Support

Admin Tools

#12058 Virtuemart login

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 27 May 2012 18:00 CDT

Sunday, 22 April 2012 14:41 CDT

user62338
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.26)
PHP version: (5.2.17)
MySQL version: (unknown)
Host: (studio4web)
Admin Tools version: (2.2.5)

Description of my issue:

Hi.

When I add secret word in "Administrator secret URL parameter", I can not log in to virtuemart any more.It actualy shows virtuemart,but when clicked on product or anything, it send me back to front page.
I removed secret word, and now entering admin back over "http://www.mysite/administrator" and I can log again into VM, but I also can log through "http://www.mysite/administrator?secretword".
I have added "administrator/components/com_virtuemart" to exceptions,and created .htaccess with no luck.

When site is on localhost(xampp),everything works fine.
I love that feature,so if you can help me about this.

Thanks.

Sunday, 22 April 2012 17:07 CDT

nicholas
I am using Joomla! 1.5.26 locally, with VirtueMart 1.9.8j and I can't reproduce your issue. At this point I am not sure it's something caused by Admin Tools. Let's make sure that the problem is indeed caused by Admin Tools. In order to do so, try the following:

1. Try setting the Error Reporting level in your Global Configuration to "None". Many errors are caused by harmless PHP Notices and Warnings being output to the browser, breaking anything which requires HTTP header manipulation such as Joomla!'s session management, AJAX calls and download systems.

2. Try to replicate the issue after disabling the "System - Admin Tools" plugin. If you can still replicate the issue, it is not caused by Admin Tools. Disabling that plugin means that Admin Tools code (including the Web Application Firewall) is not running on your site.

3. If you suspect an issue with the .htaccess file, replace its contents with the contents of the stock htaccess.txt file shipped with every version of Joomla!. If you are on GoDaddy please wait for 1-30 minutes for the changes to be effective. Then, retry loading the problem page. If you can still reproduce the error, then it is not caused by .htaccess Maker.

If doing any of the above resulted in the issue still occurring, it's not related with Admin Tools and I can't help you. If doing any of the above did stop the issue from occurring, we'll have to do some troubleshooting.

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log and go to the last page. The last log entry should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that I can help you.

If, however, you do not see a log entry, or the Date and/or IP address do not match your last access, this problem is not caused by Admin Tools' WAF. In this case, you will have to do some .htaccess troubleshooting. You may need to read the general .htaccess troubleshooting page, as well as the page on finding out necessary .htaccess exceptions.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 25 April 2012 14:44 CDT

user62338
Hi.

I tried everything you wrote above ...
1. set error report to yes (error still present)
2. disable system-admin tools (error not present - however when I disable system-admin tools or remove secret url parameter from WAF,I can still log in to backend with secret url,or just standard administrator/index.php)
3. replaced .htaccess with content from htaccess.txt (error still present)


This is from log:

2012-04-25 19:14:04
Admin Query String

http://www.mysite.com/administrator/index.php?pshop_mode=admin&page=product.product_list&option=com_virtuemart


thx

Wednesday, 25 April 2012 15:28 CDT

nicholas
For some reason, you are getting logged out of your site, which causes the admin query string protection to kick in. You can always try disabling the administrator URL secret string option in the Configure WAF page, but that may degrade the security of your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 25 April 2012 15:40 CDT

user62338
Yes,and theat feature I like the most...today I have received about 25 attack in few minutes...and it was stopped only when I enabled secret url.
It is realy great feature...
And I'm wondering why the secret url is still available even though I remove it??

I don't know.I can send you username and password if you like, to see for yourself.

thx

Wednesday, 25 April 2012 15:49 CDT

nicholas
I am wondering what you mean that the secret URL is available even when you remove it? If you disable the plugin or remove the secret word, the feature is removed.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 25 April 2012 16:10 CDT

user62338
Hey,I fixed it...

But,I'm sorry I am tired,have to go to work tomorrow early,so I will explain tomorrow evening or day after tomorrow when I have time, and allso want to test it more...

Thanx for now.

Wednesday, 25 April 2012 16:11 CDT

nicholas
Sure thing, please do! I am curious as to what it was.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 27 April 2012 14:17 CDT

user62338
Ok,sorry for delay...

I just changed the following ...

administrator / components / com_virtuemart / virtuemart.cfg.php line 34

1 / / these path and url definitions here are based on the Joomla! Configuration
2 define ('URL', 'http://mysite/');
3 define ('SECUREURL', 'http://mysite/')


to that

1 / / these path and url definitions here are based on the Joomla! Configuration
2 define ('URL', $ mosConfig_live_site. $ App);
3 define ('SECUREURL', 'http://mysite/')


I found it here: http://ninoholic.com/problem-solving-images-not-showing-in-virtuemart.html

and now it works great.

Friday, 27 April 2012 17:55 CDT

nicholas
Actually, the mosConfig_* parameters are legacy parameters, populated only when you have turned on the Legacy plug-in. You could always write that second line as
define('URL', JURI::base() );
if I recall correctly. But, well, if it works than it's fine I guess :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 27 May 2012 18:00 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!