Jump to content

Recommended Posts

Posted

Check your file structure for your store. There should only be one file named admin_XXX.php and one folder named admin_XXX, Both of those names should match what is in your includes/global.inc.php file. And the admin_XXX file and folder should be at the same directory level the includes folder is in.

Posted

The likelihood is that you tried to do an auto upgrade (rather than doing it manually) and it has not completed correctly - if you have any discrepancies in admin file / directory names or those have changed, then that will be the case

Ian

Posted (edited)

I always do manual upgrades.

I have admin_XXX.php and an admin folder. I just checked the includes/global.inc.php file andchanged the name of admin to admin_XXX, as per the file. It now works fine, thank you :)  Strange that the upgrade didn't do this?

I spoke too soon!

I now get :

Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used.

when attempting to login.

Edited by vidmarc
Posted

If you had to change the name of the admin file and directory then the upgrade wasnt completed correctly - did you upload /admin directory as is (the likelihood is that this is what you did) or upload the contents of the new /admin directory into your already renamed admin_XXXXXX directory.

Check you have 6.1.8 files in the admin directory and if in any doubt, re-upload them

Posted

In php-errors.log:

[21-Jun-2017 15:23:17 UTC] PHP Warning:  Invalid Security Token in

htdocs/classes/sanitize.class.php on line 150

Posted

OK - SSL shouldn't be the issue. Can you tell if your admin_XXX files are dated when you did the 6.1.8 upgrade? Assuming that's not the problem - please clear ALL cache from within CC except your images. Then clear all your browser cache.

Clear your Error_log

Try opening your storeURL/admin_XXX.php.

Report any error messages and what happens. If you get the CRSF message again on the login screen, try logging in anyway (I see that one frequently myself).

Posted

admin: Wed, 21 Jun 2017 15:46

I already tried deleting all the cache files, it still gives the same error. Also cleared browser cache.

Not sure how to clear the error log.

Posted

The error_log is at the root of your store (same level with includes and admin_XXX folders in it). Open it and delete all entries. Then try accessing admin again, even if you see the CSRF notice. Report on error_log entries.

Do you have any other sites at this level of your domain? I run into CSRF issues because of a Wordpress install on the store domain.

Posted (edited)

I re-named the errors log, and the system just created a new file with the same error as above.

No other sites at this domain. The error only begain after the last upgrade.

I am completely unable to access my control panel whilst this error persists.

Edited by vidmarc
Posted

Check these files to see if the 6.1.8 changes were made:

admin_XXX\skins\default\js\admin.js line 72

            "matrix_include" == c ? h.attr("name", "option_add[" + c + "][" + options_added + "]") : "set_enabled" == c ? (h.removeAttr("disabled"), h.attr("checked", "checked"), h.parent().addClass("selected"), h.val(1), 1 == d && (h.parent().addClass("selected"), h.attr("checked", "checked")), h.attr("name", "option_add[" + c + "][" + options_added + "]")) : "default" == c || "negative" == c || "absolute_price" == c ? (h.removeAttr("disabled"), $(l[i]).is(":checked") && (h.parent().addClass("selected"), h.attr("checked", "checked"), $(l[i]).removeAttr("checked").parent().removeClass("selected")), h.attr("name", "option_add[" + c + "][" + options_added + "]")) : (d = parseFloat(d, 10).toFixed(2), $(o).find("." + c).append(d).find("input:first").val(parseFloat(d)).removeAttr("disabled")), $(l[i]).val("")

admin_XXX\skins\default\templates\dashboard.index.php line 133

               <td>{$THEAD_ORDERS.cart_order_id}</td>

admin_XXX\skins\default\templates\settings.admins.php line 67

		  <td><strong>{$section.name}</strong> - {$section.info}</td>

admin_XXX\sources\dashboard.index.inc.php lines 40-53

## Delete admin folder if it exists and shouldn't
if($glob['adminFolder']!=='admin' && file_exists(CC_ROOT_DIR.'/admin')) {
	recursiveDelete(CC_ROOT_DIR.'/admin');
	if(file_exists(CC_ROOT_DIR.'/admin')) {
		$GLOBALS['main']->setACPWarning($lang['dashboard']['delete_admin_folder']);	
	}
}
## Delete admin file if it exists and shouldn't
if($glob['adminFile']!=='admin.php' && file_exists(CC_ROOT_DIR.'/admin.php')) {
	unlink(CC_ROOT_DIR.'/admin.php');
	if(file_exists(CC_ROOT_DIR.'/admin.php')) {
		$GLOBALS['main']->setACPWarning($lang['dashboard']['delete_admin_file']);	
	}
}

 

Posted (edited)

I can confirm that all those files are as you've quoted above.
And I'm still unable to login due to the same error.

Quote

 

Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used.

 

 

Edited by vidmarc
Posted

I can't think of anything else to try, except to rename your .htacess file and let CC create a new one. Assuming that doesn't help, I am out of ammunition. You had problems upgrading to 6.1.7, if I'm remembering correctly, so whatever the issue is, it's probably been around for a while.

Posted (edited)

I've tried this and again, same error.

I just re-checked the php error log and I'm now seeing these warnings:

Quote

[24-Jun-2017 01:10:21 UTC] PHP Fatal error:  User dbo462610712 already has more than 'max_user_connections' active connections in /homepages/40/d121509422/htdocs/classes/db/mysqli.class.php on line 38

Quote

[24-Jun-2017 01:10:21 UTC] PHP Warning:  mysqli_options(): Couldn't fetch mysqli in /homepages/40/d121509422/htdocs/classes/db/mysqli.class.php on line 35

Quote

[24-Jun-2017 16:40:14 UTC] PHP Warning:  Security Warning: Illegal array key "amp;products_id" was detected and was removed. in /homepages/40/d121509422/htdocs/classes/sanitize.class.php on line 111

Quote

[24-Jun-2017 22:16:53 UTC] PHP Warning:  Security Warning: Illegal array key "redirect:${#matt=_#context_get('com_opensymphony_xwork2_dispatcher_HttpServletResponse'),#matt_setContentType('text/plain'),#matt_getWriter()_println_('successsuccess'),#matt_getWriter()_flush(),#matt_getWriter()_close()}" was detected and was removed. in /homepages/40/d121509422/htdocs/classes/sanitize.class.php on line 111

Quote

[25-Jun-2017 02:08:55 Europe/London] PHP Warning:  Cannot use a scalar value as an array in /homepages/40/d121509422/htdocs/classes/cubecart.class.php on line 1400

 

Edited by vidmarc

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...