harrisorganic Posted December 26, 2015 Share Posted December 26, 2015 Hi Brian, Merry Christmas.I started on reducing the security issues that came up on CC6 security plugin. I made some changes to php.ini and includes/global.inc..php and found that I could not log in as admin any more.So I "undid all the changes" and am still unable to login as admin. see https://tinyurl.com/gru44qq for more infoDuring that period of time I also found that the category bar gives an unusual url where as mousing over an item on the front page gives the correct url.eg. https://www.harrisorganicwine.com.au/shop/ Hover over the word category sparkling gives https://www.m.harrisorganicwine.com.au/shop/sparkling.html where there should be no "m."When I reversed the changes to php.ini (in the root directory) the above went away, but now it is back again. I emptied cache and checked the php.ini file again to find it was without changes.todays error log shows:[Fri Dec 25 17:13:17 2015] CURRENT SERVER TIMEMAIN error_log:[Fri Dec 25 17:13:02 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] Failed loading /usr/lib64/php/modules/ioncube_loader_lin.so: /usr/lib64/php/modules/ioncube_loader_lin.so: undefined symbol: execute[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] Zend Optimizer requires Zend Engine API version 220060519.[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] The Zend Engine API version 220131226 which is installed, is newer.[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Optimizer.Any suggestions please?regards Duncan Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 26, 2015 Share Posted December 26, 2015 Well, the "Sparkling" link does not have an unwanted 'm' anymore, so if the problem was an inadvertent creating of the "Category Tree" when the domain name happened to have been misspelled, that cached file has been replaced.It seems that the server does not have ionCube installed/enabled -- CubeCart does not need it anymore (but many plugins still do!).So, if your plugins (not the Foundation skin and not the AIOS module -- must be something else) need ionCube, please get that PHP extension re-enabled. And make sure the ionCube Loader is the appropriately matched version for the version of PHP you are running. (Then there may still be issues with the encoded plugin file that may be encoded for a specific version of the Loader.)So, by not being able to log in, do you even get the login page? Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 26, 2015 Author Share Posted December 26, 2015 (edited) Hi Brian,When I type in /shop/admin/ I get a system 404 errorThe requested URL /shop/admin/ was not found on this server.If I use /shop/admin.php I get my 404 error page.re ioncube, I cant remember uploading any new plugins recently for this to happen. However I checked the php config. on host and found ioncube turned on and using PHP 5.4 (FastCGI) was PHP 5.4 (Single php.ini) but seems to make no difference.Additional extensions available for InstallationHttpMagick Wand XX turned onMail ParseOAuthOCI8Upload ProgressIonCube XX turned onSourceGuardian Edited December 26, 2015 by harrisorganic more info Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted December 26, 2015 Share Posted December 26, 2015 I tried your link in your original post, but FireFox says it is not configured correctly and blocked opening it. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 26, 2015 Author Share Posted December 26, 2015 Hi DBhttps://www.harrisorganicwine.com.au/shop/admin this link does not work for me in chrome Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted December 26, 2015 Share Posted December 26, 2015 Nor for me in FF. It was your sparkling.html link that I had tried and FF balked at. So sorry you're having so much trouble. I sure wish I knew enough to be of help. Would it be possible for you to install a clean test 6.0.8 to see what happens? Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 26, 2015 Share Posted December 26, 2015 The subfolder /shop/ is present. The storefront works.The URI /shop/admin/index.php will show a good copy of a standard nondescript 404 message if there does not exist the file /shop/admin.php. (The index.php in the (possibly renamed) /admin/ folder is currently coded to not respect $glob['adminFile'] in globals.inc.php.)Note: the file at /shop/admin/index.php sends what looks like a 404 response, and in that content is the name of the requested URI -- which is NOT what was not found! What was not found was /shop/admin.php, but the message says /shop/admin/index.php was not found.Then, just requesting /shop/admin.php where admin is possibly renamed has the 404 document you have created and the web server is delivering because the (possibly renamed) admin.php does not in fact exist. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 27, 2015 Author Share Posted December 27, 2015 (edited) Hi Brian,I took your last paragraph first: "Then, just requesting /shop/admin.php where admin is possibly renamed has the 404 document you have created and the web server is delivering because the (possibly renamed) admin.php does not in fact exist."Yes I forgot to change admin****.php name back to admin.php. So once I had made the change, I thought that may be the last piece of the jig saw. NO.I now get a 403 Forbidden error.with https://www.harrisorganicwine.com.au/shop/admin/index.php which changes to https://www.harrisorganicwine.com.au/shop/admin.php Brian - Changed urlregards Duncan Edited December 27, 2015 by harrisorganic Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 27, 2015 Share Posted December 27, 2015 "() which changes to ()"I don't see a difference between the two URLs. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 27, 2015 Author Share Posted December 27, 2015 You are right, I just edited the above to give the correct change. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 27, 2015 Share Posted December 27, 2015 When I ask for /shop/admin/index.php, I get 301 Bounced to /shop/admin.php. So, /shop/admin/index.php is doing its job.But then, I get a 403 Forbidden. I do not recall CubeCart issuing a 403 Forbidden under any circumstance.This may be a PHP error (please check for include_file() errors).Please check for CHMOD permissions on /shop/admin.php. Each time I ask for /shop/admin.php, I get a new Cookie::expires value.Request: Sun, 27 Dec 2015 03:21:32 GMT; Expires: Sun, 03-Jan-2016 03:21:32 GMT;Request: Sun, 27 Dec 2015 03:29:53 GMT; Expires: Sun, 03-Jan-2016 03:29:53 GMT;Request: Sun, 27 Dec 2015 03:31:29 GMT; Expires: Sun, 03-Jan-2016 03:31:29 GMT;So, I think CubeCart is executing some part of itself, enough to send the headers with an updated cookie. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 27, 2015 Author Share Posted December 27, 2015 Firstly the CHMOD permissions are 644 for the file /shop/admin.php.php errors in ? here are some Error Logs[Sat Dec 26 20:47:53 2015] CURRENT SERVER TIMEMAIN error_log:[Sat Dec 26 20:47:01 2015] [error] [client 74.220.215.221] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Optimizer.[Sat Dec 26 20:47:01 2015] [error] [client 74.220.215.221] [Sat Dec 26 20:47:01 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php[Sat Dec 26 20:47:02 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] Zend Guard Loader requires Zend Engine API version 220100525.[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] The Zend Engine API version 220131226 which is installed, is newer.[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Guard Loader.[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] [Sat Dec 26 20:47:07 2015] [error] [client 208.115.111.69] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.[Sat Dec 26 20:47:07 2015] [error] [client 208.115.111.69] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.[Sat Dec 26 20:47:07 2015] [notice] [client 80.82.70.106] mod_rbl: 80.82.70.106 is listed in RBL. Have included admin.php admin.php Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 27, 2015 Share Posted December 27, 2015 Nothing is wrong with /shop/admin.php.The above is the web server error log. None of those IP addresses are me.We need to find the PHP error log. I'm also thinking there is more work to do so sort out the Zend Guard/Optimizer. And, the error log does not say if the error is coming from /shop/index.php, or /index.php (your main site). Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 27, 2015 Author Share Posted December 27, 2015 Brian,I found these in the /shop/error_log [22-Dec-2015 21:44:42 Australia/Perth] PHP Warning: curl_exec() has been disabled for security reasons in /home1/maketext/public_html/harrisorganicwine/shop/classes/request.class.php on line 251[24-Dec-2015 11:21:14 Australia/Perth] PHP Warning: Invalid argument supplied for foreach() in /home1/maketext/public_html/harrisorganicwine/shop/modules/shipping/Postage/shipping.class.php on line 46noting these is nothing today.in shop/admin/ the last error_log was last made on 5th December 2013.Back soon. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 27, 2015 Share Posted December 27, 2015 Interesting about the curl_exec() message. The Request class checks for function_exists('curl_init'), and will not use curl if this function does not exist. But, the curl functions do exist, and checking function_exists() will return true, regardless that the function is disabled.The Request class has an alternate method of getting data. So, perhaps a better test is needed to determine if curl can be used. in the meantime, we can force the Request class to use the alternate transport mechanism./classes/request.class.php, near line 61: ## Is cURL available? $this->_curl = (function_exists('curl_init')) ? curl_init() : false; Change to: ## Is cURL available? $this->_curl = false; // (function_exists('curl_init')) ? curl_init() : false; This is a pain in the butt for any site being hosted on a shared server. I am curious. This site has been up and running for some months, yes? What has changed with your hosting provider? Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 27, 2015 Author Share Posted December 27, 2015 (edited) What has changed with your hosting provider? Nothing that I can think off, have used this server for over 2 years. There was an issue with the SSL certificate some months ago. I did not renew it in the required time. I have a dedicated IP address for SSL, which is 173.254.45.80Meanwhile the changes above have not changed the /admin.phpThe main error log has changed[Sun Dec 27 00:08:01 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] Zend Guard Loader requires Zend Engine API version 220100525., referer: http://www.ambassador-baptist.org/category/media/videos/[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] The Zend Engine API version 220131226 which is installed, is newer., referer: http://www.ambassador-baptist.org/category/media/videos/[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Guard Loader., referer: http://www.ambassador-baptist.org/category/media/videos/[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] , referer: http://www.ambassador-baptist.org/category/media/videos/[Sun Dec 27 00:08:08 2015] [error] [client 77.75.76.171] Failed loading /usr/php/54/usr/lib64/php/modules/ZendGuardLoader.so: /usr/php/54/usr/lib64/php/modules/ZendGuardLoader.so: undefined symbol: zend_new_interned_stringI have looked for more info on Zend and cannot find any info regarding php setupbut in the php.ini file I seezend_loader.disable_licensing=0extension=magickwand.sozend_extension=/usr/php/54/usr/lib64/php/modules/ioncube_loader_lin.sozend_extension=/usr/php/54/usr/lib64/php/modules/ZendGuardLoader.soI contacted the hosting company and they provided the code for zend optimiser which is:zend_extension=/usr/php/54/usr/lib64/php/modules/ZendGuardOptimizer.so I added this to php.ini with no difference to login to adminIn error logs I found many days of this:PHP error_log:/home1/maketext/public_html/error_log: [26-Dec-2015 15:30:26 America/Denver] PHP Fatal error: require(): Failed opening required '/home1/maketext/public_html/wp-includes/load.php' (include_path='.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear') in /home1/maketext/public_html/wp-settings.php on line 21I installed wp in November but did not use it on this site, I use it on another site on this serverHope that sheds some light. Edited December 28, 2015 by harrisorganic More info Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 28, 2015 Author Share Posted December 28, 2015 AND here are some more:/home1/maketext/public_html/admin/error_log: [28-Nov-2015 08:35:19 America/Denver] PHP Notice: Undefined index: logout in /home1/maketext/public_html/admin/index.php on line 11 [28-Nov-2015 08:35:19 America/Denver] PHP Notice: Undefined index: db_name in /home1/maketext/public_html/admin/index.php on line 79 Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 28, 2015 Share Posted December 28, 2015 Undefined index: logout in /home1/maketext/public_html/admin/index.phpAll of this does not include the part of the URL where CubeCart is supposedly located: /shop/.Please look in the file /shop/includes/global.inc.php and determine if there are $glob elements that specify where CubeCart is installed. Such as: $glob['storeURL'] $glob['standard_url'] $glob['ssl_url'] $glob['cookie_domain'] $glob['rootRel']If any of the above exist in globals.inc.php, delete them. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 28, 2015 Author Share Posted December 28, 2015 (edited) Thats true Brian, and I do not know why there is an admin folder under /home1/maketext/public_html/ anywayHere is the current globals.inc.php, without any of the above<?php$glob['adminFile'] = 'admin.php';$glob['adminFolder'] = 'admin';$glob['dbdatabase'] = 'mart1';$glob['dbhost'] = 'localhost';$glob['dbpassword'] = '0i0';$glob['dbprefix'] = '';$glob['dbusername'] = 'ma1';$glob['encoder'] = 'ioncube';$glob['installed'] = '1';?> Edited December 28, 2015 by harrisorganic remove private data Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 28, 2015 Share Posted December 28, 2015 Ok. Now remove all that private data from the above post. I also notice this: [28-Nov-2015 08:35:19 America/Denver]The time may be correct for Perth, but not for Denver. Please make an experiment (not that I expect this to fix anything) by setting the store's timezone (admin, Store Settings) to your timezone. "I do not know why there is an admin folder under /home1/maketext/public_html/ anyway."We should really find out what that folder belongs to. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 28, 2015 Author Share Posted December 28, 2015 (edited) I think the server is in USA, probably Denver. I am pretty sure( from memory) the stores time zone is set for perth. However there is an issue with logging in as the 403 Forbidden raises its head with shop/admin.re home1/maketext/public_html/ admin I will change the name from admin to administ and see what happens. with the result of No change to shop and no change re login to admin. Edited December 28, 2015 by harrisorganic Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 28, 2015 Author Share Posted December 28, 2015 I am wondering if this is my issue as I was playing with the security plugin at the time? https://forums.cubecart.com/topic/50237-resolved-403-forbidden-admin/ Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 28, 2015 Share Posted December 28, 2015 Locking yourself out via the Security Plugin would certainly do it - as I understand its capabilities. But, I would have hoped there would have been a more nuanced explanation for the 403 Forbidden if it came from that plugin. Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted December 28, 2015 Author Share Posted December 28, 2015 The question on my mind is how to get to the security plugin without the use of admin page? I have a Dedicated IP and that number I entered in the security plugin. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 28, 2015 Share Posted December 28, 2015 Using an external utility, such as phpMyAdmin, access your database directly.Find a table named Cubecart_ccss_ip_addresses.The Security Suite will cause a 403 header to be sent (and die() PHP) if the IP address currently accessing the site (probably in both admin and storefront) is in this table with a 'trusted' value of "0".The Security Suite will also cause a 403 header to be sent (and die() PHP) if the module is set to allow only trusted IP addresses, and the IP address currently accessing the site (probably in admin only) is in this table with a 'trusted' value of "1".You can try manually adding to this table. www.whatismyip.comThe setting, "Only allow trusted IP addresses" (checked or not checked), is probably in the database table Cubecart_config, the row where 'name' is "ccss". The 'array" column holds the module's settings. The value in this column is base_64 encoded. phpMyAdmin has some sort of method to decode, edit, and recode such values. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.