Jump to content

Unable to add new product options or attributes since upgrade to 5.2.1

Recommended Posts

Welcome ClaireRiley! Glad to see you made it to the forums.


Please let us know what version of CubeCart you upgraded from.


This standard reply may or may not apply to you. Let us know if it does not:


I believe that when an admin is taken to the Dashboard for no apparent reason, it is because the security token is not what CubeCart is expecting.

To verify, enable debugging (Store Settings, Advanced, Enable Debugging (enter your IP address so that only you see the debug results: www.whatismyip.com).

When this happens, look at the PHP section. It may say something like "Security Token Incorrect".

CC5 has implemented this security token (I don't know why exactly) and there is a new token supplied for every admin form (multiple tabs are still within the same form). The problem occurs when the admin presses the browser's back button, or opens more than one browser window/tab to the same or another admin screen. Only the latest security token generated for your session is valid.

If you need to be viewing more than one admin screen, use a different browser. Or a browser with an add-on that gives you the ability to simulate multiple sessions.

Link to comment
Share on other sites

"The problem typically occurs when the admin presses the browser's back button, or opens more than one browser window/tab to the same or another admin screen."


Do you recall doing either of the above?


Is the Invalid Token error listed for clicking Save on a wide variety of admin screens?

Link to comment
Share on other sites

I've closed everything down and rebooted the computer and I'm still getting the same problem.  It only seems to be happening with the various product option screens.


I've also got an error 'Please delete the setup folder from your store directory. your store may be at risk until you do'


I don't know how to find this setup folder to amke the changes.  It's probably unrelated to the original problem though.

[Warning] /home/claire/public_html/store/classes/sanitize.class.php:123 - Invalid Security Token


This is what it says....

Link to comment
Share on other sites

If you still have debugging enabled, in the grey debug section, there is the current security token listed:


'__system' =>

'token' => 'c2e272d55312a8689db1b4192b717829'


(Yours will be different.) Please have your browser show you the HTML source of the page that is being displayed.

Find the form input for the token. Here are several statements that should make it easy to find:

<input type="hidden" name="token" value="c2e272d55312a8689db1b4192b717829" />
<div style="display: none" id="val_admin_folder">admin</div>
<div style="display: none" id="val_admin_file">admin.php</div>
<!-- Include JavaScript last - YSlow! rates it better this way -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.7/jquery-ui.min.js"></script>

Do the codes match?


Please try this (I have little hope, but it is something that can be tried):


At the bottom of the section, there is a link to Clear Cache. Click on that.


Try your edits.

Link to comment
Share on other sites

My experiments with CC5211 co-existing with CC5210* have initially shown problems related to invalid security tokens (not being able to log in, defaulting to the Dashboard) to be a combination of cookies and subdomains. CC5210 added and uses a new setting, cookie-domain, and if you were logged in to admin at the time you upgraded CubeCart (does not matter what version), you will need to try this sequence of steps:

1. Have your browser go to this address: http://www.mystore.com/admin.php?_g=logout

2. Using your browser's cookie controls, delete all cookies that point to your domain: mystore.com including any and all subdomains such as www


If you can get into your admin, go to Store Settings, SSL tab, and set the cookie domain to .mystore.com


* Co-exists, but there are conflicts caused by sharing the database.

Link to comment
Share on other sites

Create a file named fixssl.php and have the following as its contents:

| cc5_fix_ssl.php
| =======================
| Switch Off SSL Tool
define('CC_ROOT_DIR', realpath(dirname(__FILE__)));
// Initialise Database class, and fetch configuration
$GLOBALS['db'] = Database::getInstance($glob);
// Initialise Config class
$GLOBALS['config'] = Config::getInstance(array());
//We will not need this anymore

FTP this file to the root folder of your store. Call for it in your browser. There will be no response at all. Try to log in.

You can remove the file.


I hope you did not take "set the cookie domain to .mystore.com" literally. Rather replace mystore with your own domain name.

Link to comment
Share on other sites

Probably the simplest way is to log in to your hosting account control panel. In there, will be a set of utilities: phpMyAdmin, FTP, Text Editor, etc.


Use the FTP utility to transfer the file to the CubeCart folder.


You said you used your store's domain name for the cookie_path. In my experiments, that solved everything.

Link to comment
Share on other sites

Logged another support ticket but not getting any where.  They say it is not cubecart and that it is the web server, but it only happened after I did the upgrade.  The host has not made any changes at all.  At a loss of what to try next.  What do I need to do to go back a version? Or is it possible to reinstall everything without have to re enter the 300 products?

Link to comment
Share on other sites

Might not help but have you tried it in a different browser? If you arent on the latest version maybe try updating to that. I had problems with 5.2.11 but 5.2.12 seems OK. If you are on the latest version maybe try a forced update in admin.

Link to comment
Share on other sites

"What do I need to do to go back a version?"


Download whatever version you think you need at:



Then just overwrite all the files. Any file/folder that has custom data in it (cache, globals.inc.php, images, etc) will not be disturbed. Except .htaccess - if you have a custom .htacess, be prepared to replace that.


CC529 removed the one-stop sign-in called OpenId, so if you install CC528 or a previous version, you might get errors about a missing database table.


Everything in the database will be safe. Do not run the setup.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...