Latest News: (loading..)
Issue Information
-
#000345
-
2 - Fair
-
Future Release
-
2.3.1
-
-
Issue Confirmations
-
Yes (1)No (0)
2
I'm having serious issues with v.2.3.1.
I downloaded it from the site 3 days ago.
Created a new database and whatnot on my employer's site and installed.
The installation completely successfully.
The issue is that I cannot login to the admin panel AT ALL. Not one single time.
I keep getting this message: Error: Invalid administrator login attempt.
..and NOTHING seems to work.
From what I understand, I'm not the only one that has this issue, and this is on a fresh install (no mods).
Is there ANY other possible way this can be fixed???
I downloaded it from the site 3 days ago.
Created a new database and whatnot on my employer's site and installed.
The installation completely successfully.
The issue is that I cannot login to the admin panel AT ALL. Not one single time.
I keep getting this message: Error: Invalid administrator login attempt.
- I've checked the configure files, they are fine.
- I've tried adding htpasswd protection (which seems to popup multiple times)
- I've tried removing or disabling the admin htaccess files
- I've tried truncating the administrator table in phpmyadmin and creating a new name/password.
- I've tried restarting my computer.
- I've tried clearing the browser cache/cookies/history etc.
- I've tried changing the CHMOD permissions (755, 777, 644, etc.)
- I've tried it on multiple browsers
- I've tried every "fix" suggestion I could find on the forums.
- I've even tried completely removing the database and all files (basically, wiping the slate clean), re-downloading the program, re-creating a brand new database, re-installing (with new folder names, username, and password)--all that THREE TIMES....
..and NOTHING seems to work.
From what I understand, I'm not the only one that has this issue, and this is on a fresh install (no mods).
Is there ANY other possible way this can be fixed???
This is very easy. Your host not well configured to osCommerce 2.3.1. You need to configure server settings or need to debug your system.
Consult your hosting services about authentics.
(The old 2.2 version login.php must work.)
Consult your hosting services about authentics.
(The old 2.2 version login.php must work.)
Gergely, on 28 August 2011 - 09:29 AM, said:
Mark and Harald!Pls separate differential .htaccess layer password and oscommerce login passwords. I think this is potential security risk when admin use logoff and try to login again beacause authentical password and login name saved in server session and not need to authentic again. I think malwares attackers can stole password. Need to delete authentic session when admin logoff absolutely.
It is possible to clear the authentication session with htpasswd, however it only works on Firefox.
Redirect the logout session to http://somelonghash@www.theirdomainname.com/catalog/admin/ will reset/invalidate the basic authenticated session in Firefox. It may do in other browsers too however I have only tested Firefox and Internet Explorer.
The best practice though is a separate set of credentials for each security layer.
After crawlgin through multiple posts on forums andt trying everything with no avail - i finally found this one and can confim i am having the same problem, except mine randomly started happening several days ago, after trying to instal a payment mod. I then restored everything from a backup i had made, but no luck. having the same problems as described - can't log into to admin no matter what, emptying the admin table and then creating a new login'password results in blank field in the username field, and also my customer login is broken as well - just refreshes the page, but does nothing. creating a new customer also does not work - no confirmation text, no new entries int he sql database. PLEASE HELP!
@Nataliya Vakulenko
Great! I see the protects works.
just installed a new v2.3.1 shop first with htaccess password lock on shop side. My friend tried to log in with bad password-user pair without any success.
After it I created new admin login to my friend but he could not login, because the time limit was not valid and he got session id before. 
I deleted login attempts from action_recorder table and he could login... LOL
(he had no time to wait
)
Do you have any error messages or running here day by day?
The login protections are perfect. I am working with for one year without any problems. Just sometimes I have to wait for time limits if i was lame and miss the password or login name.
Known issues but these are not bugs:
if your shop is misconfigured and the sesssion can mixing probably cant login.
if prohibited javascripts in your browser you cant login
if prohibited time limits not valid you cant login
I hope these helps.
Great! I see the protects works.
just installed a new v2.3.1 shop first with htaccess password lock on shop side. My friend tried to log in with bad password-user pair without any success.
After it I created new admin login to my friend but he could not login, because the time limit was not valid and he got session id before. I deleted login attempts from action_recorder table and he could login... LOL(he had no time to wait
)Do you have any error messages or running here day by day?
The login protections are perfect. I am working with for one year without any problems. Just sometimes I have to wait for time limits if i was lame and miss the password or login name.
Known issues but these are not bugs:
if your shop is misconfigured and the sesssion can mixing probably cant login.
if prohibited javascripts in your browser you cant login
if prohibited time limits not valid you cant login
I hope these helps.
Taipo, on 21 January 2012 - 12:40 AM, said:
It is possible to clear the authentication session with htpasswd, however it only works on Firefox.Redirect the logout session to http://somelonghash@www.theirdomainname.com/catalog/admin/ will reset/invalidate the basic authenticated session in Firefox. It may do in other browsers too however I have only tested Firefox and Internet Explorer.The best practice though is a separate set of credentials for each security layer.
Thanks the idea!
Hi again,
I forgot to say somewhere I found misconfigured configure parameters in configure.php-s and cant login.
There was double '//' in browser link path.
I forgot to say somewhere I found misconfigured configure parameters in configure.php-s and cant login.
There was double '//' in browser link path.
Quote
