bbtil Posted July 7, 2017 Share Posted July 7, 2017 (edited) Getting this error: Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used. I saw a previous thread : https://github.com/cubecart/v6/commit/d75faa35edb4d481fc25ae066064a18d23ac7d36 I followed that but nothing happened. I am on the https: admin login page and the padlock is locked in the login area. Any suggestions? Edited July 7, 2017 by bbtil Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted July 7, 2017 Share Posted July 7, 2017 Please create your Signature, so everyone can tell which CC and skin versions you are on. It's also helpful to know if it's a new install or and upgrade and from what... Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 7, 2017 Author Share Posted July 7, 2017 Its a new install v6 foundation skin Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted July 7, 2017 Share Posted July 7, 2017 Thank you for that information - the directions for putting it in you Signature are in MY signature. Knowing it's a new install rules out quite a few possibilities. It also raises the possibility that there is some server setting that is the issue. Also, please take a look in your includes/global.inc.php file to see what the naming is for the admin folder and the admin file. DO NOT SHARE THOSE NAMES HERE. Then check to be sure your actual file/folder names match that. Also, unlike previous versions, the admin url is now your_store_url/admin_XXX/php. If you are on SSL you also have to use the https:// . Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 7, 2017 Author Share Posted July 7, 2017 (edited) the info under the folder and file are different. $glob['adminFile'] = 'admin_*********'; $glob['adminFolder'] = 'admin_^^^^^^'; The folder in the FTP matches the Folder name above what are the possible server settings? I also cannot add anything to basket now. badboyztoyz.com/store Edited July 7, 2017 by bbtil Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted July 7, 2017 Share Posted July 7, 2017 I've asked all the "easy" questions I can. Hopefully someone will be along shortly who is knowledgeable enough to help you fix this. Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 8, 2017 Share Posted July 8, 2017 When adding a product to a CubeCart shopping basket, the javascript sends an AJAX notice to the store, and the store code is suppose to return ONLY the HTML necessary to show an updated shopping basket. For whatever reason, your store is returning an entire frontpage. If you have made any edits to the core code, or have any plugins that may affect the shopping basket or storefront display, please let us know. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 10, 2017 Author Share Posted July 10, 2017 I haven't as far as I can remember. I replaced any pages that I tried to make changes to with the original pages. I have a clean copy do you know what files I should replace. Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 10, 2017 Share Posted July 10, 2017 Please let us know if there are any redirect/rewrite directives in the .htaccess file that the web server may be executing - other than those specific to CubeCart. Also, likewise, see if your hosting control panel has a tool to create/manage redirects/rewrites such that a directive may be interfering with the URL that is the AJAX request. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 10, 2017 Author Share Posted July 10, 2017 In the main directory there is one for mobile site that's been there for a while and didn't affect the store before. This is in the main cubecart file... ##### START CubeCart .htaccess ##### ### File Security ### <FilesMatch "\.(htaccess)$"> Order Allow,Deny Deny from all </FilesMatch> ### Apache directory listing rules ### DirectoryIndex index.php index.htm index.html IndexIgnore * <ifModule mod_headers.c> Header always append X-Frame-Options SAMEORIGIN </ifModule> ### Rewrite rules for SEO functionality ### <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /store/ ##### START v4 SEO URL BACKWARD COMPATIBILITY ##### RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule cat_([0-9]+)(\.[a-z]{3,4})?(.*)$ index.php?_a=category&cat_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule prod_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule info_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=document&doc_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule tell_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule _saleItems(\.[a-z]+)?(\?.*)?$ index.php?_a=saleitems&%1 [NC,L] ##### END v4 SEO URL BACKWARD COMPATIBILITY ##### RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)\.html?$ index.php?seo_path=$1 [L,QSA] </IfModule> ### Default store 404 page ### ErrorDocument 404 /storetest/index.php ## Override default 404 error document for missing page resources ## <FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$"> ErrorDocument 404 "<html></html> </FilesMatch> ##### END CubeCart .htaccess ##### Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 10, 2017 Share Posted July 10, 2017 Other than the ErrorDocument directive - which sends a document from /storetest/ in the case of a 404 situation - all else looks fine. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 10, 2017 Author Share Posted July 10, 2017 what should i do then? is there away i can backup my store and then just reinstall? i have done a lot of customizing and I don't want to loose the look and feel. I also added all my products and don't want to lose those with all the product options. Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 10, 2017 Share Posted July 10, 2017 I am visiting your site now, and am looking at the traffic in and out of my browser. I recommend not re-installing just yet. Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 10, 2017 Share Posted July 10, 2017 (edited) I would like to have you log what CubeCart gets with respect to the URL. But before we get to the point where we need to do that... What I see is that your web server is "nginx". I researched whether or not nginx can or will use the .htaccess file (for Apache 2). Initial research results suggest that nginx does not support the use of .htaccess files. (https://stackoverflow.com/questions/35766676/how-can-i-use-htaccess-file-in-nginx) Which then begs the question - how is CubeCart functioning at all on your hosting account? Has the hosting manager already created the appropriate directives in whatever file nginx actually uses? Edited July 10, 2017 by bsmither Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 10, 2017 Author Share Posted July 10, 2017 when we installed the ssl they updated the .htaccess and then it was working fine i thought. i tried to login to the admin area and it hasn't worked since. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 11, 2017 Author Share Posted July 11, 2017 any other suggestions? Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 11, 2017 Share Posted July 11, 2017 If 'they' updated the .htaccess, then they must be using nginx in some other manner, and actually using Apache as the true web server. Otherwise, making changes to the .htaccess file makes no sense. Please consult with your hosting provider and ask how they are using nginx, and what is actually using the .htaccess file. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 11, 2017 Author Share Posted July 11, 2017 They responded and said to attach this link https://docs.plesk.com/en-US/12.5/administrator-guide/web-servers/apache-web-server-linux/apache-with-nginx.70837/ they said they can disable nginx Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 11, 2017 Share Posted July 11, 2017 Ok: nginx as a 'buffer', Apache as the real worker. As a test, have your hosting account not use nginx. Also, you are using the acronym SSI (Server-Side Includes) which is not SSL (Secure Sockets Layer - security certificate). I am wondering if your hosting provider has enabled something other than SSL. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 11, 2017 Author Share Posted July 11, 2017 I'll have them disable it now. It's SSL ok it's disabled now. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 11, 2017 Author Share Posted July 11, 2017 I don't see a difference since it's been disabled. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted July 11, 2017 Share Posted July 11, 2017 Have you manually cleared out all CC cache, except maybe images if you have a lot? Also, whatever you have to do to clear your browser cache - ctrl -f5, reboot?? Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 11, 2017 Author Share Posted July 11, 2017 yes, i just cleared that all again. i really don't want to lose the work i've done so far if I have to reinstall. Quote Link to comment Share on other sites More sharing options...
bbtil Posted July 11, 2017 Author Share Posted July 11, 2017 can anyone tell me if i'm going to lose all the products i've entered and product options if i reinstall? is there anyway to back that up? Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 11, 2017 Share Posted July 11, 2017 During an upgrade or re-install, the setup process will (should) ask if you want to keep your database or if you want to start a new database. Keeping the database will retain all the products, documents, categories, options, settings, etc. During an upgrade or re-install, all the code gets over-written, including the Foundation skin folder. So, rename that folder to something else, so that afterward, you can rename it back. You can have your hosting account make a backup of everything. A tool in the control panel - phpMyAdmin - can back up the database. CubeCart can also do this, but because it is a PHP script, there may be limits on the amount of memory and time the PHP script gets to run. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.