Jump to content

Order Status Won't Update


Taodi

Recommended Posts

A day after upgrading to 6.1.14, I tried to update a couple orders to "Order Complete", and find I get an Error 500 - Internal Server Error. I also find I am able to make other changes in any of the tabs of an order page and those save fine. The problem appears to be simply that I cannot change an order to Order Complete (don't see anything else malfunctioning on the site). I get the error page whether hitting "Save" or "Save and Reload". In the History tab, it shows order status as Order Complete, but the Overview tab still shows Processing.

Link to comment
Share on other sites

Thanks for the reply.

I created the file ini-custom-ini.php and put it in the public_html directory. However, before creating this new file, I noticed there was already a file called error_log in public_html. I then went back into an order and tried to change status to Order Complete. Then I went into error_log and am copying March 18's errors.

[18-Mar-2018 00:01:00 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '46.161.9.61' New IP Address: '46.161.9.61' Old User Agent: 'Mozilla/5.0 (Windows NT 7.1; rv:37.1) Gecko/20100101 Firefox/37.1' New User Agent: 'Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0' in /home1/imperia5/public_html/classes/session.class.php on line 702
[18-Mar-2018 01:07:00 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '46.161.9.18' New IP Address: '46.161.9.18' Old User Agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299' New User Agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:43.0) Gecko/20100101 Firefox/43.0' in /home1/imperia5/public_html/classes/session.class.php on line 702
[18-Mar-2018 18:24:19 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '176.226.151.70' New IP Address: '176.226.151.70' Old User Agent: 'Mozilla/5.0 (Windows NT 7.0; rv:33.1) Gecko/20100101 Firefox/33.1' New User Agent: 'Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0' in /home1/imperia5/public_html/classes/session.class.php on line 702
Link to comment
Share on other sites

There are three IP addresses here: 46.161.9.61, 46.161.9.18, and 176.226.151.70.

The difference between the first two suggests that your ISP released and reassigned your modem its IP address between 00:01:00 UTC and 01:07:00 UTC, or these IP addresses belong to different computers and these computers are sharing cookies (per IP address).

Between these two IP addresses, there are four different browsers in use.

Then, the third IP address (17 hours later) is using two more different browsers, while sharing the same cookie (per IP address).

When CubeCart detects a discrepancy like this, all POSTed data is trashed and a new cookie is made.

Sharing cookies between different browsers is a good indication that there is someone or something doing something very funny - and perhaps malicious.

Link to comment
Share on other sites

I live in China and often use a vpn (though not always), and I may change locations in the vpn fairly frequently. Could this give rise to the appearance of strange activity? Meanwhile, I've been operating the store since 2012, all from China with similar vpn use habits. Have not encountered a problem with updating order status.

Link to comment
Share on other sites

There are browser add-ons that will on a random occasion configure a browser to use a randomly chosen User Agent string.

Do not do this when managing a CubeCart store.

Using a VPN would explain the differing IP addresses across time.

That does not explain the differing User Agent strings - unless this is a feature of the VPN.

If it is a feature of the VPN (perhaps a feature just recently made available?), determine if it can be disabled. If it can be disabled, do so.

 

On the other hand, if randomizing the User Agent string is important to you, then we can re-code the function that checks for this and neutralize it.

Link to comment
Share on other sites

I don't know what a User Agent string is, so not sure if it's important! :)

Meanwhile, I use very few add-ons in my browser (Chrome). I just now tried disabling a couple of them, leaving enabled the ones related to Googledocs. I turned off my vpn. Still cannot update order status.

Then I logged out with Chrome and opened Firefox which I virtually never use. The only 2 add-ons in it are a pair that are set up by default (OpenH264 Video Codex and Widevine Content Decryption Module). I left them enabled. With VPN off, I'm seeing the same error message when trying to update order status. Meanwhile, even with these repeated attempts to change order status, I'm not seeing the error log add additional lines. It still only shows the ones I sent you above as the latest ones.

Link to comment
Share on other sites

This is what got past me -- you say you get a 500 Error. The cause of the 500 error should be in the error_log.

If not, then the web server is not liking what is getting POSTed. However, updating any data except the status does work, but updating the status does not work, suggests the web server is not the problem.

So it is likely something with PHP. Please create the file referenced in the other post.

Something is changing the User Agent string of your browser. Having turned off the VPN, then we need to blame the browser (an add-on), or your anti-virus (internet protection app) that may be installed on your computer.

The User Agent string is a declaration made by the browser that "I am this browser, I am at this version, and I understand most everything that "Mozilla/5.0" requires me to understand."

The thing is, there are those who really, really want to know what your User Agent string is, so that a site can deliver custom content or block some or all content, or better be able to track you from site to site.

Let's make this code change:

In the file /classes/session.class.php, near the end of the file, find:

if ($current[0]['useragent'] !== $this->_http_user_agent()) {

Change to:

if (false && $current[0]['useragent'] !== $this->_http_user_agent()) {

 

Link to comment
Share on other sites

I just now made the change to /classes/session.class.php, but am still getting the same error message. (Shall I delete the "false &&"?)

Also, above that, you asked me to "create the file referenced in the other post". If that was the ini-custom-ini.php file, then I already created that a while ago (placed in public_html directory.

I could turn off my ant-virus, but I will say that I've made no recent changes in my anti-virus. I've been using the site without glitch up until last Friday, one day after I upgraded the Cubecart version. 

Link to comment
Share on other sites

Still getting that error message (as well as getting the 500 Server Error shown on your web browser)?

Change this:

if (false && $current[0]['useragent'] !== $this->_http_user_agent()) {

To this:

if ( false && ($current[0]['useragent'] !== $this->_http_user_agent()) ) {

Just to remove any question about how that expression resolves logically.

If this is the name of the file, ini-custom-ini.php, then take care as the actual name is ini-custom.inc.php.

Link to comment
Share on other sites

These 2 new ones:

[19-Mar-2018 00:14:05 UTC] PHP Warning:  Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '96.58.158.18' New IP Address: '96.58.158.18' Old User Agent: 'Mozilla/5.0 (X11; CrOS x86_64 10176.72.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36' New User Agent: 'Mozilla/5.0 (X11; CrOS x86_64 10176.76.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.190 Safari/537.36' in /home1/imperia5/public_html/classes/session.class.php on line 702
[19-Mar-2018 00:14:32 UTC] PHP Warning:  Invalid Security Token in /home1/imperia5/public_html/classes/sanitize.class.php on line 152
Link to comment
Share on other sites

With the edit to the file, there shouldn't be any more entries concerning stored session data mismatch. Maybe that last one got in before the edit was made.

Still, the 500 Server Error is not caused by this mismatch. Please contact your hosting provider and request that they monitor your site to learn what is causing the 500 error.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...