Installed new SSl and can't login to admin area

[bbtil]

Getting this error: Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used.

I saw a previous thread : https://github.com/cubecart/v6/commit/d75faa35edb4d481fc25ae066064a18d23ac7d36

I followed that but nothing happened. 

I am on the https: admin login page and the padlock is locked in the login area. 

Any suggestions?

Edited July 7, 2017 by bbtil

[Dirty Butter]

Please create your Signature, so everyone can tell which CC and skin versions you are on. It's also helpful to know if it's a new install or and upgrade and from what...

[bbtil]

Its a new install

v6

foundation skin

[Dirty Butter]

Thank you for that information - the directions for putting it in you Signature are in MY signature.

Knowing it's a new install rules out quite a few possibilities. It also raises the possibility that there is some server setting that is the issue.

Also, please take a look in your includes/global.inc.php file to see what the naming is for the admin folder and the admin file. DO NOT SHARE THOSE NAMES HERE.

Then check to be sure your actual file/folder names match that.

Also, unlike previous versions, the admin url is now your_store_url/admin_XXX/php. If you are on SSL you also have to use the https:// .

[bbtil]

the info under the folder and file are different.

$glob['adminFile'] = 'admin_*********';
$glob['adminFolder'] = 'admin_^^^^^^';

 

The folder in the FTP matches the Folder name above

what are the possible server settings?

I also cannot add anything to basket now.

badboyztoyz.com/store

Edited July 7, 2017 by bbtil

[Dirty Butter]

I've asked all the "easy" questions I can. Hopefully someone will be along shortly who is knowledgeable enough to  help you fix this.

[bsmither]

When adding a product to a CubeCart shopping basket, the javascript sends an AJAX notice to the store, and the store code is suppose to return ONLY the HTML necessary to show an updated shopping basket.

For whatever reason, your store is returning an entire frontpage.

If you have made any edits to the core code, or have any plugins that may affect the shopping basket or storefront display, please let us know.

 

[bbtil]

I haven't as far as I can remember. I replaced any pages that I tried to make changes to with the original pages. I have a clean copy do you know what files I should replace. 

[bsmither]

Please let us know if there are any redirect/rewrite directives in the .htaccess file that the web server may be executing - other than those specific to CubeCart. Also, likewise, see if your hosting control panel has a tool to create/manage redirects/rewrites such that a directive may be interfering with the URL that is the AJAX request.

 

[bbtil]

In the main directory there is one for mobile site that's been there for a while and didn't affect the store before. 

This is in the main cubecart file...

##### START CubeCart .htaccess #####

### File Security ###
<FilesMatch "\.(htaccess)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

### Apache directory listing rules ###
DirectoryIndex index.php index.htm index.html
IndexIgnore *

<ifModule mod_headers.c>
  Header always append X-Frame-Options SAMEORIGIN
</ifModule>

### Rewrite rules for SEO functionality ###
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /store/ 
  
  ##### START v4 SEO URL BACKWARD COMPATIBILITY #####
  RewriteCond %{QUERY_STRING} (.*)$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule cat_([0-9]+)(\.[a-z]{3,4})?(.*)$ index.php?_a=category&cat_id=$1&%1 [NC]

  RewriteCond %{QUERY_STRING} (.*)$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule prod_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC]

  RewriteCond %{QUERY_STRING} (.*)$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule info_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=document&doc_id=$1&%1 [NC]

  RewriteCond %{QUERY_STRING} (.*)$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule tell_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC]

  RewriteCond %{QUERY_STRING} (.*)$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule _saleItems(\.[a-z]+)?(\?.*)?$ index.php?_a=saleitems&%1 [NC,L]
  ##### END v4 SEO URL BACKWARD COMPATIBILITY #####

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_URI} !=/favicon.ico
  RewriteRule ^(.*)\.html?$ index.php?seo_path=$1 [L,QSA]
</IfModule>

### Default store 404 page ###
ErrorDocument 404 /storetest/index.php

## Override default 404 error document for missing page resources ##
<FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$">
  ErrorDocument 404 "<html></html>
</FilesMatch>
##### END CubeCart .htaccess #####

[bsmither]

Other than the ErrorDocument directive - which sends a document from /storetest/ in the case of a 404 situation - all else looks fine.

 

[bbtil]

what should i do then? is there away i can backup my store and then just reinstall? i have done a lot of customizing and I don't want to loose the look and feel. I also added all my products and don't want to lose those with all the product options.

[bsmither]

I am visiting your site now, and am looking at the traffic in and out of my browser.

I recommend not re-installing just yet.

[bsmither]

I would like to have you log what CubeCart gets with respect to the URL. But before we get to the point where we need to do that...

What I see is that your web server is "nginx".

I researched whether or not nginx can or will use the .htaccess file (for Apache 2). Initial research results suggest that nginx does not support the use of .htaccess files.
(https://stackoverflow.com/questions/35766676/how-can-i-use-htaccess-file-in-nginx)

Which then begs the question - how is CubeCart functioning at all on your hosting account? Has the hosting manager already created the appropriate directives in whatever file nginx actually uses?

Edited July 10, 2017 by bsmither

[bbtil]

when we installed the ssl they updated the .htaccess and then it was working fine i thought. i tried to login to the admin area and it hasn't worked since.

[bbtil]

any other suggestions? 

[bsmither]

If 'they' updated the .htaccess, then they must be using nginx in some other manner, and actually using Apache as the true web server. Otherwise, making changes to the .htaccess file makes no sense.

Please consult with your hosting provider and ask how they are using nginx, and what is actually using the .htaccess file.

[bbtil]

They responded and said to attach this link https://docs.plesk.com/en-US/12.5/administrator-guide/web-servers/apache-web-server-linux/apache-with-nginx.70837/

they said they can disable nginx

[bsmither]

Ok: nginx as a 'buffer', Apache as the real worker.

As a test, have your hosting account not use nginx.

Also, you are using the acronym SSI (Server-Side Includes) which is not SSL (Secure Sockets Layer - security certificate). I am wondering if your hosting provider has enabled something other than SSL.

[bbtil]

I'll have them disable it now.

It's SSL

ok it's disabled now.

[bbtil]

I don't see a difference since it's been disabled. 

[Dirty Butter]

Have you manually cleared out all CC cache, except maybe images if you have a lot? Also, whatever you have to do to clear your browser cache - ctrl -f5, reboot??

[bbtil]

yes, i just cleared that all again. 

i really don't want to lose the work i've done so far if I have to reinstall. 

[bbtil]

can anyone tell me if i'm going to lose all the products i've entered and product options if i reinstall? is there anyway to back that up?

[bsmither]

During an upgrade or re-install, the setup process will (should) ask if you want to keep your database or if you want to start a new database. Keeping the database will retain all the products, documents, categories, options, settings, etc.

During an upgrade or re-install, all the code gets over-written, including the Foundation skin folder. So, rename that folder to something else, so that afterward, you can rename it back.

You can have your hosting account make a backup of everything. A tool in the control panel - phpMyAdmin - can back up the database. CubeCart can also do this, but because it is a PHP script, there may be limits on the amount of memory and time the PHP script gets to run.