Can't login to admin because CS-Cart is down

Well here is an interesting problem.



So I went to login to one of the stores I run and I could get to the login screen, but not the admin. I actually kept getting 404 errors.



At the same time I was also trying to get to CS-Cart's helpdesk to find out how many support credits I have and to submit a ticket, but I couldn't get to CS-Cart either.



So I checked my own store and was able to login just fine.



I then checked another store that I run and the same thing happened to it as to what happened to the first store.



Just a note though, all three sites and or course CS-Cart are all on different servers.



So, here is my theory and I think I've seen something on this before.



My site has been licensed since 2006 and is grandfathered in to the lifetime license thing so it doesn't call back to CS-Cart to check the license.



The other stores are newer and so they have newer licenses that do call back to CS-Cart.



So basically, when CS-Cart was down, the newer sites couldn't reach CS-Cart to verify the licenses and so I wasn't able to make it past the login screen.



Does that sound like a good theory? If so, what can be done different about it? Personally I think it is kind of BS that whenever CS-Cart is down, the admins in any newer stores are also down.



What do you guys think?



Thanks,



Brandon

If this is the case (and it sounds like it's almost the only feasable explanation) they should certainly address it.

I guess this explains why I was unable to access my 2.2.2 installations, but had no issues with 2.0.15…

Good day,

Unfortunately, we failed to find out the moment when the HelpDesk server was inaccessible. But if it is inaccessible at the moment or there are some problems with the Internet, a situation when the admin cannot log in is really possible.

This problem will be resolved in the nearest versions.

At the moment you can apply the following fix in order to avoid such problems in the future.

Replace the following line in the controllers/common/auth.php file:


list($header, $data) = fn_https_request('GET', $uc_settings['updates_server'] . '/index.php?dispatch=product_updates.check_available&request=' . urlencode($request));


with this one:


list($header, $data) = fn_https_request('GET', $uc_settings['updates_server'] . '/index.php?dispatch=product_updates.check_available&request=' . urlencode($request), array(), '&', '', '', '', '', '', '', array(), 5);


After you have applied this fix, the store will wait for a response from the CS-Cart server for no more than 5 seconds and the admin will log in anyway.



Please accept our apologies for the occurred situation.

Thank you for understanding.

Sweet, I love it when I'm right on something.



Thank you very much for the fix Imac. I think that is a very reasonable solution.



Brandon

[quote]What do you guys think?[/quote]



I think that this situation in it’s current state is an excellent way for CS-Cart to seriously upset & loose a good number of customers.



I really hope this gets fixed real soon, last thing you ever want to do is get in the way of a business attempting to run it’s daily operation, will be a very big mistake… :mellow:

[quote name='Struck' timestamp='1314134579' post='120172']I really hope this gets fixed real soon,

[/quote]



Did you not read post #4?

This “problem” has been there since day 1… It is NOT new.

So before everyone gets a sore chest from beating it, one should look at not only the severity when an event occurs but also the likelihood of the event occurring. In this case it's pretty low.

Tony,



I totally agree. I think I've seen this addressed before and personally, I think CS-Cart's solution that Imac posted is a great solution. Try talking to the CS-Cart server and if, after 5 seconds there isn't a response, allow the admin to login anyways.



I also agree that the likelihood is low to have this problem, but I'm glad CS-Cart came up with a solution anyways.



Thanks,



Brandon

[quote]This “problem” has been there since day 1… It is NOT new.[/quote]



Well, if the problem has been there since day 1, then why is it that the Issue is only being reported in the above posts as related to 2.2.x ?



No doubt we have never been denied access to my business’s admin panel.


[quote]one should look at not only the severity when an event occurs but also the likelihood of the event occurring.[/quote]



You might have difficulty understanding this, however, a business being locked out of their online store’s admin panel for any period of time (thus not being able to process orders) would be considered by most as severe to say the least! :D

[quote name='imac' timestamp='1314107356' post='120130']

This problem will be resolved in the nearest versions.

[/quote]



So can you please clarify what is meant by this statement? Sometimes this means it will be fixed in next version, sometimes statements like this means you never know when it will be resolved. With as simple as the fix you have shown, I really don't understand why you would not say it will be fixed in the next version and then it be done. The “5 second” rule seems like a good workaround.



Quite honestly I am very surprised that this “stop feature” is there at all. I was just beginning to accept the verification part, but not this part that won't allow a user in to the admin at all if your server is blocked or unavailable. This is one of the parts that alarms me about the verification.



Thanks for the fix you have posted here. It looks like it is time to roll through the sites and fix this huge CS-Cart flaw or bug.



Hey Brandon, good job on finding it. Not that it was probably something you were searching for.

Thanks Jim.



Actually you guys are making me feel pretty good about myself. I just kind of stumbled upon this issue and was lucky enough to just happen to have the right pages pulled up and was able to link it together.



It is definitely nice to see you guys discussing this and hopefully CS will get the clue and put the fix in the next version.



Thanks,



Brandon

The issue I'm referring to is the timeout issue. The change provided reduces the PHP connection timeout from the default of 60 seconds down to 5 seconds.



I don't see anywhere in the code where it kills the admin.



They have added a lot of upgrade testing in 2.2.2 (this whole area of auth.php is new). So much for being a bugfix only release. By my definition, a bugfix only release means only fixing reported bugs, not making additional enhancements that may or may not be visible to the user.



I certainly hope they make this 5 seconds a constant in config.local.php so that it can be tuned on a site by site basis rather than assuming 5 seconds is a best value for all.

[quote name=‘Struck’ timestamp=‘1314134579’ post=‘120172’]

I think that this situation in it’s current state is an excellent way for CS-Cart to seriously upset & loose a good number of customers.



I really hope this gets fixed real soon, last thing you ever want to do is get in the way of a business attempting to run it’s daily operation, will be a very big mistake… :mellow:

[/quote]



Dear Struck,

I’d like to mention that even if our server is down, not everyone is unable to log in to the administration area, it depends on server configuration.

Also this functionality was included in version 2.2.1 and this is the first case when we’ve received such complains. As you remember, v2.2.1 was released almost two months ago.




[quote name=‘clips’ timestamp=‘1314148385’ post=‘120203’]

So can you please clarify what is meant by this statement? Sometimes this means it will be fixed in next version, sometimes statements like this means you never know when it will be resolved. With as simple as the fix you have shown, I really don’t understand why you would not say it will be fixed in the next version and then it be done. The “5 second” rule seems like a good workaround.



Quite honestly I am very surprised that this “stop feature” is there at all. I was just beginning to accept the verification part, but not this part that won’t allow a user in to the admin at all if your server is blocked or unavailable. This is one of the parts that alarms me about the verification.



Thanks for the fix you have posted here. It looks like it is time to roll through the sites and fix this huge CS-Cart flaw or bug.



Hey Brandon, good job on finding it. Not that it was probably something you were searching for.

[/quote]



Dear clips,

Let me clarify the statement. At the moment we do not know whether we will release the next minor release with bug fixes.

In a major release with new functionality, we will change the scheme of communication between a store and cs-cart, so it will take place in the background after the admin is logged in.

If a minor release comes out, I can say for sure that it will include the workaround from my previous post.

In other words, yes it will be fixed in the next release anyway.



Thank you guys for your vigilance.

[quote name='imac' timestamp='1314172581' post='120232']

Dear Struck,

I'd like to mention that even if our server is down, not everyone is unable to log in to the administration area, it depends on server configuration.

Also this functionality was included in version 2.2.1 and this is the first case when we've received such complains. As you remember, v2.2.1 was released almost two months ago.

[/quote]



You may not have received complaints because no one else put 2 and 2 together to figure out what the issue is. Not to mention many have not upgraded to v2.2.1 because of all the bugs.


[quote name='imac' timestamp='1314172581' post='120232']

Dear clips,

Let me clarify the statement. At the moment we do not know whether we will release the next minor release with bug fixes.

In a major release with new functionality, we will change the scheme of communication between a store and cs-cart, so it will take place in the background after the admin is logged in.

If a minor release comes out, I can say for sure that it will include the workaround from my previous post.

In other words, yes it will be fixed in the next release anyway.

[/quote]



Thank you for the clarification. Hopefully you do come out with another release with just bug fixes. I thought v2.2.2 was going to do that, but I think you missed some things and added new bugs. It would be nice to have a bug release well before the holidays because without a doubt there is no way I will be upgrading anything you release on a major level until after the first of the year. There is now way I would want to take a chance this close to the holidays. Shoot, the minor releases make me nervous enough, let alone taking a major jump when you haven't even got the current version operating properly. The main reason I want to do it now is to fix things like Google Products.

Hello Imac,



Thank you for your explanation as well as attention to our concerns!


[quote]Dear Struck,

I’d like to mention that even if our server is down, not everyone is unable to log in to the administration area, it depends on server configuration.

Also this functionality was included in version 2.2.1 and this is the first case when we’ve received such complains. As you remember, v2.2.1 was released almost two months ago.[/quote]



I was starting to come to the conclusion from reading the above posts that this license check callback method was something recently implemented in 2.2.x, or now being more closely enforced. I am a strong supporter of CS-Cart and have been for quite some time now, although this did catch my attention as a potential problem situation!



I have no problem whatsoever with the 5 second fallback method you mention. However, I did want to voice my concerns in that it will not be viewed as acceptable in any way by many business owners or managers if there are situations in which we are denied access to our admin panel thus prevented from conducting our business, that would not go over well. Many of us, as I do, take our businesses very seriously, it is no longer simply a hobby of which we can afford to be nonchalant about. I am an honest business person that has no problems paying for our site licenses or annual upgrade subscriptions, and I also do know there are many out there that are not honest, so I can fully sympathize and understand your concerns in the license verification process. So, as long as a very reliable fallback plan is in effect on your end, which will not deny licensed users the ability to continually operate their business, then all should be fine. ;)



Again, thank you for your concerns!

[quote]Actually you guys are making me feel pretty good about myself. I just kind of stumbled upon this issue and was lucky enough to just happen to have the right pages pulled up and was able to link it together.



It is definitely nice to see you guys discussing this and hopefully CS will get the clue and put the fix in the next version.



Thanks,

Brandon[/quote]



Yeah, thanks Brandon for Mucking around & opening a huge can of worms & nearly causing me to have a freaking heart attack, thanks alot dude! :P

I still don't see where this will cause a 404… The only real change is to reduce the TCP connection timeout down to 5 seconds (from a PHP default of 60). But after 60 seconds with no connection, it should just return control to the script and continue on (with no upgrade message). So I'm not sure this change addresses the 404 issue. Now it's possible that cs-cart was generating the 404 error which would be returned in the status. But that's completely different than reducing the time out. For the 404 error to occur, a connection must have been made for the webserver to return the 404 status to the client (cart).



So there's still something fishy hear or information that's not being communicated. So I'll just assume that it wasn't that their server was down as much as someone fat-fingered the configuration which caused a 404 which was then seen as an error.

Tony,



What are you talking about?



I tried logging into a couple of different stores on a couple of different servers and wasn't able to get to the admin. I also noticed that CS-Cart's helpdesk was down so I put the two things together and theorized that I wasn't able to login because CS-Cart was down.



CS-Cart has admitted that I am correct and has issued a fix.



This problem has nothing to do with my upgrade problem and I didn't even check that site when I figured out this problem.



So I guess I'm just kind of confused, sorry. ( Not that me being confused is something new )



Thanks,



Brandon

I'm saying that if you got a connection timeout you would not receive a 404 error. The call would return with no status info.



Hence, reducing the timeout value from 60 seconds to 5 seconds (which is what the change that Imac posted does) will not affect whether a 404 is being returned or not. The only way you're going to get a 404 error is if you in fact made a successful “connection” (I.e. it didn't time out) to the server but that Apache could not resolve to the requested page and returned a “Status” of 404.



The 2 are simply not related.



I don't care what cs-cart says, you're not getting the full information about the problem you encountered. Think about it… If the request returns in 5 seconds rather than 60 seconds, how is that going to affect Apache's response of “404 Page not found”? If that were the cause of your 404 then reducing the timeout would magnify the problem, not reduce it.