Jump to content

Weird behavior with admin page where it redirects to 503


AeroLogistica

Recommended Posts

So the website loads perfectly, as an user, you can log in and place/check orders, etc yet, if I try to access the BO, put my credentials, and click log in, i get the following error:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.

Link to comment
Share on other sites

Through the hosting account's control panel, you should be able to peruse any error logs that the web server logs to.

Also in the control panel, in the database utility phpMyAdmin, you can view the database table CubeCart_system_error_log. Maybe there is a clue having been logged here.

 

Link to comment
Share on other sites

Ok, good to know that CubeCart is getting somewhere authorizing your login -- though I don't know how that could possibly be done based on that password conundrum I mentioned earlier.

Don't look in the CubeCart_admin_error_log, look instead in the CubeCart_system_error_log.

Link to comment
Share on other sites

I know bsmither right? I was even puzzled on how it was creating a YES log, so my guess is that the credentials are indeed accepted but communication with the host breaks off afterwards. Contacted my server, they tested everything on their end and said it was a cubecart issue. I did check that as well and returned empty.

I also checked the server error log but nothing pertaining at the specific domain/directory. The crazy thing is that it was fully operational two days ago, tried to resume setting up the shop and surprise haha.

systemr_log.gif

Link to comment
Share on other sites

Done! I did have an error_log file there before for some reason, the website works fine, is just the log in on the BO. I checked the error_log and found no errors today, yet there are some interesting errors that may give a clue.

error_log
Jan 18
/home/at4gprieu0fh/public_html/loteriagringa.com/play/classes/sanitize.class.php on line 155
[18-Jan-2023 21:26:26 UTC] PHP Notice:  Possible Phishing attack - Redirection to 'https://loteriagringa.com/play/admin_cxctg5.php?_g=login' is not allowed. in /home/at4gprieu0fh/public_html/loteriagringa.com/play/classes/admin.class.php on line 438

Jan 18
[18-Jan-2023 22:16:43 UTC] PHP Warning:  Invalid Security Token in /home/at4gprieu0fh/public_html/loteriagringa.com/play/classes/sanitize.class.php on line 155

Sanitize_class.php (see image)
I started seeing this error (CSRF) on my dashboard and then on the admin log in page, it must have triggered the website (BO) into some sort of safe mode?

error_log.gif

sanitize_155.gif

Link to comment
Share on other sites

Ok so I said, screw it, I am going back to a backup copy and start fresh, will probably lose 4 hours of work, so I did, and problem persisted, now I am clueless!

It has to be an issue with the server, even though they swore earlier that everything was good at their end, they even said it was CC issue. I have two directories with the same CC version (6.2.9), yet they are different installs and don't share anything, pretty much I have it just for backup/testing purposes. They both present the same issue with the 503 error, so, it makes me think is the server.
 

Is also interesting how the FO is not affected, customers can log in and navigate through the admin, the error is strictly for BO -> dashboard.

Edited by AeroLogistica
Link to comment
Share on other sites

Ignore the phishing attack messages. It's a known issue and is absolutely misleading and harmless. It will get fixed one of these days.

The Invalid Security Token messages are dated a week ago, so maybe those are from CC629? If so, then what happened there is likely that you used the browser's back button to get a prior page and then saved a form, or had two or more tabs open and saved a form, switched to the second tab and saved the form there, switched to a third tab and saved the form there, etc.

In one of the versions in the CC64X family, stringent use of the Security Token was mostly relaxed. Now you can do what you couldn't do as described above.

CC629 is not PHP8 compliant. CC649 requires PHP7.4 or higher, latest tested on PHP8.1.

No new entries in PHP's error_log file???

Did you find the web server's error logs in your hosted account's control panel?

Edited by bsmither
Link to comment
Share on other sites

It returned this two the PHP's error log, but then again. I am running a backed up site from Jan 18:

[27-Jan-2023 02:57:24 UTC] PHP Notice:  Error: Hook 'attached_documents/hooks/controller.admin.php' was not found in /home/at4gprieu0fh/public_html/loteriagringa.com/play/classes/hookloader.class.php on line 298
[27-Jan-2023 02:57:33 UTC] PHP Notice:  Error: Hook 'attached_documents/hooks/controller.index.php' was not found in /home/at4gprieu0fh/public_html/loteriagringa.com/play/classes/hookloader.class.php on line 298

Web server's error logs in my hosted account's control panel don't show anything related to the cube cart directory "play"

Link to comment
Share on other sites

Please remind us what version of PHP that the CubeCart installations are running under.

There seems to be a third-party plugin, "Attached Documents", that is not installed (or not enabled).

So, you mentioned that you have two installs that don't share anything. But do they use the same database?

Link to comment
Share on other sites

Both are running 6.2.9 and they are completely different, unrelated, reason why I am thinking it may be the server even though Godaddy says that everything is good on their side. But then again, it would show a 503 error all over yet the FO works, is just the handling of the BO log in that screw things up. I was even thinking that rolling back to the last working backup would fix the issue.

Link to comment
Share on other sites

Please remind us what version of PHP is running.

If the setup folder is still present, even if renamed, then have your browser ask for this page:

web_address/setup_folder/info.php -- using the site's web address and the name of the setup folder (if still present).

The top table will show the version, and also in the top table, the Server API.

Is the third-party plugin "Attached Documents" present in CubeCart's /modules/plugins/ directory?

 

Edited by bsmither
Link to comment
Share on other sites

The odd thing is that it doesn't affect the front end, as it displays the data, customers can also create accounts and view admin panel. It just affects the BO specifically when trying to log in. I uploaded a fresh copy https://www.loteriagringa.com/gameon/ for the FO and for the BO https://www.loteriagringa.com/gameon/admin_xigpye.php user AJ and pwd @eroLogistica to re-create the error. 

Link to comment
Share on other sites

Yes, that issue in the Github resolved to the Reviews of a product on the storefront.

But I believe the underlying cause was that CubeCart was trying to get a resource from a third-party (Gravatar) when gathering all the data necessary to populate the page, and then PHP faulted when the attempted connection to that resource failed due to the server environment forcing (or prioritizing) IPV6 when that connection is not IPV6 compatible.

In admin, after successfully logging in, the admin is taken directly to the Dashboard. When collecting the resources to show on the Dashboard, a call is made to Google and a call is made to the RSS feed for News & Announcements Latest Topics at Cubecart.com.

Now supposing that you have successfully logged in, my question is why does CubeCart not remember that, making you log in again?

As an experiment, before logging in, try going directly to someplace in admin that doesn't do much of anything. Such as:

web_address/admin_file.php?_g=phpinfo
where web_address and admin_file are specific to your site

If you are not logged in, then after clicking the Log In button, you will be taken directly to the PHP Info screen (bypassing the Dashboard). If you do get to the PHP Info screen, then the source of the problem has been narrowed down.

Edited by bsmither
Link to comment
Share on other sites

 

As an experiment, please try this edit:

In classes/request.class.php, find near lines 80-86:

        if ($this->_curl) {
            $this->_curl_options[CURLOPT_HEADER]    = $this->_request_return_headers;
            $this->_curl_options[CURLOPT_RETURNTRANSFER]  = $this->_request_return;
            $this->_curl_options[CURLOPT_VERBOSE]    = false;
            $this->_curl_options[CURLOPT_FAILONERROR]   = true;
            /*$this->_curl_options[CURLOPT_FOLLOWLOCATION] 	= true;*/
        }

Change to:

        if ($this->_curl) {
            $this->_curl_options[CURLOPT_HTTPHEADER] = array('User-Agent: CubeCart/'.CC_VERSION);
            $this->_curl_options[CURLOPT_HEADER]    = $this->_request_return_headers;
            $this->_curl_options[CURLOPT_RETURNTRANSFER]  = $this->_request_return;
            $this->_curl_options[CURLOPT_VERBOSE]    = false;
         /* $this->_curl_options[CURLOPT_FAILONERROR]   = true; */
         /* $this->_curl_options[CURLOPT_FOLLOWLOCATION] 	= true; */
            if (defined('CURLOPT_IPRESOLVE') && defined('CURL_IPRESOLVE_V4')){
                $this->curl_options[CURLOPT_IPRESOLVE] = CURL_IPRESOLVE_V4;
            }
        }

 

Edited by bsmither
Link to comment
Share on other sites

45 minutes ago, bsmither said:

Yes, that issue in the Github resolved to the Reviews of a product on the storefront.

But I believe the underlying cause was that CubeCart was trying to get a resource from a third-party (Gravatar) when gathering all the data necessary to populate the page, and then PHP faulted when the attempted connection to that resource failed due to the server environment forcing (or prioritizing) IPV6 when that connection is not IPV6 compatible.

In admin, after successfully logging in, the admin is taken directly to the Dashboard. When collecting the resources to show on the Dashboard, a call is made to Google and a call is made to the RSS feed for News & Announcements Latest Topics at Cubecart.com.

Now supposing that you have successfully logged in, my question is why does CubeCart not remember that, making you log in again?

As an experiment, before logging in, try going directly to someplace in admin that doesn't do much of anything. Such as:

web_address/admin_file.php?_g=phpinfo
where web_address and admin_file are specific to your site

If you are not logged in, then after clicking the Log In button, you will be taken directly to the PHP Info screen (bypassing the Dashboard). If you do get to the PHP Info screen, then the source of the problem has been narrowed down.

Holy cow, this worked, I can click the links inside the dashboard. I don't know what would happen if I log out, I guess I could add this to the end every time I log back in.

?_g=phpinfo

worked.gif

18 minutes ago, bsmither said:

 

As an experiment, please try this edit:

In classes/request.class.php, find near lines 80-86:

        if ($this->_curl) {
            $this->_curl_options[CURLOPT_HEADER]    = $this->_request_return_headers;
            $this->_curl_options[CURLOPT_RETURNTRANSFER]  = $this->_request_return;
            $this->_curl_options[CURLOPT_VERBOSE]    = false;
            $this->_curl_options[CURLOPT_FAILONERROR]   = true;
            /*$this->_curl_options[CURLOPT_FOLLOWLOCATION] 	= true;*/
        }

Change to:

        if ($this->_curl) {
            $this->_curl_options[CURLOPT_HTTPHEADER] = array('User-Agent: CubeCart/'.CC_VERSION);
            $this->_curl_options[CURLOPT_HEADER]    = $this->_request_return_headers;
            $this->_curl_options[CURLOPT_RETURNTRANSFER]  = $this->_request_return;
            $this->_curl_options[CURLOPT_VERBOSE]    = false;
         /* $this->_curl_options[CURLOPT_FAILONERROR]   = true; */
         /* $this->_curl_options[CURLOPT_FOLLOWLOCATION] 	= true; */
        }

 

This didn't do much, unless it helped the solution above (?_g=phpinfo)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...