI-DSS compliance; but now oddly we can't see list of images on upload when on the product page. No image list shown on edit product item; but can upload image to the product, but no list of images shown per product, which was there prior to renaming the admin file. So, probably a reference someplace for an iframe or something looking for original name to show list of images on the product pages (bug?).

We're going to have to implement a 'quick order' page with one click checkout of popular service packages via our Authorize.net connection as emergency backup to keep client walk-aways due to the password reset problem. However, I was able to edit the skin page for the address book template to put in a note about "you must check the default shipping address with your main billing address or it will generate 'must have billing address' error on going to view cart" ... as long as the client checks the box on address edit, or new client setup, it works. Loop of doom if they don't check the "default" box. Atl least the instructions info box I added will help solve that usability issue for now.

Link to comment
Share on other sites

e.g. (client IP and actual domain obfuscated)

[Tue Jul 31 22:44:52 2012] [error] [client XXXXX] PHP Fatal error: Call to a member function update() on a non-object in /var/www/vhosts/MYDOM/httpdocs/ecom/classes/cart.class.php on line 934, referer: https://www.MYDOM/ecom/index.php?_a=gateway

[Wed Aug 01 01:51:18 2012] [error] [client XXXXXXXXX] PHP Fatal error: Call to a member function read() on a non-object in /var/www/vhosts/MYDOMAIN/httpdocs/ecom/classes/seo.class.php on line 711

[Wed Aug 01 02:03:08 2012] [error] [client XXXXXXXXX] PHP Fatal error: Call to a member function read() on a non-object in /var/www/vhosts/MYDOMAIN/httpdocs/ecom/classes/seo.class.php on line 711

[Wed Aug 01 02:48:51 2012] [error] [client XXX] PHP Warning: Security Warning: Dirty array key "$Version" detected and was removed. in /var/www/vhosts/MYDOM/httpdocs/ecom/classes/sanitize.class.php on line 104

[Wed Aug 01 02:48:51 2012] [error] [client XXX] PHP Warning: Security Warning: Dirty array key "$Path" detected and was removed. in /var/www/vhosts/MYDOM/httpdocs/ecom/classes/sanitize.class.php on line 104

[Wed Aug 01 02:48:51 2012] [error] [client XXX] PHP Warning: Security Warning: Dirty array key "$Version" detected and was removed. in /var/www/vhosts/MYDOM/httpdocs/ecom/classes/sanitize.class.php on line 104

[Wed Aug 01 02:48:51 2012] [error] [client XXX] PHP Warning: Security Warning: Dirty array key "$Path" detected and was removed. in /var/www/vhosts/MYDOM/httpdocs/ecom/classes/sanitize.class.php on line 104

need to get updated error log, this was from couple days back, obviously ...

Link to comment
Share on other sites

I found a potential problem that may be causing the Fatal Error: Call to a member function update() on a non-object in /classes/cart.class.php on line 934. I submitted a bug report.

The issue involves when PHP is shutting down. PHP calls all registered shutdown functions and __destruct methods for all the classes it knows about. The problem comes into play when one of the __destruct methods calls an internal private method, which in turn, calls a method in a different class. This other class may have already gone away.

As for the other messages, I can't find a sequence of events that would cause PHP to throw an error about a non-existent Cache->read() being called from the SEO class. And I would like to see httpd access logs that show the query string that the Sanitize class is choking on. Can you troubleshoot the .htaccess file you may have?

Link to comment
Share on other sites

You said, "...and we renamed the admin file to pass PCI-DSS compliance."

In the file includes/global.inc.php, there is an array where the adminFile and adminFolder can be user specified. Be sure these match with the actual name of the file and folder.

Even so, there are four instances of a hard-coded 'admin.php' in the core files, seven instances in javascript files, and two instances in files involved in setup or upgrade that may or may not make a difference. A bug report has been made.

Please decide if having the admin folder and file be named as standard vs your PCI-DSS compliance until CC512 comes out.

Link to comment
Share on other sites

Hi, all

bsmither: we changed the admin file name and ini file per the help from CC support. Will change back once I get the all clear on our latest PCI-DSS compliance scan. SO, that should fix those little gotchas like the image stuff not showing, etc., which worked perfectly prior to the name switch. Yes, it was changed in the global file also (otherwise it would really have crashed!) ;-) Thanks for the double check on that.

I think the SEO error in the log, I think that was from one of two things, the pci-dss scanner throwing long strings at the system to see if it could be gained from injections, etc. (my shop error log showed about 85 hideous string array hack attempts); and also with the store update some of our 3 year old page URLs changed, due to the new (BETTER!) seo structure for "pretty URLs" vs the old method - or put another way, the new seo URLs are slightly different from our old SEO URLs generated by the store. I had to change some of the on-page links, or in-description links to things like t the terms of service, how-to-order page, etc. - so a combination of those two things were - I think- generating 404 errors, technically. Since the store doesn't support a 404 redirect (ahem) for missing pages, the shop defaults back to our site wide 404 to go back to main front page of site outside of the store. I need to do some 301 redirects in the htaccess for the old URLs, which ... stupidly I forgot to do until today. (DOH).

So - good reminder there: for those who upgraded and their SEO URLs changed, be sure to do 301 redirects from old URL to new one! :-)

Link to comment
Share on other sites

  • 3 months later...

Hmmm... I do not say that I am an important person, but those of you who already read my few posts here already know that I am fighting with an upgrade from version 4 to version 5.

The "A billing address is required before you can proceed." still exists in v5.1.4 AND in v5.1.5 at least when we speak about an upgrade... :dizzy:

If someone else has been in my shoes and found a way out, I'd greatly appreciate a feedback.

Thank you very much in advance!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...