AbanteCart Community
Shopping Cart Operations => Security => Topic started by: CoolSurfer on January 04, 2016, 02:12:53 PM
-
i imported the sql of site 1 to site 2, the salt key was changed, so when logging into the admin panel, it asked to reset the password.
on doing so, the image verification did not load up , hence could not reset the pwd, however the admin panel loaded fadedly in the bg, on clicking on the category link got access to the admin panel.
i think this should not be allowed.
just wondering....
also the smtp email pwd is not hashed/encrypted .... it should show up as stars...
-
Hello.
Please provide more details. What is your AbanteCart version? How you create your sql - via phpmadmin export or AbanteCart buit-in?
-
Are you saying you were able to get into Admin with no password reset or login? Are you sure? What were your steps?
FYI: When you migrate your site, you should not change your SALT key.
-
My friend also wanted a similar site on bodybuilding products, but he has 0 knowledge of computers n coding,
so i created a sql backup via cpanel sql backup, the one created by abantecart ( inbuilt) created a corrupted empty sql for some reason.
So u imported my sql into my friends AbanteCart sql via phpmyadmin, after dropping all tables.
Then i tried to make some changes to suite his site name etc.... but it didnt allow me to login.
the image verification thing didnt load the image hence i couldnt reset the password
i just clicked ok without image verification and the admin panel opened faintly which a regular user would not see or ignore. But i clicked on categories and i got access...
i am actually worried about security of my site also.
Then later i changed the salt key via ftp on my friends site.
-
I am using ver 1.2.5 latest
-
Do you have GD enabled? Missing GD can cause missing image for verification.
Regarding security, I do not think there is an issue here, but we can definitely check this.
I still do no see how you can skip this step. Did you change any PHP files?
-
I think we are dealing with customer modifications or human error causing issues.
Check that this file is present and has correct permissions
admin/controller/responses/common/captcha.php
If this file is missing or not accessible, captcha will not show and validation will not work.
However, this will NEVER allow login without password.
-
possibly you copied cache files that cause conflicts.
Try to remove all subdirectories from your public_html/system/cache folder
-
I installed AbanteCart using installatron in both sites. But will try to check the above suggested ... this caputa issue is on both the sites ...
-
any errors in log?
-
admin/controller/responses/common/captcha.php is there and has file permission od 644
is that correct?
GD is enabled..
Didnt touch the php.ini file.
Any suggestions pl..
-
admin/controller/responses/common/captcha.php is there and has file permission od 644
Try to set 755 permission to this file
-
issue solved in v1.2.7.
See details here https://github.com/abantecart/abantecart-src/commit/ef60cbf500f332a04dea26a8e85316aac3a96916