Malvarlin Posted November 13, 2022 Share Posted November 13, 2022 Hi I have just 'moved' a copy of a store to another subdomain, as a backup and test platform, all seems to work except when I try to login to the admin side it just goes back to the login page. No error messages and the access log table records a successful login. Any ideas please thanks Paul Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 13, 2022 Share Posted November 13, 2022 Although there are work-arounds, if the copy is using the same database as the original store, there will be some weird issues. Having created a sub-domain, has the web server been configured to point the sub-domain to the copy's location? Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 13, 2022 Author Share Posted November 13, 2022 Hi Different database, active shop is also on a sub domain (shop. and shop2.) and yes pointed to separate directories. I'm thinking its something to do with https maybe and it thinks its being spoofed as in im logging in to shop2. but the db thinks it should be shop. and so is doing something about it...... Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 13, 2022 Share Posted November 13, 2022 Certainly if the Security Certificate knows only shop. but not shop2., then there will be problems. I think if the config settings got carried over and shop2 thinks SSL should always be enabled, then there will be a bounce to https, which, if the web server has only shop listening on port 443, then shop it will be. Get the admin login page in the browser. Then, make sure the login page is for shop2, and not https. If it is https, there may be a padlock that when clicked, the administration might proceed as non-https. But before you actually click to log in, use the browser's Developer Tools. The Tools are usually activated by F12. There will be a Network tab to see what is requested and what is returned. Have that in view when you click the Login button. You will see if there are any bounces and to where. Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 14, 2022 Author Share Posted November 14, 2022 tried accessing the admin login page via http:// and it worked and have now changed the SSL settings, don't know why I didn't think of that,,,,, duh thanks for the assist Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 16, 2022 Author Share Posted November 16, 2022 (edited) OK, this gets weird. After successfully logging in, once and once only. I decided to go back to basics, deleted the store and cleared the DB. I have now reinstalled a vanilla copy of 6.4.4, no imported data etc. I am now unable to login, no error messages just goes back to the login screen BUT i can login via my phone, on the same wifi network. anyone got any idea what is going on?? edit: edge and chrome have same effect but firefox lets me in!!! Edited November 16, 2022 by Malvarlin Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 16, 2022 Share Posted November 16, 2022 (edited) Let's try this: Log in (apparently using Firefox). In Store Settings, Advanced tab, enable Debug mode and enter your local IP address in the next field (www.showmyip.com). (This allows only you to see the debug info.) Log out, then use Chrome to (try to) log in. When you get the log in screen after that attempt, view the debug info at the bottom of the page. You should see: Debug Output This can be disabled via "Store Settings" » "Advanced" (Tab) » "Enable Debugging". PHP: [USERNotice] /xxx/classes/admin.class.php:438 - Possible Phishing attack - Redirection to 'http://www.zzz.com/admin.php?_g=login' is not allowed. Please check the value of 'Store URL' in the SSL section of your store settings. GET: 'Before Sanitise:' => 'After Sanitise:' => POST: 'username' => user 'password' => pass 'redir' => http://www.zzz.com/admin.php?_g=login 'login' => Log In 'token' => 32 character hash Then, there will be another, second debug section but probably will not contain anything of interest. But examine it anyway. You should also compare what you see using Chrome against what you see using Firefox. Edited November 16, 2022 by bsmither Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 17, 2022 Author Share Posted November 17, 2022 OK so The page that doesnt work has very little in the session part SESSION: '__client' => 'ip_address' => xxxxxxxxxxxxxxx 'useragent' => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 'session_start' => 1668710929 'session_last' => 1668711252 'language' => en-GB 'currency' => GBP '__system' => 'token' => c042be28e04e880081bd8f1f70a380a3 'token_acp' => 12aa9b91d9f6ca5acdc9a34eec442759 COOKIE: '__zlcmid' => 17okaypUGfeZUB3 '_ga' => GA1.3.1705602839.1640953619 'accept_cookies' => true 'CCS_270BDD668E' => a57b7aff50c027097a6bd0e7dd51eb44 'CC_270BDD668E' => f6e70a76a9e3c26979045f2aa0bc0e9e compared to the firefox one that does work SESSION: '__client' => 'ip_address' => xxxxxxxxxxx 'useragent' => Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 'session_start' => 1668711348 'session_last' => 1668711349 'currency' => GBP 'admin_id' => 1 '__system' => 'token_acp' => 43b727377de1856843dc47fa3880daa3 'recent_extensions' => '0' => 'name' => Advanced Export 'url' => https://www.cubecart.com/extensions/plugins/advanced-export 'image' => https://www.cubecart.com//img/sellers/457/506/master.png 'price' => £25.00 '1' => 'name' => Google Analytics for eCommerce 'url' => https://www.cubecart.com/extensions/plugins/google-analytics-for-ecommerce 'image' => https://www.cubecart.com//img/sellers/1/505/master.png 'price' => Free '2' => 'name' => gpwebpay 'url' => https://www.cubecart.com/extensions/payment-gateways/gpwebpay 'image' => https://www.cubecart.com//img/noimage.png 'price' => Free '3' => 'name' => Basix (Bootstrap Responsive Skin) 'url' => https://www.cubecart.com/extensions/skins/basix-bootstrap-responsive-skin 'image' => https://www.cubecart.com//img/sellers/1/440/master.png 'price' => Free '4' => 'name' => Amzin (Bootstrap Responsive Skin) 'url' => https://www.cubecart.com/extensions/skins/amzin-bootstrap-responsive-skin 'image' => https://www.cubecart.com//img/sellers/1/455/master.png 'price' => Free '5' => 'name' => CBurst (Bootstrap Responsive Skin) 'url' => https://www.cubecart.com/extensions/skins/cburst-bootstrap-responsive-skin 'image' => https://www.cubecart.com//img/sellers/1/467/master.jpg 'price' => Free '6' => 'name' => Dillion (Bootstrap Responsive Skin) 'url' => https://www.cubecart.com/extensions/skins/dillion-bootstrap-responsive-skin 'image' => https://www.cubecart.com//img/sellers/1/482/master.jpg 'price' => Free '7' => 'name' => Améo - Lyra payment gateway - Pay by Installments 'url' => https://www.cubecart.com/extensions/payment-gateways/ameo-lyra-payment-gateway-pay-by-installments 'image' => https://www.cubecart.com//img/sellers/424/503/master.jpg 'price' => Free '8' => 'name' => Améo - Lyra payment gateway 'url' => https://www.cubecart.com/extensions/payment-gateways/ameo-lyra-payment-gateway 'image' => https://www.cubecart.com//img/sellers/424/502/master.jpg 'price' => <strike class="price">€39.99</strike> €19.99 '9' => 'name' => "Postmaster" P&P Quote Generator for UK Mainland-Despatched Courier Rates 'url' => https://www.cubecart.com/extensions/shipping-methods/-postmaster-p-p-quote-generator-for-uk-mainland-despatched-courier-rates 'image' => https://www.cubecart.com//img/sellers/437/495/master.png 'price' => £9.99 '10' => 'name' => Royal Mail - Click & Drop 'url' => https://www.cubecart.com/extensions/plugins/royal-mail-click-drop 'image' => https://www.cubecart.com//img/sellers/1/494/master.png 'price' => <strike class="price">£100.00</strike> £59.00 '11' => 'name' => Duplicate (cc or bcc) or block sending of order emails 'url' => https://www.cubecart.com/extensions/plugins/duplicate-cc-or-bcc-or-block-sending-of-order-emails 'image' => https://www.cubecart.com//img/sellers/8/483/master.jpg 'price' => €25.00 'version_check' => 1 'rss_news' => 'title' => News & Announcements Latest Topics 'link' => https://forums.cubecart.com/forum/1-news-announcements/ 'description' => News & Announcements Latest Topics 'language' => en 'items' => '0' => 'title' => CubeCart 6.4.6 Released (PHP 8 Support) 'link' => https://forums.cubecart.com/topic/57960-cubecart-646-released-php-8-support/ '1' => 'title' => Short Survey: CubeCart with stock synchronised point of sale system 'link' => https://forums.cubecart.com/topic/57872-short-survey-cubecart-with-stock-synchronised-point-of-sale-system/ '2' => 'title' => CubeCart 6.4.5 Released 'link' => https://forums.cubecart.com/topic/57773-cubecart-645-released/ '3' => 'title' => Pay Later from PayPal is here 'link' => https://forums.cubecart.com/topic/57414-pay-later-from-paypal-is-here/ '4' => 'title' => CubeCart 6.5.0 Beta 3 Released 'link' => Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 17, 2022 Share Posted November 17, 2022 The SESSION: is expected to have not as much in it when logging in is not working as it should. Please compare POST: for any differences. Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 18, 2022 Author Share Posted November 18, 2022 There is no POST section for either working or none working.... just PHP, GET, SESSION, COOKIE, MySQL Queries then Memory, Cache and page load time PHP is giving this though on Edge and chrome, but reprting no errors on firefox PHP: [Notice] /homepages/xxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90 - Undefined index: USERNAME[Notice] /homepages/xxxxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90 - Trying to get property 'value' of non-object[Notice] /homepages/xxxxxxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:93 - Undefined index: PASSWORD[Notice] /homepages/xxxxxxxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:93 - Trying to get property 'value' of non-object GET: Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 18, 2022 Share Posted November 18, 2022 (edited) Please be aware that there may be two distinct parts to the Debug section. The second part, if present, starts after the SQL queries and "Page Load Time" of the first part. There has to be a POST: section - especially for the browser that the login succeeds. That's where the username and password values are to be found. But for Chrome to report that there are undefined indexes USERNAME and PASSWORD certainly suggests that the Chrome browser is not sending any POST. Do you have a password manager addon auto-filling login forms (such as Dashlane)? Earlier in this conversation, I suggested using the browser's Developer Tools. Have you explored the traffic on the tools' Network tab? Edited November 18, 2022 by bsmither Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 19, 2022 Author Share Posted November 19, 2022 (edited) Hi Yes have looked in the network traffic, nothing looks amiss there but then not really sure what i'm looking for, but nothing looks out of place or odd. Definitely no section headed POST in the debug info on any browser, even did a search and no instances of POST found. I am seeing a few of these and just to add to the mix I CAN login from both EDGE and CHROME if I go incognito/inprivate Hack: 1668870901.70090 --- Duration: 123580 µs [ERROR - NOT CACHED] INSERT INTO `xxx_CubeCart_system_error_log` (`message`,`url`,`backtrace`,`time`) VALUES ('[<strong>Notice</strong>] /homepages/34/d376591905/htdocs/xxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90 - Undefined index: USERNAME','https://shop2.xxx.co.uk/admin_SYDV7U.php?_g=login','handleError() (8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90)\ncontent_6378f2eb30d129_34149981() (smarty_template_resource_base.php:123)\ngetRenderedTemplateCode() (smarty_template_compiled.php:114)\nrender() (smarty_internal_template.php:216)\nrender() (smarty_internal_templatebase.php:238)\n_execute() (smarty_internal_templatebase.php:116)\nfetch() (gui.class.php:342)\ndisplay() (admin_SYDV7U.php:44)\n','1668870901'); also the user data when i do login is displayed here '__admin_data' => 'admin_id' => 1 'customer_id' => 'status' => 1 'name' => Paul 'username' => xxx 'new_password' => 1 'email' => [email protected] 'verify' => 'logins' => 38 'super_user' => 1 'notes' => 'failLevel' => 0 'blockTime' => 0 'lastTime' => 1668871365 'browser' => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.52 'ip_address' => xxxxxxx 'language' => en-GB 'dashboard_notes' => 'order_notify' => 1 'tour_shown' => 1 '__admin' => 'user_language' => en-GB Edited November 19, 2022 by Malvarlin Quote Link to comment Share on other sites More sharing options...
Malvarlin Posted November 19, 2022 Author Share Posted November 19, 2022 It appears to be resolved Cleared all the cookie data (why I didn't do this at the start I don't know) but that has sorted it. But that said does anyone have any idea why this happened? Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 19, 2022 Share Posted November 19, 2022 No POST section in debug when attempting to log in..... Soooo weird! I've never really had an issue with cookies - they are critical at maintaining session continuity just like any other site - except when a new server was unknowingly deleting session files every half-hour causing me to become logged out for no apparent reason (not the browser's fault). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.