mrfackler Posted June 2, 2017 Share Posted June 2, 2017 I've gone through the forums looking for a solution but no luck, so here goes a post. Running 6.1.7 and only using Paypal for payments customers complaining that orders don't go through and they are seeing the CRSF message. Have seen other reports of this but the solutions didn't help me. Appeared fixed in 6.1.8 so here is the upgrade steps I took. I started a manual upgrade and a full backup of data and files. Deleted files in cache/skins Overwrote directory files with zip file contents Browse to /setup and start upgrade process which completes without issue Change directory name of admin_ to match admin_xxx.php script Update includes/global.inc.php to reflect the random admin script/dir naming From here, attempting to log in to the admin immediately redirects to the store home page with the Invalid user/pass error message. As mentioned throughout the forum, I enabled the error logging mechanism but it didn't really yield anything of interest. I've had to temporarily roll back to the old version. Any help appreciated. thanks! Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted June 3, 2017 Share Posted June 3, 2017 Welcome to the forums@mrfackler. Please check to be sure the admin_xxx.php and the admin_xxx folder both match what is in global.inc.php. I know I can't save changes to the global includes file unless I change permission, make the change, and then reset the permission. Quote Link to comment Share on other sites More sharing options...
mrfackler Posted June 3, 2017 Author Share Posted June 3, 2017 I think I'm getting closer. The admin login form has a hidden tag for redirect that is pointing to the root url rather than the admin path. On the working installation the hidden tag looks like <input type="hidden" name="redir" value="https://testing.snizzlebizzle.com/admin_xxx.php?_g=login"> and the upgraded version is... <input type="hidden" name="redir" value="https://testing.snizzlebizzle.com?_g=login"> I presume it's redirecting as a result. 12 hours ago, Dirty Butter said: Welcome to the forums@mrfackler. Please check to be sure the admin_xxx.php and the admin_xxx folder both match what is in global.inc.php. I know I can't save changes to the global includes file unless I change permission, make the change, and then reset the permission. Dirty Butter: Yes, the files are uniformly named and permissions are correct. Quote Link to comment Share on other sites More sharing options...
mrfackler Posted June 3, 2017 Author Share Posted June 3, 2017 Ok. I found the issue. I've been using NGINX and the problem is that $_SERVER['PHP_SELF'] is not available in the fastcgi / php / nginx set up by default. I had read that it was a security issue to enable `cgi.fix_pathinfo = 1` here https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04 but then contradicting statements here https://stackoverflow.com/questions/23390531/access-denied-403-for-php-files-with-nginx-php-fpm https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ The solution was to change cgi.fix_pathinfo from 0 back to 1 and then add lines to the nginx conf for the virtualhost. http://kbeezie.com/php-self-path-nginx/ and https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/ Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted June 3, 2017 Share Posted June 3, 2017 Glad you found it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.