Troubleshooting Login Related Problems in Zen Cart

You may face problems during login as a customer, or in the administration area. These problems are mainly due to some settings which control session handling and the authentication of users. The following sections highlight some common problems related to login.

Session Handling in Admin Area

It has been said earlier that Zen Cart’s sessions are managed using the PHP session handling features. In general, it works as follows:

  1. A session is generated upon login of a user. For customers, the session’s name is zenid, and for admin users, it is zenAdminId.
  2. On starting the session, PHP attempts to set a cookie in your browser. The cookie stores that session ID so that it does not need to be shown in the browser URL all the time. If the session ID is not in the cookie, it is shown as part of the URL; something like &zenAdminID=243524524524525 is appended to the URL. If a cookie is set, the session ID is in the cookie, and the session name and number don’t need to be appended to the URLs. Zen Cart needs this session ID to keep you logged in.
  3. When you log out, or the session ID is lost, the session data is reset and your authentication data is removed. As the session ID is lost, you need to login again. This generates a new session ID.

Starting from Zen Cart v 1.3.8, a security token is generated, and embedded in the login form to identify that same person while logging again.

Understanding this session management helps you identify the cause. As discussed earlier, you may identify a problem while generating session ID, storing it in cookies, retrieving it from a cookie, or while re-using it. Session management problems may occur when Zen Cart cannot recognize the user’s session ID:

  • When cookies are blocked by a firewall, or a browser configuration. If you are using a firewall, first check whether it blocks cookies. If not, suspect the browser. By default, browsers receive cookies. However, in case of a problem, you should check the browser’s configuration options.
  • When PHP is configured wrongly, or has certain session settings set to methods incompatible with Zen Cart, such as session-auto-start and transitive-sid. You will get warning messages during installation if these PHP settings are found at that time. However, these may change after installation, and create problems to your Zen Cart’s session management.
  • When you have configured your site to store session data in files but your file system does not have permissions to write on the files. Appropriate permissions to the session file may be the problem.
  • When you have configured your site to store session data in the database but the database table (that is zc_sessions) is corrupt, or the database storage is full and new records cannot be added.

Sometimes this may occur that you cannot remain logged in to the admin area. This shows the problems of handling PHP sessions in Zen Cart’s administration area. First, try closing the browser windows, clearing the browser cache, cookies, and restart your computer. In most of the cases, this will solve your problem if that is due to caching of cookies in the browser. If the problem is not related to caching, it may also be due to incorrect SSL configuration. To solve such problems, edit your /admin/includes/configure.php file and change ENABLE_SSL_ADMIN to false. Then, clear browser cache, cookies, and try again.

Security Error during Login as Customer

If you have upgraded to Zen Cart v 1.3.8, you may receive an error message while trying to login, “There was a security error when trying to login”.

This happens due to the fact that Zen Cart v1.3.8 has an added security feature to prevent spoofed external logins. All login forms have been designed to include a security token field. When a user tries to login, the security token is also submitted with the username and password. This security token needs to be current in order to login successfully. If the security token field is not the current one, or is outdated, then an error will be thrown.

If you have a customized template’s login files, there is a possibility that the old files don’t have that security token field with the login form. You need to merge new security features into the login file template.

In general, the following files are affected by this new security feature:

  • /includes/templates/CUSTOM_TEMPLATE/templates/tpl_login_default.php’
  • /includes/templates/CUSTOM_TEMPLATE/templates/tpl_timeout_default.php’

And for admin area the file will be: /admin/login.php.

In tpl_login_default.php, you find the following code block:

<label class="inputLabel" for="login-password"> <?php echo ENTRY_PASSWORD; ?></label>
<?php echo zen_draw_password_field('password', '', zen_set_field_length(TABLE_CUSTOMERS, 'customers_password')
. ' id="login-password"'); ?>
<br class="clearBoth" />

You have to insert the following line of code before the code block shown above:

<?php echo zen_draw_hidden_field('securityToken', $_SESSION['securityToken']); ?>

Similarly, you have to add the above line in the tpl_timeout_default.php file.

Additionally, if you have customized your /includes/functions/sessions.php file for some reason, you’ll also need to merge the new changes for this core file into your customized version. In your old customized /includes/functions/sessions.php file, you will find the following code block:

function zen_session_start() {
@ini_set('session.gc_probability', 1);
@ini_set('session.gc_divisor', 2);
if (defined('DIR_WS_ADMIN')) {
@ini_set('session.gc_maxlifetime', (SESSION_TIMEOUT_ADMIN < 900 ? (SESSION_TIMEOUT_ADMIN + 900) :
return session_start();

For Zen Cart v 1.3.8, you need to change the line return session_start();. Now the code looks like this:

function zen_session_start() {
@ini_set('session.gc_probability', 1);
@ini_set('session.gc_divisor', 2);
if (defined('DIR_WS_ADMIN')) {
@ini_set('session.gc_maxlifetime', (SESSION_TIMEOUT_ADMIN < 900 ? (SESSION_TIMEOUT_ADMIN + 900) :

$temp = session_start();

if (!isset($_SESSION['securityToken'])) {

$_SESSION['securityToken'] = md5(uniqid(rand(), true));


if (ereg_replace('[a-zA-Z0-9]', '', session_id()) != '') session_regenerate_id();

return $temp;

Note – The best way to reflect these changes in your custom template file is by using a file comparison, or a merging tool such as WinMerge. You can see the differences and merge them using this tool.

Forgotten Admin Password

The password for the administrator account is assigned during the installation of Zen Cart. Once the installation of Zen Cart is finished, you can log in to the administration area by using the admin account and its password. If you forget the password for the admin account, there is an easy way to get a new password. In the admin login page, click on Resend Password, and then type the administrator’s email address and click on the resend button. A new password will be sent to that email address. You then can log in using that password.

If for some reasons you cannot retrieve the admin password using the Resend Password feature, you have to create a temporary admin password for logging into the administration area. However, you need access to your MySQL database. Usually, you get cPanel and phpMyAdmin installed on your server.

For creating a temporary admin account and password to login to the administration area, follow these steps:

  1. Login to cPanel and run phpMyAdmin.
  2. Click on the SQL tab and run the following query:
      DELETE FROM admin WHERE admin_name = 'Admin';
    INSERT INTO admin (admin_name, admin_email, admin_pass, admin_level) VALUES ('Admin', 'admin@localhost',
    '351683ea4e19efe34874b501fdbf9792:9b', 1);

    If you are using a prefix to the Zen Cart database tables, add that prefix with the table name, for example, INSERT INTO zc_admin.

  3. Running the above query will create an admin account with the password as admin. Now, you can log in to the admin area using the username admin and password admin.
  4. Change the password and email address once you have logged in to the administration area.

For more information on Maintenance an Troubleshooting of Zen Cart, please consult Chapter 9: Maintenance and Troubleshooting of Zen Cart: E-commerce Application Development by Suhreed Sarkar (Packt Publishing, 2008).This is excerpt from that chapter and made available with kind permission of the publisher.

Posted via web from Zen Cart Cookbook


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s