I'm trying to use lightOpenID, which should be simple and a case of uploading the files then testing it works.
When I use the example-google.php I get click the login button, the first time it asked me to login to Google and allow/remember the site I'm building. Then it redirects back to example-google.php?login and a load of attributes. But that page says "Forbidden. You don't have permission to access path/to/folder/example-google.php on this server."
if I delete the attributes including ?login in the url, then I get the "Login with Google button" so clearly I do have file permissions correct.
If I click that button from now on it redirects me to the forbidden page right away, so clearly Google is remembering I'm logged in and happy with my site using the login.
I've rattled my brain over this, tried searching for help and all sorts. Any help is appreciated but I'm near the point of abandoning openid (because the other libs seemed more trouble to implement).
After a lot of searching on this very issue, I got it to work. The issue is likely that your apache server or hosting provider's apache server has mod_security configured to block URLs in querystrings. My hosting provider is Hostgator, and all I did was ask them to whitelist my domains, and it stopped giving me the 403.
Use openid.php file. I have tried it, it redirects back successfully. You must be doing something wrong. Please state the problem in detail. Also, I can't access the link you have given here !
Related
I am very confused, so please bear with me on this one.
I have a CakePHP web application (v3.8) and for some reason, it does not have a /http/ folder...I didn't develop the base part of the app, and for reasons I can't go into, I can't contact the developer.
This usually does not matter since the site works great! My issue is that we run IP logging so users can see IPs that have logged into their accounts. We started using Cloudflare, and now we are logging Cloudflare's IPs instead of actual user IPs. My research brought me to this page, but the file referenced that I need to change does not exist. The file that needs to be changed is /http/serverrequest.php, and the file does not exist.
Any help would be appreciated, I am a bit over my head with this one, but it seems like if I can find (or create) that file, and set the proxy setting to true, the IP logs will work. My main concern is if I am missing something and that isn't a good solution for whatever reason, which is why I am asking for help! Thanks again in advance!
Thanks to ndm's comment, I found the file in /vendor/cakephp/cakephp/src/Http and was able to make the changes there.
I received email from Google search console saying my website contains social engineering contents. Sample URL is,
http://www.sanenthusiast.com/~stechies/Blessin/ba/index.php
Safety tip For your own safety do not type anything in the page.
Somebody hosted a mockup site of Google drive login page on these links. How to get rid of this? I have thoroughly checked my webserver an I dont see any of these folders or files. Looks likes ~stechies/ could be some other webserver and I guess using Apache they have pointed ~stechies/Blessin/ba/index.php and ~stechies/Blessin/ba/ to my webserver sanenthusiast.com/?
Is this correct? It will be of great help if someone could help to stop this redirection.
I checked who owns stechies and found https://www.stechies.com/ Are they behind this phishing scam? Or possibly someone else has hacked them?
Edit:
Another user in stackoverflow posted similar issue on his site - Someone put malicious code with "~" on my website
Tried all possible ways to mitigate the issue. But it was very hard to get rid of the URL redirect. My site runs on WordPress. I can confirm that WordPress was intact and not compromised. The possible issue is with the hosting account or the hosting provider itself.
Checked hidden file in the hosting account root directory, no where ~stechies/Blessin/ba/ to be seen. Finally I ended up migrating to a new hosting provider. Copied only mail and WordPress backup. Once done, the URL redirect is not working now. Submitted my site again for review and Google cleared the error and no more warning comes up.
This still not a effective solution but Google reporting Social engineering content on the site caused panic and I had very less time to respond.
So I'm completely new to working with WordPress and I've had to figure this out by watching YouTube videos and reading articles. I'm not a programmer, all I really understand is HTML & CSS.
So I finished the site on the localhost and I tried to upload it to my hosting service. I created a database and my hosting provider walked me through on creating a subdomain. After that was completed I logged into the admin side of to redirect the URLs. Once I clicked 'save' it logged me out and when I tried to log back in it gave me this error "ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress." However, the cookies are enabled and the site is live in its subdomain. When I go to test.mydomain.com it works, there's a few things broken but it's showing up. For example, when I click a link it takes me to a localhost url but if i click on the link again it takes me back to the test.mydomain.com url. Plus, when i go to the admin site it's still giving me the error. I have no idea how to go about fixing this. I tried to figure it out but I don't really understand since I'm not familiar with WordPress. Please help!
I'm working with the PHP SDK on localhost. I've looked at other questions posted on here like this:
Can't login to website using facebook's api's
Domains, urls, login urls all match. The app secret and id match, sandbox was never turned on (double checked to make sure). I had trouble moving it to a new laptop, cuz the folder i put it in was called something else. After i changed that it worked fine.
The problem I'm having is, I as the owner of the app can log in and it does what i want it to do, but if i have a friend, or another user try to log in, it asks for permissions, then shows the "An error has occured, Please try later" facebook error page. Not entirely sure why its doing this, because i havn't hardcoded my info into it at all.
I've used different browsers, cleared cookies, nothing seems to work. Any ideas would be helpful.
EDIT: i've also tried destroying the session before login, didn't help.
Thank you.
Other people cannot access your app 'on localhost' if they are not using your computer, which is the local host.
If you want other people to be able to use your app, they'll need a copy of your code, running on their local machine, or you'll need to make it available via a publicly accessible IP and/or domain name.
I'm trying to use lightOpenID, which should be simple and a case of uploading the files then testing it works.
When I use the example-google.php I get click the login button, the first time it asked me to login to Google and allow/remember the site I'm building. Then it redirects back to example-google.php?login and a load of attributes. But that page says "Forbidden. You don't have permission to access path/to/folder/example-google.php on this server."
if I delete the attributes including ?login in the url, then I get the "Login with Google button" so clearly I do have file permissions correct.
If I click that button from now on it redirects me to the forbidden page right away, so clearly Google is remembering I'm logged in and happy with my site using the login.
I've rattled my brain over this, tried searching for help and all sorts. Any help is appreciated but I'm near the point of abandoning openid (because the other libs seemed more trouble to implement).
After a lot of searching on this very issue, I got it to work. The issue is likely that your apache server or hosting provider's apache server has mod_security configured to block URLs in querystrings. My hosting provider is Hostgator, and all I did was ask them to whitelist my domains, and it stopped giving me the 403.
Use openid.php file. I have tried it, it redirects back successfully. You must be doing something wrong. Please state the problem in detail. Also, I can't access the link you have given here !