Fix Oscommerce 2.3 Admin Login troubleshoot
Very annoying Error message maximum number of login attempts has been reached
Error: The maximum number of login attempts has been reached. Please try again in 5 minutes.
In admin/includes/application_top.php locate and remove the following code.
// try to automatically login with the HTTP Authentication values if it exists
if (!tep_session_is_registered('auth_ignore')) {
if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
$redirect_origin['auth_user'] = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
$redirect_origin['auth_pw'] = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
}
}
Then clear cookies/cache of your browser and login. This modification removes the automatic assignment of login credentials by the core code and allows the administrator to keep and correctly use separate login information for the cpanel’s popup login and for the actual osCommerce admin login. This modification in fact strengthens security as the website owner can maintain a separate set of login credentials.
Another issue with the sessions is not common but may happen with the number of characters and type of characters the sessions :
To fix this issue, open the admin/includes/functions/general.php locate the following code
////
// Redirect to another page or site
function tep_redirect($url) {
global $logger;
if ( (strstr($url, "n") != false) || (strstr($url, "r") != false) ) {
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}
header('Location: ' . $url);
if (STORE_PAGE_PARSE_TIME == 'true') {
if (!is_object($logger)) $logger = new logger;
$logger->timer_stop();
}
exit;
}
Replace it with the following code:
////
// Stop from parsing any further PHP code
function tep_exit() {
tep_session_close();
exit();
}
////
// Redirect to another page or site
function tep_redirect($url) {
global $logger;
if ( (strstr($url, "n") != false) || (strstr($url, "r") != false) ) {
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}
if (STORE_PAGE_PARSE_TIME == 'true') {
if (!is_object($logger)) $logger = new logger;
$logger->timer_stop();
}
header('Location: ' . $url);
tep_exit();
}
This ensures sessions are closed at the end of a redirect. Also you have to ensure redirects take place after the session starts. This post was dedicated for oscommerce 2.3 and it will be followed by an SEO oscommerce 2.3 post here
Cheers,
