Running a clean install of v1.5.0.5
every time I log in to the admin, it says invalid token and lists a token in the url. After I log in again, it will again tell me invalid token and the token will change. I usually have to keep at it before it lets me in, and even then when I go to edit something, it'll bring me back to the log in window and tell me invalid token. Store is located at http://fei.x10.mx/store ADMIN located at http://fei.x10.mx/store/admin
What I've done:
Cleared out browser cache/pc cache... nothing
Deleted and recreated the DB... nothing
Changed password... nothing
I did install a payment module for bitcoins, but I unstalled it and nothing
added some snippet of code to both files in root and admin php files... gave me an error, so i deleted the snippets
made sure i'm using the correct versions of software required and I am.. even have the db set to localhost
tried in both firefox, IE8, and chrome and still gives invalid token.
I'm tearing my hair out over this!
What, has no one ran into this? I mean, it's getting very annoying to repeativly enter my admin password 8 or 9 times just to get to an area or update a product - no cart software should act like this.
I'm neither connecting by proxy or having host problems.
I just tried loging in and the problem still exists. Is there a way to take this token verification out so I can add product to my store?
I just tried loging in and the problem still exists. Is there a way to take this token verification out so I can add product to my store?
I have. Tried it on both the lappy(win7) and the desktop in the living room(also win7) and has the same problem.
The problem is definitely server side.
I noticed you didn't delete the install folder. That definitely should be done. Also, is this a 100% clean reinstall? Clean database and install files/folder? I'd also check and make sure the subdomain is properly set up and configured.
I noticed you didn't delete the install folder. That definitely should be done. Also, is this a 100% clean reinstall? Clean database and install files/folder? I'd also check and make sure the subdomain is properly set up and configured.
-Ryan
Everything was a reinstall, but reinstalled it and the MySQL db just to make sure and everything's the same. Its something i'm going to have to deal with I guess untill someone can tell me A: how to fix it or B: tell me how to get rid of this token auth system
well getting rid of the token auth system will not be easy. You would have to edit every single catalog file in the entire admin folder, in addition that would open you back up to the csrf attack that it was put in place to prevent.logansryche wrote:Everything was a reinstall, but reinstalled it and the MySQL db just to make sure and everything's the same. Its something i'm going to have to deal with I guess untill someone can tell me A: how to fix it or B: tell me how to get rid of this token auth system
It's not a complicated system if it is not working for you there is some sort of problem with sessions on the server, and you will most likely have problems with the storefront logins as well.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
Ok so how do I fix this then? I mean, I can run OSCommerce without any issue.
I switched over to Open Cart specifically for the bitcoin plugin.
I switched over to Open Cart specifically for the bitcoin plugin.
I have no idea how you fix it I've worked on LOTS of installs and I've never seen anyone have that problem.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
I really don't think it's the token but you can try installing OpenCart 1.4.7 which is the last version before tokens were added and see what happens.
-Ryan
Ok. Got 1.4.7 installed, redid MySQL and it looks like we're good to go. Weird how 1.4.7 works, but 1.5.0.5 doesn't.
It must mean that there is something wrong with your session on the server. If you add something to the cart and click continue shopping does it stay in the cart?
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
I dunno about 1.5.0.5, but it will go through the shoping cart process in 1.4.7
I won't sit there and enter my login 8+ times to attempt to add a product to test the cart process.
This is seriously something that needs to be fixed. Also tried 1.5.0 and same problem with tokens on admin login.
Looks like I'm staying with 1.4.7 because of this.
I won't sit there and enter my login 8+ times to attempt to add a product to test the cart process.
This is seriously something that needs to be fixed. Also tried 1.5.0 and same problem with tokens on admin login.
Looks like I'm staying with 1.4.7 because of this.
I'm stuck with the issue too: if I don't entry the token in url string I've receiving the error.
It' surely the bug
So I deeped in the code and found in admin/controller/common/login.php:
(I've added dump instruction)
if ((isset($this->session->data['token']) &&
!isset($this->request->get['token']))
|| ((isset($this->request->get['token']) &&
(isset($this->session->data['token']) &&
($this->request->get['token'] != $this->session->data['token']))))) {
var_dump($this->session);
$this->error['warning'] = $this->language->get('error_token');
}
So you can see that session variable is existing, but the system checks for get['token']==session['token'] and errors if not.
I've tryed to comment
//$this->error['warning'] = $this->language->get('error_token');
it not worked for me
So I've found simple workaround:
in admin/index.php
after
// Front Controller
$controller = new Front($registry);
add this hack (if url token is empty - so simple use session token):
//token hack:
if (isset($session->data['token']) && !isset($request->get['token'])
) {
// var_dump($this->session);
$request->get['token'] = $session->data['token'];
}
It' surely the bug
So I deeped in the code and found in admin/controller/common/login.php:
(I've added dump instruction)
if ((isset($this->session->data['token']) &&
!isset($this->request->get['token']))
|| ((isset($this->request->get['token']) &&
(isset($this->session->data['token']) &&
($this->request->get['token'] != $this->session->data['token']))))) {
var_dump($this->session);
$this->error['warning'] = $this->language->get('error_token');
}
So you can see that session variable is existing, but the system checks for get['token']==session['token'] and errors if not.
I've tryed to comment
//$this->error['warning'] = $this->language->get('error_token');
it not worked for me
So I've found simple workaround:
in admin/index.php
after
// Front Controller
$controller = new Front($registry);
add this hack (if url token is empty - so simple use session token):
//token hack:
if (isset($session->data['token']) && !isset($request->get['token'])
) {
// var_dump($this->session);
$request->get['token'] = $session->data['token'];
}
Has this problem been solved? Having same error in Chrome & IE.
In both instances neither program is refreshing screen....If I press refresh, screen displays what I requested without re-entering username or password.
Please respond.
Thanks.
P.S. Brand new installation on web server with latest version of Opencart yesterday. Finally was able to login today (small learning curve)... and this problem was my welcome.
In both instances neither program is refreshing screen....If I press refresh, screen displays what I requested without re-entering username or password.
Please respond.
Thanks.
P.S. Brand new installation on web server with latest version of Opencart yesterday. Finally was able to login today (small learning curve)... and this problem was my welcome.
Who is online
Users browsing this forum: No registered users and 17 guests
