28 replies to this topic

[catalano]

Hi All,

I just did a new install of 2.3.1 (my 2.2rc2a site was recently hacked). After installation I used phpmyadmin to bring in some customer data from the old store. That didn't work perfectly and I have another thread for that. But after doing that I tried to login as the admin, but I kept getting the error: Error: Invalid administrator login attempt. Now I am absolutely sure I have the correct login/pw. I even have the email that cpanel sent to me after the install with the admin details. Nonethelesss, I used phpmyadmin to delete the administrator record. I went back to the /admin url and I got the 'create a new admin' as expected. I did that and it was accepted and then when I tried to login using the same info I still get the error!!! What could possibly be the problem?

Thanks,
Chris

[catalano]

I'm now having this problem on another site altogether. With the original site I used Cpanel to delete the whole osc installation and then reinstalled it. That seemed to work for that site. Now I went to upgrade another site and I followed the same process - I used Cpanel to install a new 2.3.1 installation. The first thing I did after installation was to go to the admin page. Immediately upon navigating to site/catalog/admin there was an error at the top: Error: Invalid administrator login attempt. This was before I even entered any username/password. I tried putting in my login info and got the same error and then the timeout error after a few more times. I quickly decided to then remove and reinstall the whole osc like I did with the other site. This time it didn't work. I tried this 3 or 4 more times and couldn't get it to work. I finally decided to upload the osc package directly to the site and run the installer myself. This worked and I got the site configured. After that I needed to remove the old install (site/store) and rename the new installation from site/catalog to site/store (The website itself isn't templated so it would have required editing too many pages to point all of the store links to /catalog). I edited both includes/configure.php and admin/includes/configure.php to reflect the new directory name. That seemed to work fine, I can navigate all through the site without any problems. However when I go to the admin area I get the same problem. There's an error without even entering any user info, and of course I can't log in. Does anyone have any idea why this is happening? I did not enable any .htaccess protection for the admin directory. I really can't redo this install again as I spent too much time setting up the shop.

Thanks,
Chris

catalano, on 06 January 2011, 20:32, said:

Hi All,

I just did a new install of 2.3.1 (my 2.2rc2a site was recently hacked). After installation I used phpmyadmin to bring in some customer data from the old store. That didn't work perfectly and I have another thread for that. But after doing that I tried to login as the admin, but I kept getting the error: Error: Invalid administrator login attempt. Now I am absolutely sure I have the correct login/pw. I even have the email that cpanel sent to me after the install with the admin details. Nonethelesss, I used phpmyadmin to delete the administrator record. I went back to the /admin url and I got the 'create a new admin' as expected. I did that and it was accepted and then when I tried to login using the same info I still get the error!!! What could possibly be the problem?

Thanks,
Chris

[angeldiaz]

Hi!

I've have the same problem. But in my case is not a Cpanel installation, it's a clean installation downloaded from http://www.oscommerce.com/solutions/downloads .

I do not understand the error or why not let me access to the administration tool.

Anyone can help?

Thanks in advance.

[Peper]

Having similar problem
using windows xp with xampp 1.7.1 works fine

I'm now using windows 7 with xampp 1.7.1 (newer gives me to much errors) and with new installation and existing test site(3) I just cannot log in.
I'm using the correct password, deleted password from phpmyadmin but nothing seems to resolve this

Seems to be server or cookie related

Please we need some help and advice

[rosemaryann]

I had a similar problem with a local test server. My problem turned out to be my configure files, the cookie domain and cookie path.

Your cookie domain and server can only be the domain name, not have any directories in it. Y'all may already know this but... for example:

This is correct

  define('HTTP_COOKIE_DOMAIN', 'localhost');
  define('HTTPS_COOKIE_DOMAIN', 'localhost');
  define('HTTP_COOKIE_PATH', '/development-site-1/catalog/');
  define('HTTPS_COOKIE_PATH', '/development-site-1/catalog/');

This is incorrect - Same goes for the HTTP_SERVER info too.

  define('HTTP_COOKIE_DOMAIN', 'localhost/development-site-1');
  define('HTTPS_COOKIE_DOMAIN', 'localhost/development-site-1');
  define('HTTP_COOKIE_PATH', '/catalog/');
  define('HTTPS_COOKIE_PATH', '/catalog/');

Like I said, you may know that but I had the same problem and that's what fixed it. I don't know much about cookies so yeah! Hope that helps!!

[angeldiaz]

Hi rosemaryann,

I've tried your method and don't work for me

I still can not enter the admin area.

Thanks!

rosemaryann, on 25 January 2011, 20:33, said:

I had a similar problem with a local test server. My problem turned out to be my configure files, the cookie domain and cookie path.

Your cookie domain and server can only be the domain name, not have any directories in it. Y'all may already know this but... for example:

This is correct

  define('HTTP_COOKIE_DOMAIN', 'localhost');
  define('HTTPS_COOKIE_DOMAIN', 'localhost');
  define('HTTP_COOKIE_PATH', '/development-site-1/catalog/');
  define('HTTPS_COOKIE_PATH', '/development-site-1/catalog/');

This is incorrect - Same goes for the HTTP_SERVER info too.

  define('HTTP_COOKIE_DOMAIN', 'localhost/development-site-1');
  define('HTTPS_COOKIE_DOMAIN', 'localhost/development-site-1');
  define('HTTP_COOKIE_PATH', '/catalog/');
  define('HTTPS_COOKIE_PATH', '/catalog/');

Like I said, you may know that but I had the same problem and that's what fixed it. I don't know much about cookies so yeah! Hope that helps!!

[mescal]

Had the same thing here !!!
I reinstalled OSC 4 times .... then i figured out that it is IE that is the problem,
try to log in with Opera or Firefox .... thats working fine !!!

angeldiaz, on 26 January 2011, 09:46, said:

Hi rosemaryann,

I've tried your method and don't work for me

I still can not enter the admin area.

Thanks!

[alancwade]

Has anyone found the solution to the specific problem of the initiator of this topic? I have the same problem and have spent days trying to fix it with as many suggestions that are on this forum, but to no avail.
I installed 2.3.1 on a development subdomain. The strange thing is how the error appears: "Error: Invalid administrator login attempt." This comes up when the Admin login page first appears and I haven't yet signed in. When I try to sign in the same error appears without being able to access admin.

[Xpajun]

Searching posts may help


You have two options on install to get around this


Option 1:

Immediately after installing go to you admin>>modules>action recorder>>admin login alter the allowed minutes to 0 and the allowed attempts to 300

Option 2 (the only one you can use if you've already been locked out):


In phpMyAdmin access your database select the configuration table find configuration_id 98 & 99 (should be on the 4th page at 30 rows per page) again set allowed minutes to 0 and allowed attempts to 300.
At the same time you might have to TRUNCATE (EMPTY) the action recorder table

Pre install (you) can only do this if you download from the official osC centre (click website at top of this page then solutions) open the .sql file in your plain text editor scroll down until you find the "configuration" insert data (will start INSERT into table configuration) then go down about 90 lines

find:

INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Minutes', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES', '5', 'Number of minutes to allow login attempts to occur.', '6', '0', now());
INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Attempts', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS', '3', 'Number of login attempts to allow within the specified period.', '6', '0', now());

change to:

INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Minutes', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES', '0', 'Number of minutes to allow login attempts to occur.', '6', '0', now());
INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Allowed Attempts', 'MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS', '300', 'Number of login attempts to allow within the specified period.', '6', '0', now());

save now upload and install

[alancwade]

Xpajun, on 24 May 2011, 08:23, said:

Option 2 (the only one you can use if you've already been locked out):


In phpMyAdmin access your database select the configuration table find configuration_id 98 & 99 (should be on the 4th page at 30 rows per page) again set allowed minutes to 0 and allowed attempts to 300.
At the same time you might have to TRUNCATE (EMPTY) the action recorder table

Thank you, but this did not work. My 2.3.1 download is from official OSC site.
First, I modded configuation as per your instuctions. Second, I truncated the administrators table and installed new username and password, just to be sure. Third, I then truncated the action recorder table as per your instructions, now here is what happens:

I go to my Admin, the login page appears immediately with this error: Error: Invalid administrator login attempt. Before I actually attempt to login in the login form, the action recorder table shows that an attempt was made to login, but this is incorrect. When I actually login, the login page reappears with the same error. Now action recorder table has 2 supposed attempts. There was actually only one attempt.

It appears I may have two problems or maybe they are related and have only one solution.

I have been searching for days on the forum for an answer to this problem. The only way I found people with my particular problem was to search the forum with querying the error itself. I found a number of individuals and not one reveals an answer to this problem or if they ever found an answer. I did not start a new topic but replied to as many posts as I could to those with the same problem as I.

I appreciate your efforts. If you have anything more, please toss it my way.
Alan

[Xpajun]

Another possible one - delete your cookies for your site in your browser


I have to add these can only be suggestions as I do not know what your setup is neither do I know the result of others enquiries.


If you have htpasswd set then your login username and password MUST be the same as your htpasswd

Edited by Xpajun, 24 May 2011, 20:13.

[alancwade]

Hello,
Removing the cookies, cache, and history is something I have already done, I did it again and it still does not work.
I have not yet password protected my admin directory, so this is not the problem. However, for your information, password protected directories can have different usernames and passwords than the username and password for logging into Admin tool.

I have 2.3.1 set up on a development subdomain on the VPS box you can see in my signature section.

Thanks again for trying.
Alan

Edited by alancwade, 24 May 2011, 21:14.

[burt]

For your information (and the benefit of future readers);

"password protected directories can have different usernames and passwords than the username and password for logging into Admin tool."

this is incorrect. Unless you have ripped out the admin auth functions that come as standard with 2.3.1, which you probably have not done I would suggest.

If you htpasswd the 2.3.x admin area, it must have the eXaCt sAme user/pass combo as used to access the admin tool without htpasswd.

As you say you have not yet htpasswd'd the admin section, then is a moot point. I would suggest that you strip out the admin auth functionality until you are able to access the admin, then add it back in piece by piece. This way you get to the root cause of your issue.

Edited by burt, 24 May 2011, 22:05.

[burt]

Please log into phpmyadmin and post here the configuration_value of these 3 configuration_keys from the configuration table;

MODULE_ACTION_RECORDER_INSTALLED
MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES
MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS

[alancwade]

MODULE_ACTION_RECORDER_INSTALLED
ar_admin_login.php;ar_contact_us.php;ar_tell_a_friend.php

MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES
0

MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS
300

Thanks

[alancwade]

burt
Well, I stand to be corrected. Regarding htpasswd and Admin login usename and passwords which MUST be the same, I forgot to take into account we are dealing with OSC 2.3.1. I had in mind my use of version 2.2 RC2a where my user name in htpasswd is different than admin login username and it works.
Point well taken.

Now I will work on trying to find out how to "strip out the admin auth functionality" and "then add it back in piece by piece."

Alan

[burt]

alancwade, on 24 May 2011, 22:47, said:

MODULE_ACTION_RECORDER_INSTALLED
ar_admin_login.php;ar_contact_us.php;ar_tell_a_friend.php

MODULE_ACTION_RECORDER_ADMIN_LOGIN_MINUTES
0

MODULE_ACTION_RECORDER_ADMIN_LOGIN_ATTEMPTS
300

Thanks

0 and 300 is incorrect (benefit for future readers, I suggest 10 and 1), but will do for testing purposes.

The two ways I was able to replicate a similar login issue was;

1. to remove the ar_admin_login.php value from the MODULE_ACTION_RECORDER_INSTALLED key
2. to remove the ar_admin_login.php FILE from the /includes/modules/action_recorder/ directory

So, as you have the entry in the DB, do you have the file in the right place. If it IS there, is it correctly coded (ie, not corrupt).

[alancwade]

The file ar_admin_login.php is in the directory you mentioned.

I did an existing file compare with 2 other OSC 2.3.1 downloaded ar_admin_login.php files and there were no differences.

[Xpajun]

alancwade, on 25 May 2011, 00:46, said:

burt
Well, I stand to be corrected. Regarding htpasswd and Admin login usename and passwords which MUST be the same, I forgot to take into account we are dealing with OSC 2.3.1. I had in mind my use of version 2.2 RC2a where my user name in htpasswd is different than admin login username and it works.
Point well taken.

Now I will work on trying to find out how to "strip out the admin auth functionality" and "then add it back in piece by piece."

Alan

Alan,

Not only must the admin login on 2.3.1 be the same as htpasswd on the admin folder but any parent folder that the admin resides in

[burt]

More reading; http://www.clubosc.com/oscommerce-2-3-is-officially-available.html#comment-4679 (from that comment downwards).