I've got a production site with three users, two of which are admins. None are able to log in with their password; They get "Sorry, unrecognized username or password. Have you forgotten your password?" We ARE able to log in by requesting a new password and getting a temporary login key, so I'm able to access the administration pages and look at the unhelpful logs, but of course this is not sustainable.
I've tried:
logging in on various devices
clearing the cache
running update.php
adding a $cookie_domain in settings.php
checking the database to make sure the users exist (they do, with hashed passwords)
My .htaccess file reroutes all traffic to https://www.
Core is Drupal 7.59.
Any thoughts?
I was using the Drupal 7 module "Hide Node Field." When I deactivated that module, user logins began working again. I will file a bug report with the Hide Node Field developers.
Related
I have a live site (example.com). Instead of making changes and finding bugs when the public can view the site, I decided to setup a staging webiste. I followed the directions for setting it up here.
It appears to have worked, when I go to staging.example.com everything is there. But when I try to login staging.example.com/wp-admin.php it keeps giving
ERROR: Invalid username. Lost your password?
I tried my normal password and the password I used to create the new database.
What did I do wrong or what step did I miss? How can I add a new user to the staging account? I checked wp-config.php and believe I have the DB_NAME, DB_USER and DB_PASSWORD correct.
This is browser caching and cookies.
Try to open the page in anonymous window or another browser, or fully clear your cache and cookies
staging.example.com/wp-admin.php
This path does not exist, you need go to
staging.example.com/wp-admin/
When you need to create new user with database - you can open the database with phpMyadmin, and create user in the table wp_users. The password field must be left blank, and then go to the wp-login.php and recover the password to setup new one.
Running Drupal 7 on DrupalVM. Had a successful installation, but when I visited my Drupal site, it requires a login and password. I couldn't find in the docs where the root admin login credentials are. Usually Drupal allows you to set this up, but not the case with DrupalVM (unless its in a config file and I overlooked it). Are there root login credentials or do you have to create an admin user (through your db) when first getting started with DrupalVM? Thanks.
Username and password: admin:admin https://github.com/geerlingguy/drupal-vm#3---configure-your-host-machine-to-access-the-vm
My friend asked me to help him with his site on wordpress, he lost the wp admin panel password.
But he didn't loose the mysql login information so sirst i thought about changing the password right through phpmyadmin. I get in phpmyadmin and saw that password looks a little bit strange, like this $P$BUKCBYLJ.MmLPqlzZTw4P/rLnR.omZ.
This article helped me to create password that looks the same as passwords that already existed in mysql db passwords, so i put it in my admin's user_pass field.
But i'm still unable to log in.
Actually, when i try to access /wp-admin/, i see no standard wordpress login page
I see this
And when i fail to log in it gives me 401 and shows this page
Is it ok? What the difference between situations when standard login page shows and when this authentication alert box shows ?
Anyway, all I can think of is:
1) Online password hasher gives me wrong password,
2) You see, this authentication box says "please use your control panel password", so i think the site uses some other passwords, not passwords that are in it's db. Is it possible?
Thanks in advance!
You are seeing a Basic HTTP Authentication prompt, which is not part of WordPress - it is being sent by your webserver (likely Apache or Nginx). This provides an additional layer of security against brute force attacks as you need to "log in" to the web server before you can authenticate against WordPress.
The passwords for Basic Authentication are typically stored in .htpasswd files, and defined either in an .htaccess file or your webserver's configuration. Refer to this guide for some more information on how this is set up.
You will need to reset the Basic Authentication password in the .htpasswd file, or remove it entirely, before you can log into WordPress. Once you access the WordPress login prompt you can use the password that you have set for the user you want to login as. Options for resetting your WordPress password via SQL, phpMyAdmin, FTP, and the WP CLI can be found in the article Resetting Your Password on the WordPress site.
We have a problem on a drupal 7 site. Logged in or anonymous users are not able to access other user's contact forms. Admins can access the forms.
We have set permissions to allow users and guests to access both the site wide and other users contact forms. Users can access the sitewide contact form.
If we give users permission to administer and edit all user accounts, they can view the contact forms. Obviously, we don't want to grant this access.
Any ideas to solve this problem?
This is a permission problem.
You have to set the permission to guest users to see this form.
In Administer - Users - Permission.
Regards.
Go to People - Permisions, find a module "User", find a line "View user profiles" and set permissions there for your user roles.
17/11/2014.
I had the same problem.
Go to:
Modulos-> Contact(Module) -> Permission -> In the column "ANONYMOUS USER" pick up -> "Administer contact forms and contact form settings", "Use the site-wide contact form", "Use users' personal contact forms".
It's works perfectly.
I also had this problem. Feedback from anonymous users through contact form always returned "Access denied".
From the logs it turned out seckit module was blocking form submission with the following error "Possible CSRF attack was blocked." All I did to get the contact form working again was to comment out the "Base Url" in Drupal setting which I added earlier on.
We ran into this issue recently when testing some changes, and permissions were correct, but it turned out that any 5 submissions from the same IP address resulted in an "Access denied" message for an hour (unless logged in as an admin). This was a result of Drupal's core but hidden flood control/limit settings (to prevent spam/bot activity).
Workarounds we found (if necessary, though we just ran into the problem while testing contact forms more than normal) were either to change the default allowed submissions/time in settings.php by adding lines like the following (for example):
$conf['contact_threshold_limit'] = 10; # limits to 10 submissions from same IP
$conf['contact_threshold_window'] = 1800; # reset flood after 1800 seconds (half an hour)
or to install the Flood control module, which provides a handy GUI for changing these and related settings (i.e. login attempts) without having to bother editing settings.php (which would take precedence, I believe).
I'm having a problem which I can't solve.
I have bought a cheap vps, with ubuntu 12.10 then installed the tomcat7, maven, and nexus. All of them are the latest. This is a fresh install from everything. I started and deployed the nexus, no errors in catalina, no errors in nexus, and when I tried to login with admin/admin123, I have failed.
I'll show you any of my log file what you need, please help me with this.
EDIT: nexus is 2.2-01
EDIT2: this is a cheap server with 512 ram, running without X
My security-configuration.xml is this:
<?xml version="1.0"?>
<security-configuration>
<version>2.0.3</version>
<enabled>true</enabled><!-- was true -->
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
<anonymousPassword>{1FH7iFzhCukHI3ISkjq+AuQZb+bOMrB70bGqF2y6fNE=}</anonymousPassword>
<realms>
<realm>XmlAuthenticatingRealm</realm>
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
</security-configuration>
Do the following:
stop Nexus
change the enabled in the xml to false
restart Nexus
get in without anything as admin that way
reset the admin password
enable the security again in the user interface
Oh and btw. I would suggest to run Nexus from the bundle with Jetty on a VPS and not with the war file in Tomcat so you get more performance out of it.
Update: Security can no longer be disabled in Nexus 2.7 and up. You have to insert an admin user into the xml as documented in this support page.
Resting nexus admin password from default "admin123" to more secured password without changing config files.
I got my nexus instance up and running with no issues login in as admin user and default password. I wanted to reset admin password ( to more secure password) and followed the following instructions (without touching the security.xml file as i hate changing config files to do any password resets)
Login to nexus with admin user and default password.
Click on server link under administration tab.
Make sure that SMTP settings are set up correctly ( hostname , port
, username and passowrd).
Click on "Test SMTP settings" and provide an email address to see if
you get mail from nexus server.
If you have already set up SMTP correctly on your instance you don't
need to run step 3 and 4.
Hit "Users" link under Security tab and select admin user. make sure
you have set up the correct email for this user.
Log out of nexus .
Login and hit forgot your "password" link.
The password recovery screen will prompt you for user which is
"admin" and email should be the one you have listed in step 6.
Hit "Reset Password" button and you ll get a much stronger password
in email .
Again Checking SMTP settings and admin user's email is one time action. Step 8 to 10 take less than a minute and one can easily reset admin password without touching the security.xml file. Ofcourse this file will be automatically updated as soon as you login with new password. Preferred way than modifying the file manually.