7 replies to this topic

[websta]

I am getting the error "Error: Invalid administrator login attempt." despite careful spelling and setting and re-setting username/password in the database.

Orignally, I was having problems with my admin area, and following a oscommerce's developer suggestions, I am upgrading my cart to oscommerce-2.2rc2a which was said to eliminate such problems.  

During the upgrade, at first, I was unable to get into the admin area at all when I went to (my site)/admin in my browser.  So, I followed Harald's instructions to run this SQL query on my database to create a place to store the administrators username and passowrd (located here: http://forums.oscommerce.com/index.php?showtopic=268335 ):

Quote

CREATE TABLE administrators (
id int NOT NULL auto_increment,
user_name varchar(32) binary NOT NULL,
user_password varchar(40) NOT NULL,
PRIMARY KEY (id)
)

That worked,  , and now I get sent to admin/login.php when I go to (my site)/admin in my browser.  It asked me for my first username and password, which I entered.  

But, as I said before, now I am getting the error "Error: Invalid administrator login attempt"  in red at the top of the page despite careful spelling and setting and re-setting username/password in the database via phpMyAdmin.

I followed instructions from http://forums.oscommerce.com/lofiversion/i...hp?t294437.html  (which I am concerned may compromise the security of the site?   ?):

Quote

SECURE ADMIN SSL

Change the defines below to the https server

Admin/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'https://secure5.myserver.net/~justme'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'https://secure5.myserver.net/~justme');
  define('HTTPS_CATALOG_SERVER', 'https://secure5.myserver.net/~justme');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

-----------------------------------------------------------------------------
admin/includes/functions/html_output.php

Changed this...

if ($connection == 'NONSSL') {
      $link = HTTP_SERVER . DIR_WS_ADMIN;
    } elseif ($connection == 'SSL') {
      if (ENABLE_SSL == 'true') {
        $link = HTTPS_SERVER . DIR_WS_ADMIN;
      } else {
        $link = HTTP_SERVER . DIR_WS_ADMIN;
      }

To this..........


if ($connection == 'NONSSL') {
      $link = HTTP_CATALOG_SERVER . DIR_WS_ADMIN;
    } elseif ($connection == 'SSL') {
      if (ENABLE_SSL_CATALOG == 'true') {
        $link = HTTPS_CATALOG_SERVER . DIR_WS_ADMIN;
      } else {
        $link = HTTP_CATALOG_SERVER . DIR_WS_ADMIN;
      }

But I still get the same "Error: Invalid administrator login attempt" response.  

Other posts seemed to suggest a need for the admin directory to already be protected by a .htaccess password, which I tried to set up using my web host's control panel, but that appeared to not be of any help (should this be done, regardless?).  

I am wondering if my admin/includes/configure.php file has been (is now) set incorrectly(??):

Quote

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://marineminerals.com/'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://marineminerals.com/'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', '');
  define('HTTPS_COOKIE_DOMAIN', '');
  define('HTTP_COOKIE_PATH', '');
  define('HTTPS_COOKIE_PATH', '');
  define('DIR_WS_HTTP_CATALOG', '');
  define('DIR_WS_HTTPS_CATALOG', '');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

  define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
  define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');
  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
  define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
  define('DB_SERVER_USERNAME', ' --filled pit--  ');
  define('DB_SERVER_PASSWORD', '  --filled out--  ');
  define('DB_DATABASE', '  --filled out--  ');
  define('USE_PCONNECT', 'false'); // use persistent connections?
  define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

Thank you for reading my post.  I guess I am handling my upgrade improperly.       

Any suggestions are appreciated.      Feel free to PM me if you prefer.

[geoffreywalton]

You have 2 levels of security.

htacess, which pops up the standard enter user name and password.

If you delete all the entries in the administrators table you will be asked to enter a username and password.

Once you do that try logging in with them.

Normally works

[websta]

geoffreywalton, on May 4 2008, 01:40 PM, said:

If you delete all the entries in the administrators table you will be asked to enter a username and password.

Once you do that try logging in with them.

Normally works

Thank you for your response.  I can set up the .htaccess as well, but the immediate problem is that even when I delete the administrators table and re-enter new username/password (which I have done several times now, via phpMyadmin and via (my site)/admin), I still get the same error.  

I am wondering if the configure.php file is set up incorrectly??

[geoffreywalton]

Are you deleting all the records in the administrators table in php and then entering them as you log in to the admin area of your shop

If you are entering them in phpmyadmin they have to be after md5ing them.

Edited by geoffreywalton, 04 May 2008 - 08:45 PM.

[websta]

geoffreywalton, on May 4 2008, 02:45 PM, said:

Are you deleting all the records in the administrators table in php and then entering them as you log in to the admin area of your shop

If you are entering them in phpmyadmin they have to be after md5ing them.

I have done them both ways.  Still the same error.  Thank you for the tip about entering them in directly!

[geoffreywalton]

There are a couple of contributions for forgotton passwords, try those.

[websta]

Thanks, Geoffrey.

Perhaps I misunderstand (and my apologies if I am) but I don't think it is because I forgot the password.  

To be clear, I cut and pasted the username and password the initial time, and then when prompted to enter it again to get into the admin area, I cut and pasted the same username and password in again, and then got the error.  

Repeatedly.  

[geoffreywalton]

If it get you in it is worth trying.

Shouldn't take more than 5/10 mins to install.