Guest Posted May 12, 2017 Share Posted May 12, 2017 Hi, For some reason I cannot login to the admin panel. I am receiving the following error code. Cannot login to the cube-cart admin panel Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used. I have tried suggestions via a google search such as manually clearing the cache from the cache folder/ database etc I have tried different browsers, different computer. It was working fine however doesn't let me login at all now. Please see attached. Can anyone help? Thanks Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 Click the padlock icon or make sure the protocol in the browser window is https and not http and it will be fine. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 12, 2017 Share Posted May 12, 2017 8 minutes ago, Al Brookbanks said: Click the padlock icon or make sure the protocol in the browser window is https and not http and it will be fine. Thanks for the quick reply. I have tried with and without https and still no luck. Its very strange because it was working fine. I have cleared the Cubecart_sessions in the database. Cleared the cache folder in the root directory. However I have just noticed the admin folder had been renamed on the server however I can still access the admin url via the old folder name if that makes sense! Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 Did you upgrade manually or using the auto upgrade tool? There have been issues with the auto upgrade too so please upgrade manually. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 12, 2017 Share Posted May 12, 2017 2 minutes ago, Al Brookbanks said: Did you upgrade manually or using the auto upgrade tool? There have been issues with the auto upgrade too so please upgrade manually. I haven't installed any updates this is a fresh install of cubecart. Thanks Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 Did you install it by downloading it from our website or was it an auto installer from within a hosting environment? Quote Link to comment Share on other sites More sharing options...
Guest Posted May 12, 2017 Share Posted May 12, 2017 Downloaded directly from cube-carts website. I am wondering if somehow clearing the cache has messed something up. I did come across a post by yourself after a Google search suggesting to add the sessions folder and custom file to the root directory however still no luck. Is there any way to disable this so I can at least get into the admin panel for now? Thanks Quote Link to comment Share on other sites More sharing options...
Guest Posted May 12, 2017 Share Posted May 12, 2017 I think I changed the cookie directory within SSL and then this error message came up. Is there any way to manually change the cookie directory via a php file? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 Did you ever login under SSL? If so I think the browser keeps history that the store has SSL only cookies. On those grounds it will refuse to accept standard cookies. I think this may come down to browser security features. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 12, 2017 Share Posted May 12, 2017 This fixed it for me: https://github.com/cubecart/v6/commit/d75faa35edb4d481fc25ae066064a18d23ac7d36 Quote Link to comment Share on other sites More sharing options...
Guest Posted May 12, 2017 Share Posted May 12, 2017 Thankyou I managed to get it working by reinstalling cubecart and then uploading my backup files to the server. Everything seems ok now. However the error still persists not on the admin login but when a sandbox payment is made with Paypal and are redirected back to the site. I have to manually refresh the page for it to show the purchase details! Thanks Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 7, 2017 Share Posted July 7, 2017 (edited) I have the same security error and I cannot add items to basket. I tried changing those code lines and it didn't work. Edited July 7, 2017 by bbtil Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted July 7, 2017 Share Posted July 7, 2017 @hathead1990 The sandbox may be the issue. Can you run a test order through to actual payment, maybe create a penny product? It will cost you a tiny bit, but might give you satisfaction that it is working properly and information if it is not. Quote Link to comment Share on other sites More sharing options...
dan168 Posted July 13, 2017 Share Posted July 13, 2017 This is mean that i cannot to instal Cubecart on localhost? Need compulsary a SSL certificate and HTTPS server? Sorry for the questions, im just new here Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 13, 2017 Share Posted July 13, 2017 @dan168, you can install to localhost. There will be some specific statements added to /includes/global.inc.php (search the forums for localhost). I recommend not using localhost but rather the actual IP 127.0.0.1. Then, if needed, you can create a "self-signed" security certificate and configure your localhost web server to use it. Do an internet search for how to create one of these. Your browser will complain about the certificate being self-signed, but you can then tell your browser to make a permanent exception for this certificate at IP 127.0.0.1. (Disclaimer: I am only up to CC615 at the moment, so I have not had the opportunity to experience any anomalies regarding weird CSRF issues with the latest versions.) Quote Link to comment Share on other sites More sharing options...
YdihwIP Posted July 21, 2017 Share Posted July 21, 2017 (edited) Hi, I read this thread with great intrest, since I've experienced the same problems. Actually I got the CubeCart shop (6.1.8) and its backend running on localhost (PHP-Version: 7.0.21-1~ubuntu16.04.1+deb.sury.org+1, MySQL-Version: 5.7.19-0ubuntu0.16.04.1, Server-Software: Apache/2.4.27 (Ubuntu)) even with Chromium - thanks to bsmither's advice in But I cannot log me in on the production site online. Of course I changed the /includes/global.inc.php accordingly to meet the settings of my provider. I cleared the browser cache, the database cache and the cache folder; tried different browsers. Still I cannot log me in, it always says: "Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used." As I am setting up the CubeCart shop for a customer - and he should be able to log himself in without hassle, obviously - this is an important problem. Is there a known and viable route to escape this trouble? Cheers: Martin Edited July 21, 2017 by YdihwIP Quote Link to comment Share on other sites More sharing options...
keat Posted July 21, 2017 Share Posted July 21, 2017 (edited) did you try connecting via https Edited July 21, 2017 by keat Quote Link to comment Share on other sites More sharing options...
YdihwIP Posted July 25, 2017 Share Posted July 25, 2017 Hi Keat, yes I did. The page runs under https and has a certificate. Maybe I just do another clean install and import the database then. But anyway, I think this is a little bit strange. Cheers: Martin Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted July 25, 2017 Share Posted July 25, 2017 Just now, YdihwIP said: Maybe I just do another clean install and import the database then. Thats not a good idea and could be why you have this problem in the first place. Please only do a fresh install or upgrade an existing store. If you are importing the database from a CSV file via the admin control panel that should be fine. Quote Link to comment Share on other sites More sharing options...
YdihwIP Posted July 26, 2017 Share Posted July 26, 2017 Hi Al, thank you for this information. Maybe this is the pivotal point where I made my mistake. I wanted to install CC locally first because my intention is to write an import plugin for categories and customer data. So after having set up everything fine on my localhost I copied the files via FTP and then loaded the local mysql_dump via phpMyAdmin into the remote database. Then I checked the global.inc.php and the .htaccess file. As I can obviously reach the page I was almost startled that I could not log in - after all everything went fine locally. I will give your advice a try - and post the result then. Cheers: Martin Quote Link to comment Share on other sites More sharing options...
YdihwIP Posted July 27, 2017 Share Posted July 27, 2017 Hi cubecarters ;-) right, I resolved the thing by a simple cut. I made a completely fresh installation on the production website. Opened local and remote admin panel in two browser windows an copied the data manually. Everything is fine, I can even login with Chrome without any troubles now. So there must have been something I missed, ignored or ruined when I copied my local version via FTP. Anyway, it's up and running. Thank you for your support and your hints. Cheers: Martin Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.