Sign In Infobox generates a "404 File Not Found Error&a

[prs444]

I've searched and Googled but can't seem to find anyone else getting this problem.
I set up a test account to run through the site functions and found that when I use the Infobox Sign In to login I get a 404 Error.
If I go through and add something to the cart and go through checkout, when it asks me if I'm a returning customer or a new customer and I login through that method it goes through fine.
Where should I look to correct this problem. I would like returning customers to be able to log in through the Sign In Info box.
Thanks,
Paul

[JohnW]

The login box on 2.0 works fine, so this sounds like a unique problem. Look at includes/boxes/loginbox.php for the problem. Replace it with the original off the download and see if that fixes it. Also, if you post your site with problems it is sometimes better and easier to see the problem first hand.

[prs444]

John,
Sorry about not posting the site.
I did a file compare between the original includes/boxes/loginbox.php file and the one in my site and they where identical. I may try to compare all the login files for a corrupted file but that may take awhile as I am still learning my way around the new setup.
I had taken the login box off since it didn't work but I will put it back so anyone can try it.

Here is the exact problem:
I try to login my test user. If I use Mozilla I get a 404 error but if I click the browser Back button the page refreshes and I am logged in.
If I do the same thing in IE when I hit the Back button it just shows the empty page not logged in.

I have not added any mods that have changed any of the login files I can find.

I haven't had any customers yet so nobody is beating down the door to login yet!
The site is http://www.buyfukkenwax.com if you get a chance to try it.
Thanks for your help!
Paul

[JohnW]

Okay, here is your problem. When you log in from that box it is transferring you to your index page but in SSL and that page doesn't exist. you can try it direct https://buyfukkenwax.com/catalog/index.php? I kinda suspected this was the problem. I haven't read the docs on the lastest login box, but should have everything you need to know.

I also noticed that you are not using your own security certificate, or at least not yet. You really should get your own and it way worth it in the long run. That would probably fix this problem too since you would have SSL pages of your own.

[prs444]

John,
I hate to be such a bother, but would you consider this a bug? Should I report it as one? I pretty much have everything worked out except for this problem.
I'm stuck using the ssl since money is short right now but I will make it a priority to get my own security certificate as soon as I can.

I really don't know PHP very well yet and I'm really stuck on what I need to modify to get this worked out. I started looking at the source code for the login.php file to see if I could work through it but it might as well be in Chinese! I do know the address I use for my https pages, it is https://(edited out ) is there a way to get the login box to use that ssl for login?
I also noticed that if I throw that address up in my browser that an index of my site comes up.... should I have an htaccess file there to prevent that?
Is that a security problem if the htaccess file is not there or is there a better way to secure that hole?

I really didn't mean to open up pandoras box here with all these questions but any and all help is deeply appreciated.
And I definately will be off to the library for some educatin ASAP!
Maybe someday I'll get to help somebody through a problem I've had also!
Thanks again,
Paul

[JohnW]

Paul,

This is not a bug at all, but I think this is all with the lack of your own SSL. Normally, when someone goes from a ssl page to a non ssl page they get a security warning and many freak out about that. There is a workaround in the loginbox to avoid that warning. You should read the docs for the Loginbox mod for more info on it. I'm one of those peope that are pretty dangerous with code, but I figured I could help point you in a direction. I've my OSC site running for almost 3 years and I can guarantee that not having your own SSL will cost you sales. I don't know who you host with but I host with AAbox that Msasek runs. Great hosting company if you are ever looking for one. Anyway, they have SSL certificates for $69 and you will lose in lost profit from lost sales in no time.

I don't know the answer to your Index.php question and you should scan this board and the main OSC board for that. OSC used to use default.php instead of index.php and I know a few people that were on servers that got hit with some sort of code and not having Index.php saved them at the time. I think if your PHP server has the proper security updates that is not an issue. I know PhpNuke sites are a big target for that.

Since I'm doing an upgrade from a current site to Max 2.0 I'm working on some different issues.

Trust me, I know how frustrating this can be, but as time goes on it gets better and you get better at it. Focus on having a great hosting company more than the best priced and do everything the best/correct way and running your site will be easier and you will get a lot more sales.

[prs444]

John,
I did not know that the login box was originally a mod! I am using the new version oscMax RC2 so I'm not sure what will be involved with finding a workaround. I'm still learning how the files relate to each other. My first site was with the old osc, and I thought it was fairly easy to understand what the code was trying to do, so I hope I start picking this up soon.
Thanks again for the tip about the mod, I will check out the documentation for the mod to see if it guides me in the right direction.
Paul

[prs444]

John,
I had another quick fix idea instead of the sign in box I could just use the "New Infobox" feature in the Infobox Admin menu and add my own box that says Secure Login and have a button to click that would take you to the account login page which works fine.
Now somehow I thought that was too easy of an idea..... when I create the new infobox through the menu, and then hit "insert" the menu refreshes and it shows on the list as an active infobox. Whoopeeee, I figured there should be files in place and a new infobox waiting for me, but no such luck! Can't find any new files or anything to show that the new infobox is there but the entry on the infobox admin screen... Oh well, I never made it to the library for that PHP book today......gotta make that a priority for tomorrow.
Thanks again for all your help John, I was looking at the aabox site tonight and it relly isn't much different than what I'm paying now for hosting. In fact if I get the SSL cert. from aabox it will almost break even because The host I'm using now (iPower) charges much more for a SSL cert so that would eat up the savings I get for cheap hosting. When the time comes to renew i think it might be time to try aabox...
Thanks again,
Paul

[driwashsolutions]

Had the same issue, and fixed it by changing the configure.php file in the /catalog/includes/ folder.

Bottom line is that if your store is in a subfolder, then the server define should include that subolder spec, but the catalog directory defines should all be just /catalog/.

Code:

  define('HTTP_SERVER', 'http://www.mystore.com'); 
  define('HTTPS_SERVER', 'https://mainstore.biz/mystore'); 
  define('ENABLE_SSL', true); 
  define('HTTP_COOKIE_DOMAIN', 'mystore.com');
  define('HTTPS_COOKIE_DOMAIN', 'mainstore.biz/mystore');
  define('HTTP_COOKIE_PATH', '/catalog/');
  define('HTTPS_COOKIE_PATH', '/catalog/');
  define('DIR_WS_HTTP_CATALOG', '/catalog/');
  define('DIR_WS_HTTPS_CATALOG', '/catalog/');

[groggory]

the wiki goes over ssl setup very nicely. Give it a read.