Post by gabosom » Wed Jul 26, 2017 9:34 pm

hi everyone,

I installed OpenCart 3.0.2.0 on https://infinityfree.net/ and went through the install process like a charm, no errors or anything. However, when I try to login to the admin panel I see an incredibly odd behavior - it never logs in when I use the correct credentials!

This is the behavior I see:

* If I use an incorrect username/password I get an error (which is correct)
* If I use the correct username/password this is what I see:
** I get redirected again to the login page
** I see a user token as a query parameter in the URL
** In the sessions table in the database, I see two different entries getting created every time I try to login with the correct credentials:
*** One only contains "false"
*** The other contains the actual token I see in my URI
** The active session ID in my cookie is using the ID for the one set to "false" in the database even though it has the token for the other one
* I don't see any errors anywhere

I tried enabling errors by adding these to my php.ini
error_reporting = E_ALL
display_errors = 1;

I haven't fiddled with the .htaccess at all since I'm not familiar with what changes I'd need to do.

I'm not sure if this is a hosting config issue or an problem with OpenCart.


Any ideas on how to move forward or what I can do to troubleshoot?

Newbie

Posts

Joined
Wed Jul 26, 2017 9:24 pm

Post by IP_CAM » Wed Jul 26, 2017 11:45 pm

Well, by looking at your admin login Page Browser Source, I see some Custom
made Content, Scriptings and other things, sure not related to Default OC. So,
who else could know ?
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by gabosom85 » Thu Jul 27, 2017 2:47 am

I simply downloaded OpenCart form the website, unzipped, uploaded the files via FTP, and installed. I haven't modified anything at all.

I meant that I used infinityfree as my host provider, not that I own that domain and deployed opencard on that specific domain...

my OpenCart implementation can be found at http://ozono.epizy.com. It'll be up and running in 30 mins or so as I am re-installing again.

admin portal link: http://ozono.epizy.com/admin/
username: admin
password: admin

Newbie

Posts

Joined
Thu Jul 27, 2017 2:33 am

Post by gabosom85 » Thu Jul 27, 2017 11:23 pm

so I found the obscure problem that was preventing me from logging in - it had to do with the expiration set on the OCSESSID cookie. for some reason, using ini_get('session.cookie_lifetime') was setting an expiration value on the cookie almost immediately. I took the same code that was used for setting the language and currency cookies and that worked like a charm.

the change is in system/framework.php

Code: Select all

#this won't work
#setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

#this works
setcookie($config->get('session_name'), $session->getId(), time() + 60 * 60 * 24 * 30, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

Newbie

Posts

Joined
Thu Jul 27, 2017 2:33 am

Post by gevpe0807 » Fri Jul 28, 2017 10:28 am

I am having the same issue but on 1.5.1.3. I see that you specified system/framework.php. Where would I find this code in 1.5.1.3 . Also cant seem to add products to cart either.

Site: https://amusementwholesale.com/store/

This is what it returns when I try to login https://amusementwholesale.com/store/ad ... 05b2690b8a

Newbie

Posts

Joined
Tue Sep 24, 2013 3:09 pm

Post by kelvin.jones » Thu Sep 14, 2017 7:32 pm

I was having problems with the password set in admin for a new user, it just wouldn't log in and after a few hours of tweaking and var_dump-ing to find the problem I decided to fudge the password with a simple MD5() string in the database to allow access.
I discovered my problem was the password, which contained an & and an *, one of these or both wasn't SHA(SALT)-ing correctly when it saved the password for the user... changing this to a simple Abc123 password and hey presto it all works.
I hope this helps anyone suffering from the same problem.

Newbie

Posts

Joined
Thu Jul 21, 2016 6:28 am

Post by scrunto » Thu Dec 07, 2017 3:28 pm

thanku very much gabosom85 it fixed my problem it worked i couldnt log in in admin either

Newbie

Posts

Joined
Thu Dec 07, 2017 12:38 pm

Post by DamasFlowers » Sun Dec 10, 2017 4:00 pm

Dear @gabosom85

I do the same you write but i got this error once i open http://damas.0fees.us/admin/ .. please help me

"Warning: fopen(/storage/logs/openbay.log): failed to open stream: No such file or directory in /home/vol3_5/0fees.us/0fe_21112085/htdocs/system/library/log.php on line 22Warning: fopen(/storage/logs/openbay.log): failed to open stream: No such file or directory in /home/vol3_5/0fees.us/0fe_21112085/htdocs/system/library/log.php on line 22Warning: fclose() expects parameter 1 to be resource, boolean given in /home/vol3_5/0fees.us/0fe_21112085/htdocs/system/library/log.php on line 39Warning: fopen(/storage/logs/error.log): failed to open stream: No such file or directory in /home/vol3_5/0fees.us/0fe_21112085/htdocs/system/library/log.php on line 22"

Newbie

Posts

Joined
Sun Dec 03, 2017 11:14 pm

Post by karlopencart » Thu Jan 25, 2018 7:31 pm

Hopefully Daniel will cure this annoying problem :ponder:
gabosom85 wrote:
Thu Jul 27, 2017 11:23 pm
so I found the obscure problem that was preventing me from logging in - it had to do with the expiration set on the OCSESSID cookie. for some reason, using ini_get('session.cookie_lifetime') was setting an expiration value on the cookie almost immediately. I took the same code that was used for setting the language and currency cookies and that worked like a charm.

the change is in system/framework.php

Code: Select all

#this won't work
#setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

#this works
setcookie($config->get('session_name'), $session->getId(), time() + 60 * 60 * 24 * 30, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
This worked but also using a password without # * also worked underscores/hypens do work.

Rather than changing core files you can try the attached xml file drop this in your vqmod/xml folder. This will allow you to use whatever password was set during your installation process.

This is not fully tested. Only on OC3.0.2.0 - So use at your own risk.

Or reset your password using PHPMyAdmin in your DB go to the user table > admin > select edit > in the password field paste

Code: Select all

5f4dcc3b5aa765d61d8327deb882cf99
This will reset your password to password, login back into OC Admin panel and change your admin user accordingly without using without # *

Before anybody ask's - VQMod info is here: https://github.com/vqmod/vqmod/wiki follow the blue download link you want the version for Opencart v2.6.3 https://github.com/vqmod/vqmod/releases at the time of this post.
---------------- Thu Jan 25, 2018 11:31 am ----------------

User avatar
New member

Posts

Joined
Tue Oct 05, 2010 11:19 pm

Post by ocmod.space » Fri Nov 09, 2018 9:57 pm

I've come across the same issue with OC 3.0.2.0 and profreehost.com and solve it

1. Admin back-end access issue:
In system/framework.php replace:

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
to

Code: Select all

setcookie($config->get('session_name'), $session->getId(), (ini_get('session.cookie_lifetime') ? (time() + ini_get('session.cookie_lifetime')) : 0), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
2. Admin/customer access issue on front page:
Make the same changes in catalog/controller/startup/session.php:

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
to

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), (ini_get('session.cookie_lifetime') ? (time() + ini_get('session.cookie_lifetime')) : 0), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Last edited by ocmod.space on Tue Jun 23, 2020 3:49 am, edited 2 times in total.

--
My OC extensions
--
What Do You Care What Other People Think?


User avatar
Newbie

Posts

Joined
Wed Jan 10, 2018 9:30 pm


Post by isveta78 » Wed Jan 16, 2019 4:23 pm

I am having the same issue. Added

setcookie($config->get('session_name'), $session->getId(), time() + 60 * 60 * 24 * 30, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

code in system/ framework.php file, but it's not working for me...

https://www.klinta.de/admin/
after login go to https://www.klinta.de/admin/index.php?r ... HMxEBcqX68
and show login form...

** In the sessions table in the database, I see two different entries getting created every time I try to login with the correct credentials:
*** First contains the actual token I see in my URI
*** Second only contains "false"

db21597ca7123e22120cefd5a7 {"user_id":"1","user_token":"votm5qB4g3vmnjqjp1XV5... 2019-01-16 08:43:14
db21597ca7123e22120cefd5a7 false 2019-01-16 08:43:15

Newbie

Posts

Joined
Fri Apr 25, 2014 9:52 pm

Post by zrudzik » Thu Apr 04, 2019 2:43 am

Thanks gabosom85
The code modification seems to work for me. I doubt it will break anything. You rock!
gabosom85 wrote:
Thu Jul 27, 2017 11:23 pm
so I found the obscure problem that was preventing me from logging in - it had to do with the expiration set on the OCSESSID cookie. for some reason, using ini_get('session.cookie_lifetime') was setting an expiration value on the cookie almost immediately. I took the same code that was used for setting the language and currency cookies and that worked like a charm.

the change is in system/framework.php

Code: Select all

#this won't work
#setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

#this works
setcookie($config->get('session_name'), $session->getId(), time() + 60 * 60 * 24 * 30, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

Newbie

Posts

Joined
Tue Apr 02, 2019 3:18 am

Post by IP_CAM » Thu Apr 04, 2019 5:59 am

Well, all this is sure not an OpenCart Problem, as I assume, but if
somebody selects a Free Hosting Solution, to place a professional
Monemaker Software onto it, it's of not much use anymore, to then
waste time, trying to assist in the first place.

Sorry about this, it's just the way I feel. If one is not able, to raise
enough money, to chose a proper Hoster, one does not deserve, to
to be taken seriously either.

Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by immaterial-gi » Wed May 08, 2019 9:34 am

isveta78 wrote:
Wed Jan 16, 2019 4:23 pm
I am having the same issue. Added ... code in system/ framework.php file, but it's not working for me...
** In the sessions table in the database, I see two different entries getting created every time I try to login with the correct credentials:
*** First contains the actual token I see in my URI
*** Second only contains "false"

db21597ca7123e22120cefd5a7 {"user_id":"1","user_token":"votm5qB4g3vmnjqjp1XV5... 2019-01-16 08:43:14
db21597ca7123e22120cefd5a7 false 2019-01-16 08:43:15
I was having the same issue and eventually I figured it out. There should only ever be one entry per session ID, session_id is supposed to be the primary key for the sessions table.

If this is broken, when you submit your username/password, it saves a new token for you in the DB... but then on attempting to load the next page, it pulls an older token out of the DB, compares the two, and boots you back to login because they don't match.

I don't know why my (or your) sessions table suddenly didn't have the primary key set (I've had no problem for months), but once I corrected that, everything went back to working fine. I did have to clear the sessions table before setting session_id as the primary key, since the DB won't allow it if there are already multiple rows with identical session_id fields.

Newbie

Posts

Joined
Wed May 08, 2019 9:26 am

Post by Ed_Rolla » Mon Jun 10, 2019 10:58 pm

Seems to me that messing with system files (system/framework.php) is not the best option since they tend to be overwritten once you update Opencart.

I strongly recommend doing the following instead:
  1. Download from the server the php.ini file located in the store's root folder (this is to ensure you have the latest copy on your local HD);
  2. Open the file;
  3. Add a new line with the following:

    Code: Select all

    session.cookie_lifetime = 360000
  4. Save and upload it to your server.
  5. Try loging in the admin now. It should work.

Why this is? This is happening because Opencart can't find the valeu of the variable "session.cookie_lifetime" in the framework.php file. Since it has no value, it's se to 0 and, as soon as you login, the session expires.
gabosom85 wrote:
Thu Jul 27, 2017 11:23 pm
so I found the obscure problem that was preventing me from logging in - it had to do with the expiration set on the OCSESSID cookie. for some reason, using ini_get('session.cookie_lifetime') was setting an expiration value on the cookie almost immediately. I took the same code that was used for setting the language and currency cookies and that worked like a charm.
...

WIP Design Publicidade e Marketing Digital


User avatar
New member

Posts

Joined
Sun Jul 15, 2012 12:16 am
Location - Brazil, Rio de Janeiro

Post by shadav » Mon Jun 24, 2019 7:35 am

thank you....thank you...
I'm using a free host and installed opencart without any issues... but then went to login to admin and it just kept refreshing...
after fixing that realized that the customer login was doing the same
so for me to get both the admin and customer working I did from the above
system/framework.php
find

Code: Select all

#setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
replace

Code: Select all

setcookie($config->get('session_name'), $session->getId(), time() + 60 * 60 * 24 * 30, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
I Tried the other one but with it in place my admin page wasn't found

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), (ini_get('session.cookie_lifetime') ? (time() + ini_get('session.cookie_lifetime')) : 0), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
not sure what happened there but oh well

catalog/controller/startup/session.php
find

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
replace

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), (ini_get('session.cookie_lifetime') ? (time() + ini_get('session.cookie_lifetime')) : 0), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
php.ini
add

Code: Select all

session.cookie_lifetime = 360000
add

Code: Select all

session.save_path = /tmp
so far everything seems to be working correctly *I hope*

I understand that this is free and open source but I've had so many issues straight out of install.... anyways thanks for the help

User avatar
Newbie

Posts

Joined
Wed Oct 24, 2012 1:12 am
Location - Westfield, IN

Post by sergiomng » Wed May 13, 2020 3:27 pm

immaterial-gi wrote:
Wed May 08, 2019 9:34 am
isveta78 wrote:
Wed Jan 16, 2019 4:23 pm
I am having the same issue. Added ... code in system/ framework.php file, but it's not working for me...
** In the sessions table in the database, I see two different entries getting created every time I try to login with the correct credentials:
*** First contains the actual token I see in my URI
*** Second only contains "false"

db21597ca7123e22120cefd5a7 {"user_id":"1","user_token":"votm5qB4g3vmnjqjp1XV5... 2019-01-16 08:43:14
db21597ca7123e22120cefd5a7 false 2019-01-16 08:43:15
I was having the same issue and eventually I figured it out. There should only ever be one entry per session ID, session_id is supposed to be the primary key for the sessions table.

If this is broken, when you submit your username/password, it saves a new token for you in the DB... but then on attempting to load the next page, it pulls an older token out of the DB, compares the two, and boots you back to login because they don't match.

I don't know why my (or your) sessions table suddenly didn't have the primary key set (I've had no problem for months), but once I corrected that, everything went back to working fine. I did have to clear the sessions table before setting session_id as the primary key, since the DB won't allow it if there are already multiple rows with identical session_id fields.
Thanks a lot for posting this!!! I had the exact same problem and solved it by reading this. I still don't know how the primary key got deleted, since the script that creates the database actually has a primary key... pishing maybe? Anyway, thanks a lot again, I was going nuts with this issue.

Newbie

Posts

Joined
Fri Mar 29, 2019 3:32 am

Post by trustgsm » Mon Oct 26, 2020 5:37 pm

not work for me


http://trustgsm.com/admin/index.php?rou ... HHIt1gjOWQ


gabosom85 wrote:
Thu Jul 27, 2017 11:23 pm
so I found the obscure problem that was preventing me from logging in - it had to do with the expiration set on the OCSESSID cookie. for some reason, using ini_get('session.cookie_lifetime') was setting an expiration value on the cookie almost immediately. I took the same code that was used for setting the language and currency cookies and that worked like a charm.

the change is in system/framework.php

Code: Select all

#this won't work
#setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

#this works
setcookie($config->get('session_name'), $session->getId(), time() + 60 * 60 * 24 * 30, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

New member

Posts

Joined
Sat Oct 18, 2014 5:06 am

Post by trustgsm » Mon Oct 26, 2020 5:58 pm

how many


Error Code(0): Error: Duplicate entry 'f05aca33365efdcd087d02eaba' for key 'PRIMARY'
Error No: 1062
ALTER TABLE `oc_session` ADD PRIMARY KEY(`session_id`) in /home/trustgsmmain/public_html/system/library/db/mysqli.php on line 40

New member

Posts

Joined
Sat Oct 18, 2014 5:06 am

Post by jacles@hotmail.com » Mon Feb 08, 2021 2:21 pm

sergiomng wrote:
Wed May 13, 2020 3:27 pm
immaterial-gi wrote:
Wed May 08, 2019 9:34 am
isveta78 wrote:
Wed Jan 16, 2019 4:23 pm
I am having the same issue. Added ... code in system/ framework.php file, but it's not working for me...
** In the sessions table in the database, I see two different entries getting created every time I try to login with the correct credentials:
*** First contains the actual token I see in my URI
*** Second only contains "false"

db21597ca7123e22120cefd5a7 {"user_id":"1","user_token":"votm5qB4g3vmnjqjp1XV5... 2019-01-16 08:43:14
db21597ca7123e22120cefd5a7 false 2019-01-16 08:43:15
I was having the same issue and eventually I figured it out. There should only ever be one entry per session ID, session_id is supposed to be the primary key for the sessions table.

If this is broken, when you submit your username/password, it saves a new token for you in the DB... but then on attempting to load the next page, it pulls an older token out of the DB, compares the two, and boots you back to login because they don't match.

I don't know why my (or your) sessions table suddenly didn't have the primary key set (I've had no problem for months), but once I corrected that, everything went back to working fine. I did have to clear the sessions table before setting session_id as the primary key, since the DB won't allow it if there are already multiple rows with identical session_id fields.
Thanks a lot for posting this!!! I had the exact same problem and solved it by reading this. I still don't know how the primary key got deleted, since the script that creates the database actually has a primary key... pishing maybe? Anyway, thanks a lot again, I was going nuts with this issue.
I tried all of this but nothing
I put the code in framework, session and ini.php and nothing
clear the oc_session table and now there is nothing but it still does not work. please help me


Posts

Joined
Mon Feb 01, 2021 3:54 am
Who is online

Users browsing this forum: Ahrefs [Bot] and 136 guests