I am really new to Drupal and playing around with this existing Drupal site.
I did a FTP transfer of all the files to my local computer directory. I currently got it on a Vagrant box and I can access the site via http://192.168.56.101/html.
I can do http://192.168.56.101/html/anything-but-user and it brings me to the proper area on the site. However I can't do localhost/html/user, because it redirects me to the website URL rather than the local URL.
I tried clearing the cache (with Drush). I scanned all files in the system and changed the web url to the local URL [not sure if I need to do any other command], and I can't seem to find anything in the .htaccess files that would lead me to this.
The href="/user I would greatly appreciate any advice or help in figuring out this solution.
--UPDATED
There was a module called "Secure Pages" that was causing the user and registration links to be locked and static to prevent redirects to phishing sites. I had to disable this module using "drush pm-disable securepages" in the terminal.
Some typical items you may want to check:
Check if you get the same problem using another browser. If with another browser it works, then it is pretty sure a cookie problem. To solve that, delete the cookie in the browser where you have the problem.
Make sure "clean urls" is enabled. Refer to "https://drupal.stackexchange.com/questions/165029/clean-url-leads-to-duplicate-url-after-migration-to-another-hosting/165044?s=1%7C3.9647#165044" for more details on that.
Make sure the value of "base_url" is set correctly (in your settings.php).
If module Secure Pages is enabled, then try to (at least temporary) disable that moduel to see if it helps.
Apparently, there was a mod called "SecurePages" that was causing the URLs to be static to prevent someone from changing them and redirecting users to a phishing site.
Related
Anytime I open my client's website, the URL keeps on adding an unnecessary parameter
Example:
Website URL => https://example.com/
While loading, the URL will change into this
https://example.com/QKYUZ/YenNS/RQlKZ/QYSQc/SnSfZ/ljLWX/
or when login at the back office...
https://example.com/wp-admin/ => https://example.com/QYSQc/wp-admin/
I'm using WordPress, that happens either on the website or at the back office. Sometimes it will show different errors because of those.
Does anyone know what is happening or how can I fix this?
This is not the normal behaviour of WordPress. My first guess is, you have a plugin that's acting funny. I suggest you do the following;
Make a local copy of your website and set up using a local server and a database.
Once the site is up and running locally, go to plugins and deactivate all plugins. Re-enable them one after the other and you should find the culprit plugin.
This should help you resolve the issue.
I have a drupal site connected to another non-drupal site. (All php) They have Single sign-on. Some info is stored in a cookie. So when a user signs in in the Drupal site and clicks the link to the other site he is automatically signed in in the next site. The new (or existing) user gets generated (or updated) automatically every time.
Now the problem:
Somehow some of my changes to a couple of pages regarding this authentication are ignored when I use the HTTPS:// link. It looks like it keeps checking the old files... Like they are stored in a hidden place? When I change to HTTP:// suddenly it takes the new modified files...
And it only happens to files about the authentication process. All my other commits to other parts of the second website work like normal. Just these couple of authentication files get ignored.
Does anybody knows why https behaves like this?
Could this be server caching or php caching ?
I'm going to post the answer to my own question so hopefully I can help someone else with a similar problem.
There were 2 files with the same name.
The HTTPS login file was in the private_html folder.
the http login file was in the public_html folder.
They both had the same name. So when I updated the http file and pushed it to the server, the https login file stayed untouched. And since the https login file was not in the git repository I couldn't find it locally, but only on the server...
Problem solved, so no caching problems at all.
I am no longer able to access the admin panel of a Wordpress site. 2 days ago I added a plugin, loaded some new content, and things were working fine. The client loaded some regular blog posts, and today, it no longer works.
First of all, the error itself:
I go to URL: mydomain.com/wp-admin, the browser redirects to: mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fmydomain.com%2Fwp-admin%2F&reauth=1
The error message says:
Not Found
The requested URL /mother/18/readf.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
What I know so far:
Nothing in .htaccess redirects to mother/18/readf.php
A search of similar errors gives a lot of results where urls within normal sites seem hijacked to sell antidepressants, viagra, etc. When I say normal sites I mean that there are sites that do logistics,
https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mother//readf.php&safe=off&nfpr=1&start=10
https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mother//readf.php&safe=off&nfpr=1&start=10
Disabling all plugins doesn't help (I renamed the plugins folder and then tried to log into the admin).
Searching the database for readf.php or mother doesn't show anything obvious.
The client claims to only have made changes to content since yesterday, when the site admin was still working. (Yes, claims... they have superadmin access, so this might not be true).
Has anyone come across this issue? Any ideas on what I can look for next?
Sounds like you got hacked. Time to fix it right the first time, or you will get hacked again. You need to replace all core WP files/folders (except wp-config.php and wp-content), but scan the uploads folder and theme for exploit code and modified files or added files, like readf.php. Replace all plugins, too.
Also scan the database for eval code and added administrators. (See "My Site was Hacked" below).
Change all host, FTP and WordPress passwords in the process. Scan your own PC for malware that might have grabbed logins and passwords.
Tell your web host you got hacked; and consider changing to a more secure host.
Carefully follow FAQ - My Site Was Hacked at WordPress.org.
Then take a look at the recommended security measures in Hardening WordPress and Brute Force Attacks at WordPress.org.
I have WordPress installed and running on GAE and have added my own custom domain via Google Apps. This is great but my appspot.com url is still publicly accessible and searchable.
How would I go about blocking this and redirecting to my custom domain?
I imagine it involves adding a url handler in the app.yaml file that points to a php file. I have no idea what would go inside though.
Also, how would I then go about setting up a 301 redirect for website canonisation and SEO that accounts for SSL and cron entries?
Any help is appreciated, thanks!
The appspot.com URL is always accessible and there is no way to turn it off. You can't do much in the app.yaml since it's not aware of the custom domain. I'm not really a PHP guy but you should do is to write manually the redirect based on the host URL if you really want to do that. Since you're using WordPress you might need to do quite some work if you don't want to redirect only from the root, but from any page.
Personally I think you should just leave it there and do nothing, even Khan Academy is not redirecting (http://khan-academy.appspot.com) and I'm pretty sure that very few are actually doing that.
We built a website for a client using Wordpress. We used a testing server which always works well. Wordpress was hosted as a subdomain, i.e. http://wordpress.ourcompany.com. I have direct and full access to the server. In the etc/apache2/sites-available directory the file describing the site in question uses the final name http://clientsite.com as ServerName, our temporary subdomain (under which we have been building) is a ServerAlias.
When we were almost ready, we of course asked the client (who already had a website) for their domain login. We changed the DNS like always. It resolved, the site worked well. Although Wordpress kept redirecting (of course) to the subdomain-variant, we could enter the site with the full domain.
Now comes the culprit. I changed the Wordpress settings (siteurl and home) to match the new site. The front-end works brilliantly. However, the back-end is unreachable as long as the settings are in this way. The login page shows up, but just redirects back to itself. If I simply change the Wordpress settings (in the options table) I can log back in, but we want to rid the subdomain necessity (of course).
Things I've already tried (I'm not one to easily ask of your time):
Clear .htaccess
Clear my cache & cookies
Different computer, different browser etc.
Change only the home and not the blogurl value. Sadly, this corrupts some plug-ins
Remove all plugins
Comment some lines as instructed in the wp-login file
Naturally, everything I could find on codex.wordpress
Set the admin cookie path
So, brilliant collective mind that is Stack Overflow, what did I do wrong? DNS? Wordpress settings? Thank you in advance.
You need to go into the settings on the live server and change the URL's to the current site. You'll have to do this by accessing the database directly. It's the wp-options table, and there are 2 entries where the url's are the value. Update those. That should fix the looping.
I found an answer today : the user in the database didn't had the right permissions. You can look up in the error log if there are lines that indicates this.
I also had tried before : removing all content from htacess, reinstalling wordpress etc.