I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:
if I create a new user from the backend, this doesn't appear in the _users table;
a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.
Did my website get hacked? How could I fix it?
".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.
Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.
Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.
Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected
Nothing you say leads me to believe your site is hacked
The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like
mysite.com/index.php/component/users/?view=login&Itemid=yourid
which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password.
Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend.
Went back to the frontend and clicked on login, I was now redirected to a different url that looks like
mysite.com/login
where "login" is the alias that I had chosen for the Login menu item.
After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.
Related
so I have recently implemented a reset password feature in my App, which sends a email to the user with the reset password link. Something looking like this
https://myfirebaseapp.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=XXXX&apiKey=XXXX&lang=en
But then when I click on this link, the page freezes up and doesn't load at all. So then I thought maybe its caused due to API Restrictions to allow only certain domains which I preconfigure. So I went to fix it by adding the websites to the allowed sections in the "edit API key " section. But it still doesn't work. So is there any other setting that I need to change or add?:
Please include https://<app-name>.firebaseapp.com as well.
I am using a Wordppress plugin, WP Embed Facebook, to display a "live" photo feed from an album on a Facebook page/account I have control over. It used to work fine, displaying thumbnails in one of my footer widgets that when clicked opened in a lightbox. Lately, instead of said thumbnails, the following message is disalyed:
Error: (#10) To use ‘Page Public Content Access’, your use of this
endpoint must be reviewed and approved by Facebook. To submit this
‘Page Public Content Access’ feature for review please read our
documentation on reviewable features:
https://developers.facebook.com/docs/apps/review. (only visible to
admins)
(see far right footer widget at http://www.sugaroafculinary.com)
In following the link in the error message, it would seem that my "app" (i.e. the web page using the plugin) needs to undergo a review/approval process from Facebook, which seems to me to be quite the excessive set of hoops to jump through just to access content on my own page, but I digress...
If I'm reading the documentation correctly, they require access to the "app" in test mode so that they can see it in acton. In an attempt to meet this requirement, I:
logged into my FB app dashboard where the plugin required me to create an app in order to get an App ID and an App Secret anyway. No big deal.
Created a 'test app' from that from that app and configured the plugin to use the test app's App ID and App Secret
The long and the short of my current issue is that, I get the same error message with the test app as with the original. I was under the impression that being a test app, access to the endpoint would be allowed. Not so much. I don't know how I can provide Facebook access to my working test app if it produces the same error as the production version.
I'm sure i'll run into more snags with the remaining hoops I'm jumping through, but for now if anyone had any advice for how I can get the test app access to that endpoint so it can be viewed in a working state for FB review, I'd be ecstatic.
OR there's the possibility that I've misinterpreted the requirements - if it looks like that might be the case, please do not hesitate to bring that to my attention either.
Thanks!!
UPDATE
I found the following that sounds like it might indicate that if "the person" who is the publisher of the WP page containing the plugin is the "the person" who is an admin of the app in the FB system, the endpoint is accessible.
"While you are testing your app and before you submit it for review,
your app can only access content on a Page for which the following is
true: The person who holds the admin role for the Page also holds an
admin, developer, or tester role on the app. If you want the app to be
able to access public content on other Pages, you must submit this
feature for review. Once you set your app to live mode, it will not be
able to see any Page public content without this feature."
Now what exactly does "the person" mean? I added the FB account that has the same email address as the publisher of the WP page as an admin of the app in the App Dashboard, but the results are the same. I can't think of any way (other than by email address) that Facebook would be able to figure out that a WP user is the "same person". Am I missing something here?
Submitting for Page Public Content Access would be the wrong thing to do here to begin with.
to display a "live" photo feed from an album on a Facebook page/account I have control over.
So that makes it not public access to begin with - that feature is for accessing public content of pages you don’t have admin access to.
Accessing the photos of your own page requires a page access token - and getting that in return requires the page admin to grant manage_pages permission to the app.
If the plugin is showing you an API response talking about Page Public Content Access, then it means it did not use a proper page token for the request to begin with.
Now I don’t know this plugin, and whether it is prepared to ask for that when retrieving an access token, and if so whether something else goes wrong. I would suggest you contact the plugin author for support.
But again, Page Public Content Access is not what you need here.
I am working on an application running on IBM Websphere 8.0.
Whenever I append ibm_security_logout?logoutExitPage=<any other website or domain>, the session gets terminated and the user is redirected to the other website.
I am fine with session getting destroyed, but I do not want the user to be redirected to any other website mentioned after the logoutExitPage parameter.
Could anyone help me with this?
Let me know if more information is required.
Make sure you applied the latest fix pack. This was fixed in the 8.0.0.1, which only allowed pages from the same website. If you need to go to external sites you have to configure following paramters:
By default the URL to the logout page should point to the host to which the request was made or its domain. Otherwise, a generic logout page is displayed. If you need to point this URL to a different host, then you need to set the com.ibm.websphere.security.logoutExitPageDomainList property in the security.xml file with a list of URLs that are allowed for the logout page. You can choose to allow any logout exit page to be used by setting the com.ibm.websphere.security.allowAnyLogoutExitPageHost property to a value of true. Setting this property to true might open your systems to a potential URL redirect attacks.
For more details check Customizing web application login
Established in Drupal module "linkedin integration".
I have an API Key and Secret key on //www.linkedin.com,
There are two problems:
1) The module is configured, but you receive this error:
"401 : No LinkedIn account is associated with this user"
2) Posting of Content not working
If I edit a page and try to post it to linkedin it doesn't work. If I turn on debug I get the following:
Linkedin debug : LinkedIn.com answered "< : <
How can I fix this problem?
Problem one is that you have not yet linked your user with your linked in user.
To do this you should login as a normal user (password username from drupal).
Then when you go to your user edit screen you should see a tab linkedin if you click on it it will offer you the possibility to link your account. Make sure you are not in admin overlay mode it might not redirect you to linked in then.
After that save and you should be able to login
The posting problem can be more things.
I noticed that it takes pretty long for your post to appear in linked in so it might be that.
You did not show the rights you gave your application but make sure that in linked in you at least selected "rw_nus"
Linkedin documents show that right as doing:
Retrieve and post updates to LinkedIn as you
Im talking about the settings here:
The message debug gave back does not seem to mean anything (is a bug in the module i believe). I tested it myself and i got the same message and my post did appear a few minutes after that in linkedin
On Drupal 6 I am attaching a file to a node. This can be done using the core upload module or as a CCK field (What ever will achieve the permissions issue).
I would like anonymous users to be able to see the file, but once they click on it to be prompted to login or register. Once logged in (or registered) then to be taken to either the same page they started on or start the download.
Not really sure where to start on this (related to the permissions and then the eventual redirect).
One method that i would do is in the template files detect if there is a userid variable (To indicate they are logged in), if there is show the link to the file - if they are not then to send to the login/registration page. I can store the link they wanted in the user session. But then how would i detect their registration is complete and redirect them to the page/file?
Ideally there is a module (which I am still hunting around for) that does this task!
Basically, you just need to set the destination parameter, this works for the basic login/registration form. If you however require something like email confirmation for registration, then it's going to be a lot more complicated.
Example Links:
user/login?destination=download_url
user/register?destination=download_url
There is also an API function that will automatically generate the destination part for the current URL: http://api.drupal.org/api/drupal/includes--common.inc/function/drupal_get_destination/7.