Jump to content

Admin login issue


Malvarlin

Recommended Posts

Hi

I have just 'moved' a copy of a store to another subdomain, as a backup and test platform, all seems to work except when I try to login to the admin side it just goes back to the login page.

No error messages and the access log table records a successful login.

Any ideas please

thanks

Paul

Link to comment
Share on other sites

Hi

Different database, active shop is also on a sub domain (shop. and shop2.) and yes pointed to separate directories.

I'm thinking its something to do with https maybe and it thinks its being spoofed as in im logging in to shop2. but the db thinks it should be shop. and so is doing something about it......

Link to comment
Share on other sites

Certainly if the Security Certificate knows only shop. but not shop2., then there will be problems.

I think if the config settings got carried over and shop2 thinks SSL should always be enabled, then there will be a bounce to https, which, if the web server has only shop listening on port 443, then shop it will be.

Get the admin login page in the browser.

Then, make sure the login page is for shop2, and not https. If it is https, there may be a padlock that when clicked, the administration might proceed as non-https.

But before you actually click to log in, use the browser's Developer Tools. The Tools are usually activated by F12. There will be a Network tab to see what is requested and what is returned.

Have that in view when you click the Login button.

You will see if there are any bounces and to where.

 

Link to comment
Share on other sites

OK, this gets weird.

After successfully logging in, once and once only.  I decided to go back to basics, deleted the store and cleared the DB.

I have now reinstalled a vanilla copy of 6.4.4, no imported data etc.

I am now unable to login, no error messages just goes back to the login screen

BUT i can login via my phone, on the same wifi network.

anyone got any idea what is going on??

edit: edge and chrome have same effect but firefox lets me in!!!

Edited by Malvarlin
Link to comment
Share on other sites

Let's try this:

Log in (apparently using Firefox). In Store Settings, Advanced tab, enable Debug mode and enter your local IP address in the next field (www.showmyip.com). (This allows only you to see the debug info.)

Log out, then use Chrome to (try to) log in. When you get the log in screen after that attempt, view the debug info at the bottom of the page.

You should see:

Debug Output
This can be disabled via "Store Settings" » "Advanced" (Tab) » "Enable Debugging".
PHP:
[USERNotice] /xxx/classes/admin.class.php:438 - Possible Phishing attack - Redirection to
'http://www.zzz.com/admin.php?_g=login' is not allowed. Please check the value of 'Store URL'
in the SSL section of your store settings.
GET:
'Before Sanitise:' =>
'After Sanitise:' =>
POST:
'username' => user
'password' => pass
'redir' => http://www.zzz.com/admin.php?_g=login
'login' => Log In
'token' => 32 character hash

Then, there will be another, second debug section but probably will not contain anything of interest. But examine it anyway.

You should also compare what you see using Chrome against what you see using Firefox.

Edited by bsmither
Link to comment
Share on other sites

OK so

The page that doesnt work has very little in the session part

SESSION:

'__client' =>
'ip_address' => xxxxxxxxxxxxxxx
'useragent' => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
'session_start' => 1668710929
'session_last' => 1668711252
'language' => en-GB
'currency' => GBP
'__system' =>
'token' => c042be28e04e880081bd8f1f70a380a3
'token_acp' => 12aa9b91d9f6ca5acdc9a34eec442759

COOKIE:

'__zlcmid' => 17okaypUGfeZUB3
'_ga' => GA1.3.1705602839.1640953619
'accept_cookies' => true
'CCS_270BDD668E' => a57b7aff50c027097a6bd0e7dd51eb44
'CC_270BDD668E' => f6e70a76a9e3c26979045f2aa0bc0e9e

 

 

compared to the firefox one that does work

SESSION:

'__client' =>
'ip_address' => xxxxxxxxxxx
'useragent' => Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0
'session_start' => 1668711348
'session_last' => 1668711349
'currency' => GBP
'admin_id' => 1
'__system' =>
'token_acp' => 43b727377de1856843dc47fa3880daa3
'recent_extensions' =>
'0' =>
'name' => Advanced Export
'price' => £25.00
'1' =>
'name' => Google Analytics for eCommerce
'price' => Free
'3' =>
'name' => Basix (Bootstrap Responsive Skin)
'price' => Free
'4' =>
'name' => Amzin (Bootstrap Responsive Skin)
'price' => Free
'5' =>
'name' => CBurst (Bootstrap Responsive Skin)
'price' => Free
'6' =>
'name' => Dillion (Bootstrap Responsive Skin)
'price' => Free
'7' =>
'name' => Améo - Lyra payment gateway - Pay by Installments
'price' => Free
'8' =>
'name' => Améo - Lyra payment gateway
'price' => <strike class="price">&euro;39.99</strike> &euro;19.99
'9' =>
'name' => "Postmaster" P&P Quote Generator for UK Mainland-Despatched Courier Rates
'price' => &pound;9.99
'10' =>
'name' => Royal Mail - Click & Drop
'price' => <strike class="price">&pound;100.00</strike> &pound;59.00
'11' =>
'name' => Duplicate (cc or bcc) or block sending of order emails
'price' => &euro;25.00
'version_check' => 1
'rss_news' =>
'title' => News & Announcements Latest Topics
'description' => News & Announcements Latest Topics
'language' => en
'items' =>
'0' =>
'title' => CubeCart 6.4.6 Released (PHP 8 Support)
'1' =>
'title' => Short Survey: CubeCart with stock synchronised point of sale system
'2' =>
'title' => CubeCart 6.4.5 Released
'3' =>
'title' => Pay Later from PayPal is here
'4' =>
'title' => CubeCart 6.5.0 Beta 3 Released
'link' =>
 
 
 
Link to comment
Share on other sites

There is no POST section for either working or none working....

just PHP, GET, SESSION, COOKIE, MySQL Queries then Memory, Cache and page load time

PHP is giving this though on Edge and chrome, but reprting no errors on firefox

PHP:
[Notice] /homepages/xxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90 - Undefined index: USERNAME[Notice] /homepages/xxxxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90 - Trying to get property 'value' of non-object[Notice] /homepages/xxxxxxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:93 - Undefined index: PASSWORD[Notice] /homepages/xxxxxxxxxxxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:93 - Trying to get property 'value' of non-object


GET:

Link to comment
Share on other sites

Please be aware that there may be two distinct parts to the Debug section. The second part, if present, starts after the SQL queries and "Page Load Time" of the first part.

There has to be a POST: section - especially for the browser that the login succeeds. That's where the username and password values are to be found.

But for Chrome to report that there are undefined indexes USERNAME and PASSWORD certainly suggests that the Chrome browser is not sending any POST.

Do you have a password manager addon auto-filling login forms (such as Dashlane)?

Earlier in this conversation, I suggested using the browser's Developer Tools. Have you explored the traffic on the tools' Network tab?

Edited by bsmither
Link to comment
Share on other sites

Hi

Yes have looked in the network traffic, nothing looks amiss there but then not really sure what i'm looking for, but nothing looks out of place or odd.

Definitely no section headed POST in the debug info on any browser, even did a search and no instances of POST found.

I am seeing a few of these and just to add to the mix I CAN login from both EDGE and CHROME if I go incognito/inprivate

Hack: 1668870901.70090 --- Duration: 123580 µs [ERROR - NOT CACHED]
INSERT INTO `xxx_CubeCart_system_error_log` (`message`,`url`,`backtrace`,`time`) VALUES ('[<strong>Notice</strong>] /homepages/34/d376591905/htdocs/xxx/shop2/cache/skin/8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90 - Undefined index: USERNAME','https://shop2.xxx.co.uk/admin_SYDV7U.php?_g=login','handleError() (8ad9390f9a6a833bc5276a33c0a82ba788c3b384_0.file.login.php.php:90)\ncontent_6378f2eb30d129_34149981() (smarty_template_resource_base.php:123)\ngetRenderedTemplateCode() (smarty_template_compiled.php:114)\nrender() (smarty_internal_template.php:216)\nrender() (smarty_internal_templatebase.php:238)\n_execute() (smarty_internal_templatebase.php:116)\nfetch() (gui.class.php:342)\ndisplay() (admin_SYDV7U.php:44)\n','1668870901');

also the user data when i do login is displayed here

'__admin_data' =>
'admin_id' => 1
'customer_id' =>
'status' => 1
'name' => Paul
'username' => xxx
'new_password' => 1
'email' => [email protected]
'verify' =>
'logins' => 38
'super_user' => 1
'notes' =>
'failLevel' => 0
'blockTime' => 0
'lastTime' => 1668871365
'browser' => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.52
'ip_address' => xxxxxxx
'language' => en-GB
'dashboard_notes' =>
'order_notify' => 1
'tour_shown' => 1
'__admin' =>
'user_language' => en-GB
Edited by Malvarlin
Link to comment
Share on other sites

No POST section in debug when attempting to log in..... Soooo weird!

I've never really had an issue with cookies - they are critical at maintaining session continuity just like any other site - except when a new server was unknowingly deleting session files every half-hour causing me to become logged out for no apparent reason (not the browser's fault).

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...