Error after email account activation

  • Posts: 5
  • Thank you received: 0
3 years 8 months ago #222345

-- url of the page with the problem -- : www.jimfidler.com
-- HikaShop version -- : 2.6.0
-- Joomla version -- : 2.5.7
-- PHP version -- : 5.4
-- Browser(s) name and version -- : Chrome
-- Error-message(debug-mod must be tuned on) -- : unused

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, This email address is being protected from spambots. You need JavaScript enabled to view it. and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

After a person registers when in checkout mode and hits the button to register a message comes up that an email was sent and please click the link in the email to activate, however this is the error we get when clicking that link from the email:

unused
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, This email address is being protected from spambots. You need JavaScript enabled to view it. and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Please Log in or Create an account to join the conversation.

  • Posts: 23614
  • Thank you received: 3666
  • MODERATOR
3 years 8 months ago #222346

Hi,

More information about this error may be available in the server error log.

As written, more information about your error will be available in the server error log.

Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 5
  • Thank you received: 0
3 years 8 months ago #222388

Thank you - how does one get to the server error log?

Please Log in or Create an account to join the conversation.

  • Posts: 23614
  • Thank you received: 3666
  • MODERATOR
3 years 8 months ago #222391

Hi,

I'm sorry but that's not related to the HikaShop or related to the support we can provide.. For HikaShop.
Please see that with your web hosting or perform some search on Internet.

Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 5
  • Thank you received: 0
3 years 8 months ago #222996

Hi Jerome:

I contacted the hosting company on the issue and the following was their reply. Any further insight you can provide would be greatly appreciated. Right now we are unable to use the component for our shop and have downtime.

from hosting support:

It is the passing of the keyword "passwd" in URL that is triggering the
server to display a 418 error. This is considered suspicous behavoir as
most applications would not pass something like that in a URL directly.
Typically this is done via a post request.

I talked to a Security Engineer and they said here's the GET line:
GET
/index.php?option=com_hikashop&ctrl=checkout&task=activate&activation=59eca16b743b3b9fc6bb3f0436033657&infos=eyJwYXNzd2QiOiI2MTk5MDU4NCIsInVzZXJuYW1lIjoiYm96In0%3D&page=checkout&id=20&Itemid=160&lang=en
HTTP/1.

It encodes the information into base64, which is the
"eyJwYXNzd2QiOiI2M...." part.

This turns into {"passwd":"xxxxxxxx","username":"boz"}

It is passing the passwords in a decryptable format like that, which is
not the best practice. Our security daemon monitors for security risks
and prevents damage. You will need to contact your developer to further
investigate. If you are using a module or plugin for this form, you may
want to contact the developer of that module/plugin to correct this.

In the meantime, you can turn off Extra Web Security in:

Panel -> Manage Domains -> Edit for your domain. Please do not leave this
disabled, as it is vital to keeping your site and VPS protected against
attacks.


I have turned off extra web security as they suggested but still not working... also upgraded to joomla 3... new site is here: www.lillianfidler.com/jimfidler

If there is no immediate solution to this, is it possible to turn off registration and allow people to go directly to pay for the product? of course they would need to enter an address because shipping cost is dependent upon the country.

Last edit: 3 years 8 months ago by lfidler.

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
3 years 8 months ago #223067

Hi,

Passing the username and password in the activation link is necessary for the auto login process that is done after the activation is done so that the system can put you back on the checkout with the login already done for you.

The simplest is to turn off the user account activation in the settings of the Joomla user manager. That way, when you register, you'll directly be logged in on your checkout. It's a better user experience, and will be a good work around the security checks of your hosting company.

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #261943

This error is still happening. Customers are not able to register via Hikashop (i.e. when trying to place an order, at the time of payment when they must create an account). Clicking on the link on the activation email to confirm registration produces the same error:

unused
The server encountered an internal error or misconfiguration and was unable to complete your request...

So far the only solution proposed has been to blame the problem on the server's security settings.

But in fact there is no problem registering on my website via the regular Joomla registration/login. Links in the activation emails work. The problem only occurs when trying to create an account from Hikashop. So clearly there must be a problem with Hikashop's registration process, no? Why would it work through Joomla but not Hikashop?

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #261946

Hi,

If the problem was in HikaShop, then it would work for no one else using HikaShop. However, In the past year since the last message here, no one else reported such issue out of the tens of thousands of merchants using HikaShop. So it's logical that the problem is not with the activation email process in HikaShop.
The way I see it, there must some kind of plugin or extension you're using on your website which has been developed to work fine with the activation process of Joomla, but doesn't work properly when the activation process is triggered by HikaShop.
We do not blame the server's security settings. Where did you read that ?
We said that when you get such error message "The server encountered an internal error or misconfiguration and was unable to complete your request", it's a generic message displayed by your web server, while the real error message is logged in a log file of the server and thus, in order to get more information about the source of the problem, it would be a good first step to look at the error logs of your server (mainly the PHP error log file) and see if you find more information, like a fatal error message.
Another approach is to disable the plugins of the groups user, authentication, hikashop and system one by one and test each time in order to see which one is causing the problem.
Finally, if you think the problem is with HikaShop, install a blank joomla with only HikaShop and test the activation link. It has to work.

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #262010

Ok, thanks for the answer. It was on some other thread that you pointed to the server's security settings as the cause of the problem.

I see what you're saying, but still, clearly Hikashop is doing something through the registration/activation process that causes the error (even if it's some conflict with an extension, etc...) that doesn't happen in the normal Joomla registration.

Would this be the content of the error log that you're talking about? (Indeed, there was something about an error 418 as indicated in the log)

[Thu Feb 09 10:59:45 2017] [error] [client 174.127.133.51] Directory index forbidden by Options directive: /home/israelcatholic/catholicsforisrael.com/media/jui/js/
[Thu Feb 09 17:20:00 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0VQEWj2G4AACEfxc0AAAAK"]
[Thu Feb 09 17:22:18 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0VykWj2G4AACM1Px0AAAAI"]
[Thu Feb 09 17:23:32 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0WFEWj2G4AACM1PyAAAAAI"]
[Thu Feb 09 19:13:45 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0v6UWj2G4AAGFcW0UAAAAB"]
[Thu Feb 09 19:18:58 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0xIkWj2G4AAGjceFkAAAAQ"]
[Thu Feb 09 19:19:14 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0xMkWj2G4AAGjacBcAAAAO"]
[Thu Feb 09 19:21:30 2017] [error] [client 175.139.125.181] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ0xukWj2G4AAGnfU@4AAAAC"]
[Thu Feb 09 20:23:48 2017] [error] [client 172.68.34.31] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ1AVEWj2G4AAFBtLOkAAAAE"]
[Thu Feb 09 20:30:37 2017] [error] [client 172.68.34.31] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ1B7UWj2G4AAFALAMkAAAAB"]
[Thu Feb 09 20:47:32 2017] [error] [client 88.75.58.127] Premature end of script headers: index.php
[Thu Feb 09 20:47:32 2017] [error] [client 94.134.135.158] Premature end of script headers: index.php
[Thu Feb 09 20:47:32 2017] [error] [client 77.12.58.218] Premature end of script headers: index.php
[Thu Feb 09 20:49:03 2017] [error] [client 172.68.34.31] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ1GP0Wj2G4AAFmkimwAAAAN"]
[Thu Feb 09 21:36:36 2017] [error] [client 198.244.49.9] Premature end of script headers: index.php
[Thu Feb 09 21:36:36 2017] [error] [client 198.244.49.9] Premature end of script headers: index.php
[Thu Feb 09 21:36:36 2017] [error] [client 198.244.49.9] Premature end of script headers: index.php
[Thu Feb 09 22:20:49 2017] [error] [client 2001:e68:6dd0:4e00:c83b:6bf:5e09:cbe] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ1bwUWj2G4AAAubTC0AAAAK"]
[Thu Feb 09 22:20:58 2017] [error] [client 2001:e68:6dd0:4e00:c83b:6bf:5e09:cbe] ModSecurity: Access denied with code 418 (phase 2). Matched phrase "passwd" at ARGS:infos. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "256"] [id "1990070"] [msg "Common known arguments for backdoor shell present in ARGS:infos"] [hostname "www.catholicsforisrael.com"] [uri "/index.php"] [unique_id "WJ1bykWj2G4AAAl3NegAAAAO"]
[Fri Feb 10 01:56:24 2017] [emerg] [client 5.9.70.72] (22)Invalid argument: mod_fcgid: can't lock process table in pid 13755
[Fri Feb 10 01:59:01 2017] [emerg] [client 5.9.70.72] (22)Invalid argument: mod_fcgid: can't lock process table in pid 14540
[Fri Feb 10 02:00:20 2017] [emerg] [client 5.9.70.72] (22)Invalid argument: mod_fcgid: can't lock process table in pid 14973
[Fri Feb 10 02:01:39 2017] [emerg] [client 5.9.70.72] (22)Invalid argument: mod_fcgid: can't lock process table in pid 17372
[Fri Feb 10 02:04:23 2017] [emerg] [client 5.9.70.72] (22)Invalid argument: mod_fcgid: can't lock process table in pid 18078
[Fri Feb 10 02:05:36 2017] [emerg] [client 5.9.70.72] (22)Invalid argument: mod_fcgid: can't lock process table in pid 18497

Last edit: 2 years 6 months ago by jazzbird.

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #262023

Hi,

Bingo, that's indeed the problem.
The problem comes from the mod_security module on your server which blocks the activation request because we're using the passwd parameter in the URL of the activation link. So as you had read elsewhere, it's indeed caused by the security settings of your server.
We'll have to change the name of that parameter to something else in order to circumvent that.
I've just generated a new build of the 3.0.0 with a patch in order to avoid that problem.
You can download it on our website and install it on yours and it will add the patch to prevent the issue.

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #262080

Nicolas,

Thanks for this. I "updated" Hikashop and indeed this fixed the email activation problem BUT... it has now created lots of other problems:

1) it seems like Hikashop has "forgotten" many of my previous display settings. Whereas previously all products were neatly listed in table form, now they are a total mess, listed in three columns with the full description of each product. Why in the world does Hikashop not remember the previous settings? EDIT: I WAS ABLE TO FIX THIS FROM THE MENU SETTINGS/PRODUCT OPTIONS. BTW IT IS NOT AT ALL CLEAR THAT CLICKING ON A TAB (DIV, TABLE, LIST) THEN SAVING WILL COMPLETELY CHANGE THE DISPLAY OF THE PRODUCTS. SHOULD'NT YOU HAVE A SHORT EXPLANATION ON THE MENUS:EDIT ITEM PAGE?
www.catholicsforisrael.com/bible-course/...nline-course-english

2) Discounted prices used to be properly displayed with the regular price crossed out next to the discounted price in red. Now both prices are just listed side by side with no distinction, which is very confusing.

3) The download files in the notification email (and download area) are once again totally out of order, displayed in an apparently random manner. I have reported this problem 2.5 years ago and it is STILL not definitively fixed.
www.catholicsforisrael.com/bible-course/shop/order/show/cid-72
www.hikashop.com/forum/product-category-...-download-files.html

3)b) Also, now the download files now have the expiry date notification "Until the 2017-03-14 13:31." This is grammatically incorrect in English. How can I change or remove this?

So, one step forward, three steps back - it's incredibly frustrating.

Last edit: 2 years 6 months ago by jazzbird.

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #262095

Hi,

I had supposed that you were already on HikaShop 3.0.0 since you didn't provide your version number and in that case, installing it shouldn't change anything and just fix that problem.
Updating from an older version of HikaShop to the 3.0.0 is a really big change and requires proper testing before. It would have been better asking your hosting company to just lift the security check on that particular issue.

1. We actually have a whole tutorial on that here:
www.hikashop.com/support/documentation/3...splay-front-end.html

2. That's just a CSS issue because the CSS for that has been moved from the frontend CSS to the default style CSS with HikaShop 3. Select that default style instead of "none" in the "style" CSS option of the HikaShop configuration and you'll get back that CSS.

3. a. Please let's not split the discussion across several threads. I've answered you there.
b. The text can be changed with a translation override:
www.hikashop.com/download/languages.html#modify
I don't see what is wrong with that text grammar ? Could you tell us ?

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #262183

1) Ok, thanks for the tutorial. Generally, I find Hikashop to be pretty complex and often not easy to find the necessary help. It probably wouldn't hurt to add more short explanations in pop-ups and contextual help in the backend.

2) Ok I found and fixed it, but this is a good example of searching for a needle in a haystack, where the solution is anything but intuitive. I spent a couple of hours trying to resolve this.

3a) I'll follow-up on the other thread.
3b) In English the use of the definite article in this context is too cumbersome. It's better to leave it out. So instead of "Until the 2017-03-14", better to write "Until 2017-03-14."

How can I avoid having the date displayed for each download in the download area? Is there a setting where I can disable this and just have the download link without the date?

I'm also noticing two new issues:
See here: www.catholicsforisrael.com/bible-course/...rs-en-ligne-francais

4) the "Add to cart" buttons now have gray text over a gray button, so that the text is almost illegible. This is the case also for all the buttons in the checkout area. What happened, and how can I fix this?

5) Free download items have no "Add to cart" button. How come? How are users to download this item, and how can I add the button like for the other products?

Last edit: 2 years 6 months ago by jazzbird.

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #262253

Hi,

1. Yes, that's why HikaShop 3's configuration page has been completely redone with tooltips for all the options. We're moving in that direction too.

2. Yes, such major a update (the biggest in 7 years) shouldn't be taken lightly and require proper testing on a copy of the website before moving to production.

3b. Ok, thanks. We'll change that on our end.
c. I don't see such text in the download area of HikaShop.
I however do see it on the order details page for each download link if you configured a download period limit in your backend.
If you don't want such limit, then remove it from the corresponding option in the configuration.
If you want it but don't want the text message on the order page, you can remove the code:

$fileHtml .= ' / ' . JText::sprintf('UNTIL_THE_DATE', hikashop_getDate($order_created + $this->download_time_limit));
in the file "show" of the view "order" via the menu Display>Views.

4. If you look at a button's HTML and CSS with your browser explorer, you can see that all the button style comes from your template:
monosnap.com/file/bCEu76S6mp0ZPa6IQkYEHf4nt4jvIK
I'm not sure how it was before, but it seems that the solution is in modifying the CSS of your template.
For example, you could add such CSS:
#jsn-page .button {
color: white !important;
}

5. Make sure that you have the "Display 'add to cart' button for free products" setting of the HikaShop configuration activated, or free products won't have add to cart buttons.

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #262356

Thanks for your reply.

1, 2) OK

3a) I didn't get any reply to my other post with the ongoing issue of disordered download files:
www.hikashop.com/forum/product-category-...-files.html?start=20

4) OK, but something must have happened with Hikashop 3.0.0, because this problem only started when I updated from the previous version. Before that, the buttons looked fine. I forget which color they were, but they were clear and legible. Now they are not. I'll try to add a CSS to the template, but frankly something must have changed with Hikashop 3.0.0.

5) Thanks. That one was easy.

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #262377

Hi,

3.a It seems that thread was deemed as "solved" by someone else from the team. Probably he read the message too fast. I've reopened it and will have a look.
4. Well, maybe before the update you weren't using the CSS of the buttons from your template but CSS for buttons from the old style files of HikaShop.

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #262447

4. Ok - is there a way I can revert to the CSS from Hikashop styles, rather than hacking the CSS from my template?

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #262452

Hi,

Probably. The problem is "I'm not sure how it was before" as I said in a previous message.
So I can't provide precise instructions to get back the buttons like you had before since I don't know how they were before.
If you had a copy of the website from before the update and you could provide a link to a page with the buttons like they were before, I could tell you what to do...
It would be easier to just adapt the CSS of your template for the buttons. It's just some simple CSS.

Please Log in or Create an account to join the conversation.

  • Posts: 52
  • Thank you received: 0
  • Hikashop Essential
2 years 6 months ago #262955

Ok thanks Nicolas. Is someone still following the other thread regarding the disordered download links?

www.hikashop.com/forum/product-category-...-files.html?start=20

Please Log in or Create an account to join the conversation.

  • Posts: 66624
  • Thank you received: 9808
  • MODERATOR
2 years 6 months ago #262957

Hi,

It's on my todo list.
I didn't had the time to look at it yet.

Please Log in or Create an account to join the conversation.

Time to create page: 0.105 seconds
Powered by Kunena Forum