Jump to content
robertbell

Login attempt redirects to wrong page

Recommended Posts

Running version 6.2.2 without issue since August, and was able to log on last week. Today when I attempt to log on, after entering my user name and password at https://www.sojourner.biz/admin_XXXXXX.php the browser attempts to load https://www.sojourner.bizhttps/www.sojourner.bizhttps://www.sojourner.biz/admin_XXXXXX.php, , which does not resolve.

Presumably, something changed. Any suggestions as to where I should look?

Thanks.

Share this post


Link to post
Share on other sites

Please check for any hosting account control panel settings that may affect URL rewriting to enforce https.

Share this post


Link to post
Share on other sites

There's a functioning wild-card redirect to https.

From the .htaccess in the document root:

RewriteRule ^(.*)$ "https\:\/\/www\.sojourner\.biz\/$1" [R=301,L]

Share this post


Link to post
Share on other sites

I started with the https URL and everything seems to be fine for me.

You may want to check in admin, Store Settings, SSL tab that your cookie domain is .sojourner.biz. The cookie I got says it is .www.sojourner.biz (which is not accurate). Check the global.inc.php file for any hard-coded variable related to SSL.

Share this post


Link to post
Share on other sites

Hmm. Well, I can't get to admin, store settings, since it won't let me log in.

ini.inc.php includes the lines:

Quote

} else {
    ## Detect if SSL is enabled
    if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])!== 'off' && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == true) || $_SERVER['SERVER_PORT'] == 443) {
        define('CC_SSL', true);
    } else {
        define('CC_SSL', false);
    }
}

Quote

$url = (CC_SSL ? 'https://' : 'http://') . $server_name . $script_path;

You say everything seems fine for you (it obviously doesn't like me anymore). If you add something to the basket and then view basket, do you actually see the basket or https://www.sojourner.bizhttps/www.sojourner.bizhttps://www.sojourner.biz/index.php?_a=basket

Share this post


Link to post
Share on other sites

The "canonical" and "hreflang" links in the <head> section is messed up. The css and javascript src links are missing :/ from the URL protocol.

The file I mentioned to check is /includes/global.inc.php (not ini.inc.php).

Share this post


Link to post
Share on other sites

There is a new file for CC620, /includes/lib/smarty/plugins/function.combine.php.

It wants to use the constant CC_ROOT_REL. That constant is developed in ini.inc.php which either takes the rootRel variable in global.inc.php (if present) or uses what the web server gives to PHP.

To determine what the web server gives to PHP, do this:

Create a new file called: phpinfo.php

It's contents are:

<?php
  phpinfo();
?>

Place this file in CubeCart's main folder. Then ask for it in your browser. (www.sojourner.biz/phpinfo.php)

You will get a series of tables. Scroll to the bottom and find PHP Variables. Then find the HTTP_HOST, SERVER_NAME, SERVER_PORT, HTTPS, and SERVER_PROTOCOL.

Share this post


Link to post
Share on other sites

 

_SERVER["HTTP_HOST"]	www.sojourner.biz
_SERVER["SERVER_NAME"]	www.sojourner.biz
_SERVER["SERVER_PORT"]	443
_SERVER["HTTPS"]	on
_SERVER["SERVER_PROTOCOL"]	HTTP/1.1

 

Share this post


Link to post
Share on other sites

But

_SERVER["SCRIPT_URI"]    https://www.sojourner.bizhttps://www.sojourner.biz/phpinfo.php

Where is this set?

Share this post


Link to post
Share on other sites

SCRIPT_URI? Is there also a REQUEST_URI?

These keys to the _SERVER[ ] array come from the web server.

  • Thanks 1

Share this post


Link to post
Share on other sites
_SERVER["REQUEST_URI"]	/phpinfo.php
_SERVER["SCRIPT_URI"]	https://www.sojourner.bizhttps://www.sojourner.biz/phpinfo.php
_SERVER["SCRIPT_URL"]	https://www.sojourner.biz/phpinfo.php
_SERVER["SCRIPT_NAME"]	https://www.sojourner.biz/phpinfo.php

 

Share this post


Link to post
Share on other sites

I restored a backup of the store root .htaccess file, and it's working now.

I like backups.

Thanks for your help.

 

Share this post


Link to post
Share on other sites

An Internet Search suggests that SCRIPT_URI is what the web server uses to hold the original script path - the part after the domain name - before the rewriting changes it. If there is no rewriting, there is no (usually) SCRIPT_URI.

What were the differences in the two .htaccess files?

Share this post


Link to post
Share on other sites

There were a bunch but none that looked evil. I'm more concerned about why there were any. Off to bug the hosting provider...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×