A slew of problems!

[Kyrsten]

First off let me start by saying that I haven't added any new contribs to my site in well over 6 months, so I am puzzled as to why all the problems I am having. As best I can tell all of the problems I am finding I did not have in late February and have popped up at some time since then.

 

Here is a list of the problems:

 

Returning customers can not login to their account, it just keeps loading the same login page over and over. (I have my own mock account I use for testing) But you can create a new account just fine, but if you logout you can not log back in as the same problem results.

 

When requesting a forgotten password only the login page loads and the password is never sent.

 

When adding an item to the shopping cart it can not be removed, this issue it does not matter if you are logged in or not, either way and no items can be removed from the cart once added. If you are not logged in this is remedied by simply leaving the site, closing the browser and coming back, if your logged in its their for good.

 

When viewing What's new and specials additional pages can not be viewed, if you click on next or page 2, 3 etc the 1st page just loads again even though the proper url appears. (I had posted on this issue before and the links to the threads with a similar issue did not fix my problem)

 

I have searched the forums and haven't found any workable solutions that are working for my problems. I don't know what has happened recently, and there may be more issues I simply haven't found as of yet, but right now I am in the painstaking process of comparing all the files on my site that I keep a copy of on my local computer hard drive (freshly downloaded via ftp) with copies of the original files in a fresh install to compare any and all changes to make sure there is nothing any different other than the contributions I have added, which are only a small handful. I have modified my site with Individual shipping, Chemo's SEO, cached image resize hack, change final breadcrumb, custom meta tags per item, edit product post date, google feeds and sitemap.

 

A couple possibilities that have come to mind that make me wonder as to the nature of why these problems have occured even though all I have done myself is to add items to the product catalog. I have had SSL set up on my site and working fine since last 6/1. I am thinking that since in early March I had some significant downtime on my host for some server related issues, I am wondering if they switched me servers (they have done this once already) and if this would change the static IP I have with them and if that would mess up my SSL cert...not sure if this would cause some of the problems or not, but being moved servers recently makes me wonder.

 

Another thing I have had a HUGE problem with ongoing since the very start of March is being attacked by unregistered IP's in an attempt to manipulate URL's (this info I found in viewing my who's online) to one's that I do not have and attempting a redirect. This issue has went on just about every single night, and while I have blocked over 600 different IP's so far, I did find an article online in which over 150 of these same IP's appeared along with a list of a few THOUSAND more that I haven't encountered yet and I have been going to the painstaking process of adding all these IP's to my IP Deny manager 1 by 1. I am also wondering if part of my problems may stem from this issue. While every single night that this problem arose I went and checked the URL's that were affected and the URL's on my site did not appear with the redirect URL's that the "who's online" showed, it seemed as though no damage was done, but now I have been focused so much on adding all these IP's to my blocked list that I didn't realize most of these other issues until very recently, so now I wonder. It may have nothing to do with it at all, but considering the shifty nature of the people behind these unassigned IP's hitting my site with 300-400 hits at a time in an attempt to find the proper GET variable to manipulate things, makes me wonder since what they are capable of doing and what exactly they were trying to do is beyond my scope of expertise.

 

Anyone who can shed some light on my issues it is greatly appreciated. If you want to see what I am referring to first hand the site is collegenuthut.com If I find any other problems I haven't found as of the time of this post I will update. Thank you again!

[Guest]

What version of osc 2.2 are you using, has the webhost upated php, mysql, changed server type?

[Kyrsten]

I am thinking I am going to have to check my database tables as well as the files, as so far the files are coming up with nothing unusual, nothing out of place that wasn't a mod added when things still worked just fine. I haven't checked all the files just yet, but I have checked all the ones which would make the most sense to have an error in it somehwere (config files, specials files, account files and such).

 

Is there a log anywhere which would track changes made to Mysql database?

[Kyrsten]

Additionally I just tried to do a mock order creating a new account and when I reach the checkout success page it loops also, when clicking continue the checkout_success page reloads.

[Kyrsten]

What version of osc 2.2 are you using, has the webhost upated php, mysql, changed server type?

 

I am running OSC 2.2 MS2

 

PHP Version 5.2.3

 

Operating System: Linux

 

Apache Version 1.3.41 (unix)

 

My SQL Version 4.1.22-Standard

 

Perl Version 5.8.8

 

Machine Type i686

 

 

Unfortunately, while my tech support is fast to reply and fix issues, they are VERY vague as to what they fixed or what the issue was, so I don't kow what the server issue was for the switch. I do know they went through some major upgrades and updated all their servers and everyone was switched on a rolling schedule with anywhere from 4-24 hours downtime.

 

As far as other updates, that I am not sure of, they tried to update my Cpanel version and I made them revert me back because they also changed the layout of the Cpanel which I hated and the new version had their banner ads plastered all over it, which I didn't appreciate, so I had them revert me back to what I had previously because I refuse to look at banner ads on a service I pay about $100 a year for, which was all at the same time as the server change. I know I was running My Sql 4 and PHP 5 from the get go, but the other version number may have been different (such as it may have been My Sql 4.0 before to where now it is 4.1.22)

 

If there is any other information that would help you in helping me please just ask. I have went through all my Osc files and nothing is any different. I even went to the extent of pulling and printing all the copies of what files were modified with each contribution I have added even though I added them over 6 months ago and this problem is much much more recent than that, but just to make sure, I double checked all that code as well, and all the files are spot on.

 

I use ExamDiffPro version 4.0.2.1 for comparing the files side by side.

 

One thing I have been tossing around to possibly remedy the issues I have been having since it is something I have been meaning to do anyways, is to add contributions for the problems I have and see if the modified code with the contribution would undo/fix the problem I am having. Such as I have been meaning for months to add the Purchase without Account contribution, and now I am considering doing it without procrastinating any longer to see if it fixes the login issue, and if it doesn't at least purchases can still be made easily as a temporary work around.

 

I did also try to do a restore from a date prior to these problems happening, even though I presume it would remove the several hundred items I have added to my catalog in March (I manually add items one by one, I dont use any of the contributions to do it), I haven't ever had to do a restore before, and when I tried (of which I tried twice) the restore would start and then lose connection after 2 or so minutes and stop, so that didn't do any good either.

 

Another question I have...since I don't have many contributions added in, so to readd them wouldn't take very long to do, a day or so at best, if I reinstalled OSc from scratch (most likely to a more updated version) would I lose my entire catalog and database? Is there a way to preserve my entire database and catalog to my hard drive and somewhat easily restore it if a fresh install would wipe it out? Would doing this mess up my SSL cert (key and whatnot)?

[Guest]

I am running OSC 2.2 MS2

 

PHP Version 5.2.3

Sorry, the osc version is too vague. If you have not installed OSC 2.2 MS2 RC1, or OSC 2.2 MS2 RC2 or OSC 2.2 MS2 RC2a, you may not have installed the necessary changes to allow for php 5.

 

The upgrade path is not too bad, but you need to know where you are starting from. This may help you out.

 

Post back before you do anything.

[Kyrsten]

Sorry, the osc version is too vague. If you have not installed OSC 2.2 MS2 RC1, or OSC 2.2 MS2 RC2 or OSC 2.2 MS2 RC2a, you may not have installed the necessary changes to allow for php 5.

 

The upgrade path is not too bad, but you need to know where you are starting from. This may help you out.

 

Post back before you do anything.

 

 

Hmm I looked in the file like it says, application top, and this is what is has for project version:

 

// define the project version

define('PROJECT_VERSION', 'osCommerce 2.2-MS2');

[Guest]

Hmm I looked in the file like it says, application top, and this is what is has for project version:

 

// define the project version

define('PROJECT_VERSION', 'osCommerce 2.2-MS2');

 

OK, it may or may not be patched. If you down load the latest osc, there is an extras folder that has the update files. You would need to compare th patches in these files with your files.

[Kyrsten]

OK, it may or may not be patched. If you down load the latest osc, there is an extras folder that has the update files. You would need to compare th patches in these files with your files.

 

I do have a feeling that this is the original version without any patches. I am currently starting the process of updating to patch 060817

 

I dont think being on PHP 5 would be the difference though, I went back and looked at my very first post on here from over a year ago when I was having trouble installing Osc, the same version I am using now, and this is what I had then:

 

Operating system Linux

Apache version 1.3.37 (Unix)

PERL version 5.8.7

PHP version 5.1.6

MySQL version 4.1.21-standard

[Guest]

I do have a feeling that this is the original version without any patches. I am currently starting the process of updating to patch 060817

 

I dont think being on PHP 5 would be the difference though, I went back and looked at my very first post on here from over a year ago when I was having trouble installing Osc, the same version I am using now, and this is what I had then:

 

Operating system Linux

Apache version 1.3.37 (Unix)

PERL version 5.8.7

PHP version 5.1.6

MySQL version 4.1.21-standard

That's interesting. OK, at least check that the security patches are done, that may stop the hackers.

 

Apart from that, it is over to someone else to shed some light on the problems.

[LauraDC]

That's interesting. OK, at least check that the security patches are done, that may stop the hackers.

 

Apart from that, it is over to someone else to shed some light on the problems.

 

Where could I find the list of security patches that I should have? I'm still trying to find out if I have everything up to date before I open my store and I can't find a definitive list of patches.

 

Also, if someone could give me some recommendations on basic contributions to use I'd appreciate it. There are so many that I get dizzy just looking at the list. It would be nice to have a starting point of common/popular features so I can decide which ones are best for me.

 

Thanks in advance.

Laura

[Kyrsten]

Ok, after finally getting some sleep, I have updated Osc to the version from 08-17-2006. Now I need to somehow figure out to fix these issues. I installed PWA ver 2.0 (Yes I know this version is for RC2, I took the code and merged it into my existing files rather than merge my code into the ones included with PWA to not create a new conflict). While PWA works fine, and ver 2.0 is one that still creates an account (a dummy account) for the customer, which is why I chose this version, while it works fine I still have the same login issues and item being stuck in cart issues....in addition to the others that are also mentioned above

[Kyrsten]

OMG I Have somehow fixed the problem with the not going to the 2nd and subsequent pages in the specials and whats new pages as well as the issue with not being able to remove items with the cart. I decided to look into my configuration settings in the admin panel, and even though it showed it was last changed on 6/1/2007, and I have no had this problem since then by any means....I reset my Use serch-engine safe URLS (still in development) from off to on then to off again...and somehow those 3 issues are now working again, as screwy as that is, but at least thats fixed. Also the looping problem at the end of the checkout process just reloading the success page has also been fixed. I don't know why turning this on and then back to off, which is how it was has anything to do with any of it, but it worked, so I am certainly not going to complain.

 

Still having the login issue. I created a new mock account since I could not login with the old one, I CAN login with the old one after logging out. I CANNOT login with the original mock account I have. While I do again have the ability to resend the password to the account (which was broken before also) I can not login with my original mock account I created for myself for testing purposes when I originally set up OSc, it seems as though the database with stored passwords may be corrupt???

[Kyrsten]

When I send myself the new password via the reset function even the new password won't allow the old account to login, so anyone who creates a new account should be fine, but the old accounts already created seem pretty well screwed.

[Guest]

When I send myself the new password via the reset function even the new password won't allow the old account to login, so anyone who creates a new account should be fine, but the old accounts already created seem pretty well screwed.

Did you try copy and paste from the email? I have heard that works.

 

There is a contrib that lets the admin rest the password (admin_change_customers_password_v3.1), if you try that on your test account and it works, you could use that for old customers.

[Guest]

Where could I find the list of security patches that I should have? I'm still trying to find out if I have everything up to date before I open my store and I can't find a definitive list of patches.

 

Also, if someone could give me some recommendations on basic contributions to use I'd appreciate it. There are so many that I get dizzy just looking at the list. It would be nice to have a starting point of common/popular features so I can decide which ones are best for me.

 

Thanks in advance.

Laura

If you down load the latest osc, there is an extras folder that has the update files. These are the patches for migration from one version to another. If you have RC2a, I think that has all of the current patches included.

[Kyrsten]

Did you try copy and paste from the email? I have heard that works.

 

There is a contrib that lets the admin rest the password (admin_change_customers_password_v3.1), if you try that on your test account and it works, you could use that for old customers.

 

I tried both copy and paste and typing it direct and neither worked on the old account. I am going to look for that contrib now and try it

[Guest]

I tried both copy and paste and typing it direct and neither worked on the old account. I am going to look for that contrib now and try it

OK, I haven't had problems with the contirb, but good luck. You sound like you are getting on top of the situation on your own (that is a well done from me).

[Kyrsten]

OK, I haven't had problems with the contirb, but good luck. You sound like you are getting on top of the situation on your own (that is a well done from me).

 

Thank you very much for the compliment. I do always try to research an answer from other posts before asking for help, but there are just somethings that make me scratch my head and eventually pull out my hair, since I really have abolutely no experience in coding or code language outside of basic HTML, but it doesn't take expertise to compare files and look for changes--particularly in key files to try and find the possible culprit or to search the forums for the keywords of the problem you are having to find an already posted answer.

 

I used the contribution you recommended and it has taken care of what definately seems to be a corrupt database for logins for previous customers, thank you very much for suggesting it! But since Murphy's Law always prevails, since I have fixed my other problems, I have now gotten a new one which I have been reseraching posts to find an answer to. While I know the contribution has nothing to do with my new problem, this must have been a problem that existed before with all the others that I simply wasn't aware of. While I have always set force cookie use to false (setting was last changed on 6/7/07), I have noticed since my login problems have been fixed that most customers on my site are being directed to the cookie_usage.php page. My biggest problem in trying to find a fix for this problem is unlike the other problems I have had, I can't recreate this same problem on either of my own computers, even when altering my own security levels on both my browesers, Firefox and IE 6.0 and cleaning cookies and trying to enter my site, so I don't know at what point when someone is in my site that they are being sent to this page (such as when adding items to the cart, creating an account, trying to checkout etc). I have as I mentioned changed my own browser settings to the highest security settings and to deny all cookies, cleaned cookies, closed my browser, restarted my browser and I have had no problems in doing any of the functions on my site, the only thing I can't do with a mock account is to make payment via credit card, I complete the checkout process, but only with Pay Pal (I have 2 accounts and just refund the $$ back to myself from one account to another) or by money order. I have tried this on both of my computers here at my house as well as the compter at my parents house and I jsut can't recreate the problem, but I am defiantely seeing it happen well in excess of 40-50 times in 2 days....and that is just when I happened to be looking at the who's online page in admin, I am sure if I saw that many that there were many more that I didn't see and I have not received a single order nor have I had any new registered customers since I noticed this new issue.

 

So far I have changed force cookies to true, and that seems to have temporarily fixed the problem for customers, but that is not a setting I want to leave in place. I have tried several fixes on the posts I have seen over the last few days and changed the "force cookies" back to false and it seems to send people back to the cookie_usage.php page again (according to the who's online page in admin). I have checked my spiders.txt, as I had just updated it at the time I was trying to fix my other issues, and I dont have the /java issue in my spiders.txt that some poeple reported as being a problem.

 

What I find odd is in the posts I have read most people have the opposite problem as I do as they are receiving the cookie_usage.php problem when they have a shared SSL or no SSL at all and rely on a redirect to a payment gateway for SSL and they have the force cookie setting set to true, I have a full SSL and I pay for a seperate dedicated IP for it and I have always had it set to false.

 

I have double checked my configuration.php to ensure that the SSL settings didn't get changed accidentally in all my file comparing in the event I may have re-uploaded an incorrect one from my hrd drive via FTP and that was not the issue at all, so this is the avenue I am exploring next to fix this problem:

 

Cookie post

 

If anyone has any experience or opinions on doing what is posted in the above thread it is welcomed!

[Kyrsten]

Also, my merchant CC processor is not a contribution from Osc directly, I don't use the more common processors like Authorize.net and such, I use Merchant Plus for my credit card processing (which I would HIGHLY recommend to anyone looking for a merchant account, they are EXCELLENT!) and they had a module for the intigration specifically for Osc on their own site, which has worked without a problem. I have checked their site to check if they have updated or changed anything since I first installed it and the contribution they give for their processing is the same one that I installed many moons ago.

[desiredin]

I don't want to sound paranoid, but have you found out what caused the issues? These things DO NOT happen "randomly" unless someone caused them to happen. and the fact that it is involving passwords, and logins would cause me to look extra hard. I personally would wipe everything out, change my passwords, and start new.

 

Have you checked accounts created during this time to ensure the passwords got encrypted in the database and not plain text? Have you compared backup files with the ones on your server to make sure code wasn't changed?