catalano Posted January 6, 2011 Share Posted January 6, 2011 Hi All, I just did a new install of 2.3.1 (my 2.2rc2a site was recently hacked). After installation I used phpmyadmin to bring in some customer data from the old store. That didn't work perfectly and I have another thread for that. But after doing that I tried to login as the admin, but I kept getting the error: Error: Invalid administrator login attempt. Now I am absolutely sure I have the correct login/pw. I even have the email that cpanel sent to me after the install with the admin details. Nonethelesss, I used phpmyadmin to delete the administrator record. I went back to the /admin url and I got the 'create a new admin' as expected. I did that and it was accepted and then when I tried to login using the same info I still get the error!!! What could possibly be the problem? Thanks, Chris Link to comment Share on other sites More sharing options...
catalano Posted January 8, 2011 Author Share Posted January 8, 2011 I'm now having this problem on another site altogether. With the original site I used Cpanel to delete the whole osc installation and then reinstalled it. That seemed to work for that site. Now I went to upgrade another site and I followed the same process - I used Cpanel to install a new 2.3.1 installation. The first thing I did after installation was to go to the admin page. Immediately upon navigating to site/catalog/admin there was an error at the top: Error: Invalid administrator login attempt. This was before I even entered any username/password. I tried putting in my login info and got the same error and then the timeout error after a few more times. I quickly decided to then remove and reinstall the whole osc like I did with the other site. This time it didn't work. I tried this 3 or 4 more times and couldn't get it to work. I finally decided to upload the osc package directly to the site and run the installer myself. This worked and I got the site configured. After that I needed to remove the old install (site/store) and rename the new installation from site/catalog to site/store (The website itself isn't templated so it would have required editing too many pages to point all of the store links to /catalog). I edited both includes/configure.php and admin/includes/configure.php to reflect the new directory name. That seemed to work fine, I can navigate all through the site without any problems. However when I go to the admin area I get the same problem. There's an error without even entering any user info, and of course I can't log in. Does anyone have any idea why this is happening? I did not enable any .htaccess protection for the admin directory. I really can't redo this install again as I spent too much time setting up the shop. Thanks, Chris Hi All, I just did a new install of 2.3.1 (my 2.2rc2a site was recently hacked). After installation I used phpmyadmin to bring in some customer data from the old store. That didn't work perfectly and I have another thread for that. But after doing that I tried to login as the admin, but I kept getting the error: Error: Invalid administrator login attempt. Now I am absolutely sure I have the correct login/pw. I even have the email that cpanel sent to me after the install with the admin details. Nonethelesss, I used phpmyadmin to delete the administrator record. I went back to the /admin url and I got the 'create a new admin' as expected. I did that and it was accepted and then when I tried to login using the same info I still get the error!!! What could possibly be the problem? Thanks, Chris Link to comment Share on other sites More sharing options...
angeldiaz Posted January 18, 2011 Share Posted January 18, 2011 Hi! I've have the same problem. But in my case is not a Cpanel installation, it's a clean installation downloaded from http://www.oscommerce.com/solutions/downloads . I do not understand the error or why not let me access to the administration tool. Anyone can help? Thanks in advance. Link to comment Share on other sites More sharing options...
Peper Posted January 21, 2011 Share Posted January 21, 2011 Having similar problem using windows xp with xampp 1.7.1 works fine I'm now using windows 7 with xampp 1.7.1 (newer gives me to much errors) and with new installation and existing test site(3) I just cannot log in. I'm using the correct password, deleted password from phpmyadmin but nothing seems to resolve this Seems to be server or cookie related Please we need some help and advice Getting the Phoenix off the ground Link to comment Share on other sites More sharing options...
rosemaryann Posted January 25, 2011 Share Posted January 25, 2011 I had a similar problem with a local test server. My problem turned out to be my configure files, the cookie domain and cookie path. Your cookie domain and server can only be the domain name, not have any directories in it. Y'all may already know this but... for example: This is correct define('HTTP_COOKIE_DOMAIN', 'localhost'); define('HTTPS_COOKIE_DOMAIN', 'localhost'); define('HTTP_COOKIE_PATH', '/development-site-1/catalog/'); define('HTTPS_COOKIE_PATH', '/development-site-1/catalog/'); This is incorrect - Same goes for the HTTP_SERVER info too. define('HTTP_COOKIE_DOMAIN', 'localhost/development-site-1'); define('HTTPS_COOKIE_DOMAIN', 'localhost/development-site-1'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); Like I said, you may know that but I had the same problem and that's what fixed it. I don't know much about cookies so yeah! Hope that helps!! Link to comment Share on other sites More sharing options...
angeldiaz Posted January 26, 2011 Share Posted January 26, 2011 Hi rosemaryann, I've tried your method and don't work for me :( I still can not enter the admin area. Thanks! I had a similar problem with a local test server. My problem turned out to be my configure files, the cookie domain and cookie path. Your cookie domain and server can only be the domain name, not have any directories in it. Y'all may already know this but... for example: This is correct define('HTTP_COOKIE_DOMAIN', 'localhost'); define('HTTPS_COOKIE_DOMAIN', 'localhost'); define('HTTP_COOKIE_PATH', '/development-site-1/catalog/'); define('HTTPS_COOKIE_PATH', '/development-site-1/catalog/'); This is incorrect - Same goes for the HTTP_SERVER info too. define('HTTP_COOKIE_DOMAIN', 'localhost/development-site-1'); define('HTTPS_COOKIE_DOMAIN', 'localhost/development-site-1'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); Like I said, you may know that but I had the same problem and that's what fixed it. I don't know much about cookies so yeah! Hope that helps!! Link to comment Share on other sites More sharing options...
Guest Posted January 30, 2011 Share Posted January 30, 2011 Had the same thing here !!! I reinstalled OSC 4 times .... then i figured out that it is IE that is the problem, try to log in with Opera or Firefox .... thats working fine !!! :) Hi rosemaryann, I've tried your method and don't work for me :( I still can not enter the admin area. Thanks! Link to comment Share on other sites More sharing options...
spiritalan Posted May 24, 2011 Share Posted May 24, 2011 Has anyone found the solution to the specific problem of the initiator of this topic? I have the same problem and have spent days trying to fix it with as many suggestions that are on this forum, but to no avail. I installed 2.3.1 on a development subdomain. The strange thing is how the error appears: "Error: Invalid administrator login attempt." This comes up when the Admin login page first appears and I haven't yet signed in. When I try to sign in the same error appears without being able to access admin. Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
Xpajun Posted May 24, 2011 Share Posted May 24, 2011 Searching posts may help ;) You have two options on install to get around this Option 1: Immediately after installing go to you admin>>modules>action recorder>>admin login alter the allowed minutes to 0 and the allowed attempts to 300 Option 2 (the only one you can use if you've already been locked out): In phpMyAdmin access your database select the configuration table find configuration_id 98 & 99 (should be on the 4th page at 30 rows per page) again set allowed minutes to 0 and allowed attempts to 300. At the same time you might have to TRUNCATE (EMPTY) the action recorder table Pre install (you) can only do this if you download from the official osC centre (click website at top of this page then solutions) open the .sql file in your plain text editor scroll down until you find the "configuration" insert data (will start INSERT into table configuration) then go down about 90 lines find: INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Minutes', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES', '5', 'Number of minutes to allow login attempts to occur.', '6', '0', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Attempts', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS', '3', 'Number of login attempts to allow within the specified period.', '6', '0', now()); change to: INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Minutes', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES', '0', 'Number of minutes to allow login attempts to occur.', '6', '0', now()); INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Attempts', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS', '300', 'Number of login attempts to allow within the specified period.', '6', '0', now()); save now upload and install My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
spiritalan Posted May 24, 2011 Share Posted May 24, 2011 Option 2 (the only one you can use if you've already been locked out): In phpMyAdmin access your database select the configuration table find configuration_id 98 & 99 (should be on the 4th page at 30 rows per page) again set allowed minutes to 0 and allowed attempts to 300. At the same time you might have to TRUNCATE (EMPTY) the action recorder table Thank you, but this did not work. My 2.3.1 download is from official OSC site. First, I modded configuation as per your instuctions. Second, I truncated the administrators table and installed new username and password, just to be sure. Third, I then truncated the action recorder table as per your instructions, now here is what happens: I go to my Admin, the login page appears immediately with this error: Error: Invalid administrator login attempt. Before I actually attempt to login in the login form, the action recorder table shows that an attempt was made to login, but this is incorrect. When I actually login, the login page reappears with the same error. Now action recorder table has 2 supposed attempts. There was actually only one attempt. It appears I may have two problems or maybe they are related and have only one solution. I have been searching for days on the forum for an answer to this problem. The only way I found people with my particular problem was to search the forum with querying the error itself. I found a number of individuals and not one reveals an answer to this problem or if they ever found an answer. I did not start a new topic but replied to as many posts as I could to those with the same problem as I. I appreciate your efforts. If you have anything more, please toss it my way. Alan :) Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
Xpajun Posted May 24, 2011 Share Posted May 24, 2011 Another possible one - delete your cookies for your site in your browser I have to add these can only be suggestions as I do not know what your setup is neither do I know the result of others enquiries. If you have htpasswd set then your login username and password MUST be the same as your htpasswd My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
spiritalan Posted May 24, 2011 Share Posted May 24, 2011 Hello, Removing the cookies, cache, and history is something I have already done, I did it again and it still does not work. I have not yet password protected my admin directory, so this is not the problem. However, for your information, password protected directories can have different usernames and passwords than the username and password for logging into Admin tool. I have 2.3.1 set up on a development subdomain on the VPS box you can see in my signature section. Thanks again for trying. Alan :) Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
burt Posted May 24, 2011 Share Posted May 24, 2011 For your information (and the benefit of future readers); "password protected directories can have different usernames and passwords than the username and password for logging into Admin tool." this is incorrect. Unless you have ripped out the admin auth functions that come as standard with 2.3.1, which you probably have not done I would suggest. If you htpasswd the 2.3.x admin area, it must have the eXaCt sAme user/pass combo as used to access the admin tool without htpasswd. As you say you have not yet htpasswd'd the admin section, then is a moot point. I would suggest that you strip out the admin auth functionality until you are able to access the admin, then add it back in piece by piece. This way you get to the root cause of your issue. Link to comment Share on other sites More sharing options...
burt Posted May 24, 2011 Share Posted May 24, 2011 Please log into phpmyadmin and post here the configuration_value of these 3 configuration_keys from the configuration table; MODULE_ACTION_RECORDER_INSTALLED MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS Link to comment Share on other sites More sharing options...
spiritalan Posted May 24, 2011 Share Posted May 24, 2011 MODULE_ACTION_RECORDER_INSTALLED ar_admin_login.php;ar_contact_us.php;ar_tell_a_friend.php MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES 0 MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS 300 Thanks Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
spiritalan Posted May 25, 2011 Share Posted May 25, 2011 burt Well, I stand to be corrected. Regarding htpasswd and Admin login usename and passwords which MUST be the same, I forgot to take into account we are dealing with OSC 2.3.1. I had in mind my use of version 2.2 RC2a where my user name in htpasswd is different than admin login username and it works. Point well taken. :blush: Now I will work on trying to find out how to "strip out the admin auth functionality" and "then add it back in piece by piece." Alan Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
burt Posted May 25, 2011 Share Posted May 25, 2011 MODULE_ACTION_RECORDER_INSTALLED ar_admin_login.php;ar_contact_us.php;ar_tell_a_friend.php MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES 0 MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS 300 Thanks 0 and 300 is incorrect (benefit for future readers, I suggest 10 and 1), but will do for testing purposes. The two ways I was able to replicate a similar login issue was; 1. to remove the ar_admin_login.php value from the MODULE_ACTION_RECORDER_INSTALLED key 2. to remove the ar_admin_login.php FILE from the /includes/modules/action_recorder/ directory So, as you have the entry in the DB, do you have the file in the right place. If it IS there, is it correctly coded (ie, not corrupt). Link to comment Share on other sites More sharing options...
spiritalan Posted May 25, 2011 Share Posted May 25, 2011 The file ar_admin_login.php is in the directory you mentioned. I did an existing file compare with 2 other OSC 2.3.1 downloaded ar_admin_login.php files and there were no differences. Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
Xpajun Posted May 25, 2011 Share Posted May 25, 2011 burt Well, I stand to be corrected. Regarding htpasswd and Admin login usename and passwords which MUST be the same, I forgot to take into account we are dealing with OSC 2.3.1. I had in mind my use of version 2.2 RC2a where my user name in htpasswd is different than admin login username and it works. Point well taken. :blush: Now I will work on trying to find out how to "strip out the admin auth functionality" and "then add it back in piece by piece." Alan Alan, Not only must the admin login on 2.3.1 be the same as htpasswd on the admin folder but any parent folder that the admin resides in My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
burt Posted May 25, 2011 Share Posted May 25, 2011 More reading; http://www.clubosc.com/oscommerce-2-3-is-officially-available.html#comment-4679 (from that comment downwards). Link to comment Share on other sites More sharing options...
spiritalan Posted May 26, 2011 Share Posted May 26, 2011 burt, I commented out the 2 lines mentioned in the first post you sent me to read on your blog from eneigma1. I no longer have the "Error: Invalid administrator login attempt." I can log in to admin through the login form. My question now is; the code that I commented out, does it make my backend any less secure? Thanks :) Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
burt Posted May 26, 2011 Share Posted May 26, 2011 Try to set a htpasswd on your admin folder. Link to comment Share on other sites More sharing options...
spiritalan Posted May 27, 2011 Share Posted May 27, 2011 burt, I htpasswd protected my admin. So now when I enter this development site, I have htpasswd protected the subdomain of the entire site, then the admin, and then login in admin form. All working OK. Looks like it is all done. Any more thoughts? Thanks a bunch. :) Production:osCommerce V. 2.3.4BSVPS Box Link to comment Share on other sites More sharing options...
burt Posted May 27, 2011 Share Posted May 27, 2011 So long as you definitely have; username/pass on the usual oscommerce login page working AND username/pass on htpasswd protection (grey popup box) then that is a good first defence. We still have no reason why it did not work in the first place, but I suppose that's unimportant so long as you have this alternative system working. Make sure that you now also follow this thread; http://www.oscommerce.com/forums/topic/375288-updated-security-thread/ in order to be more secure. Link to comment Share on other sites More sharing options...
infodel Posted May 31, 2011 Share Posted May 31, 2011 Please log into phpmyadmin and post here the configuration_value of these 3 configuration_keys from the configuration table; MODULE_ACTION_RECORDER_INSTALLED MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS hello Burt, I installed 2.3.1 via my desktop using the instructions in http://www.oscommerce.com/forums/topic/162231-quick-install-guide/page__st__2320__gopid__1585734#entry1585734 Then getting the below error on every page i try to open on my domain: Forbidden You don't have permission to access / on this server Any inputs? Best. Aj Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.