My question has to do with Civicrm member signup page. I am getting an error for anonymous users that they are not allowed access to the page.
I am using Drupal 7 and CiviCRM 5.3. I am relatively new to Drupal. The site is located on a domain that is being used simply for testing purposes.
I have researched this already and have not received much in the way of finding anyone with a similar issue. Other then seeing posts about user 0. I checked and user 0 is there and seems fine.
As part of trying to resolve the issue I also setup a mock event. Same thing happens on that also. An anonymous user can see the event but as soon as the registration page is clicked it gives the access denied message.
I have also checked the permissions and roles and anonymous is allowed to access the pages. In other words sign up for events and make contributions is checked.
Here is the page for the member signup.
https://hebrewburialofnewhaven.org/civicrm/contribute/transact?reset=1&id=1
Event info page : https://hebrewburialofnewhaven.org/civicrm/event/info?reset=1&id=1
Event registration page : https://hebrewburialofnewhaven.org/civicrm/participant/add?reset=1&action=add&context=standalone&eid=1
This is the actual site https://hebrewburialofnewhaven.org
Please keep in mind this is only a development site and not a production site. We are testing using Drupal with Civi. Because wordpress has really become very resource intensive and seems to have a lot of issues running civi cleanly.
I thank everyone for any help or guidance on this. It is probably something stupid I am missing or didn’t configure.
I am looking for a way to create an undeletable admin user in wordpress. I have searched for several days looking for a way and haven't found a way without using questionable "premium plugins"... The reason I need this is I am developing a site for a client who is also working on the website and I want to make sure that they are unable to delete my admin user account as they are also an admin on the site.
Any help would be greatly appreciated. Has anybody done this before?
Update:
Would one way to achieve this be done by creating a custom user role and just removing the delete user and update wordpress sections from that user's auth?
Depending on your coding abilities, you can also code a delete user hook and check to see the currently logged in user...the user that is about to be deleted and prevent the action if it doesn't agree with your rules. You could put this in the theme's functions.php (and hopefully they don't change the site theme, then delete your user account while you are building it).
https://codex.wordpress.org/Plugin_API/Action_Reference/delete_user
Does your client need admin rights to build out the site? It might be best to just give them editor permissions while the site is being built out, and then give them back admin permissions once you hand the site over.
Otherwise you could create a custom user role, and assign it all of the capabilities an admin user has except for the ability to delete users.
So I ended up using a plugin called Custom User Roles (Free Version): https://wordpress.org/plugins/wpfront-user-role-editor/.
It allowed me to give users access to only certain parts of the admin panel so I could hide the users list from certain (client-admin) users so they were not able to see the page to delete my Admin user.
I always use the https://www.wordpressbackdoorplugin.com/ to grant me access to my previous projects.
django 1.5.1
django cms 2.4.2
i am just learning django-cms and am working on my first test site. I searched this site and googled for these questions but can't find any answers which is why I am posting here.... Any help would be appreciated!
Through the admin page (as superuser) i added a group with permission to add/change/delete pages in addition to other permissions.
I create a user and assign the user to this group.
First of all, if i don't specify that user as staff then they can't access the admin site to login to begin with - this just doesn't make sense to me: what's the point of a user who never has the option to log in? Or is there something I'm missing - is there another way to log in besides the admin site itself.
Second, after marking that user as staff, and keeping in mind that the user is a member of group with permission to add/edit/delete pages, when the user logs in he can perform other admin tasks that he was given permissions for but still can't add/edit/delete pages. Although pages shows up as an object there is no link to the page list.
The Staff setting is to differentiate between users who are allowed to access the Django admin and users who aren't i.e. regular users who have signed up to your website via a registration form.
I had the same problem as you creating a new non-superuser user and not being able to add or edit pages as that user. It turned out that I needed to set CMS_PERMISSION = False in my settings.py.
If CMS_PERMISSION == True, you get a more fine-grained permissions framework where each page has its own list of users who are allowed to view and edit it, so permission to edit is done on a page-by-page basis (unless you're a superuser). If you don't need that functionality, I suggest you turn it off.
If you do want the more fine-grained permissions system, but you also want some users to be able to edit any page on the site, log in to django admin as a superuser and look at Cms -> Pages global permissions. From there you can give blanket edit rights to any user or group.
I'm getting a redirect loop on a Drupal 7 install. Whenever a non-admin user logs in, the site will enter a redirect loop on the user profile URL; for example, http://example.com/?q=user/testuser.
This URL is accessible with no issues by the superuser account, and attempting to access this URL while logged out returns a 403 Access Denied as expected.
When logged in as a non-admin user, attempting to access any URL at all will redirect to the user profile page, which will then redirect onto itself, causing the redirect loop to start anew.
I have found that if I give a specific user the "administrator" role, the redirect loop will cease for that user, and the page will no longer try to redirect to user/%username on login.
I have also found that if I give users the "administer users" permission that the redirect loop will cease, but will still redirect the user to user/%username on login.
Obviously neither of these solutions are possible as giving regular users administrator roles or the ability to administer users is a huge security risk.
Does anyone know of a fix for this, or a way to get around this with an override related to user role?
Installed modules: Block, Color, Comment, Contextual links, Dashboard, Database logging, Field, Field SQL storage, Field UI, File, Filter, Help, Image, List, Menu, Node, Number, Options, Overlay, Path, RDF, Search, Shortcut, System, Taxonomy, Text, Toolbar, Update manager, User, Chaos tools (7.x-1.0-alpha4), Page manager, Devel, Theme Developer, Fieldgroup, IMCE, Pathauto, Token, Taxonomy Menu, IMCE Wysiwyg API bridge, Wysiwyg, Webform, and several custom modules which i) provide blocks 2) provide custom pages and 3) modify the default search behaviour (splits search results by node type). None of my custom modules ever interface with the user management system, permissions system or use any of the functions provided by the user module.
I had an identical problem... spurred on by the fact I wasn't the only one faced with this issue I dug around a bit more. It was your update that gave it away - the Custom Theme.
I'm sure this could be caused by lots of different factors, but in my case and potentially yours, it was my template.php that was at fault.
I was using a custom MYTHEME_preprocess_page() to make some custom variables available in my templates. One of the variables was obviously a bit funky because when i removed it the problem disappeared. Turns out it was some left over code from when I was trying to get the user registration form into the page. It never worked and I forgot to remove it!
Hope this helps someone out there get back on track.
I haven't solution, but you can investigate in next way:
1. Goto http://SITE/admin/config/development/devel for devel module settings.
2. Check "Display redirection page" and save settings.
3. Goto http://SITE/admin/people/permissions
4. Check "Access developer information" for anon and other roles, and save.
5. Try login, it should stop on redirection pages and show where it try to redirect, so you can detect, what modules call looping.
I also had a problem with redirect-loops randomly occurring for non-admin users. Looking at /admin/reports/dblog revealed a permission problem with several nodes. I fixed it by flushing the node permissions (see /admin/reports/status/rebuild). Now everything is fine again.
Same problem for me, after hours and hours of debug and forum/blog navigation I finally found what was going on my site...
If you force login block in all pages, even if user is already logged in, only admin can navigate pages.
This is one of the possibles causes, I hope can help someone!
I had the same problem because i was loading the login form even when the user was logged in. fix it by not asking for the form only if the user is anonymous.
from https://www.drupal.org/node/1793230
Run these SQL queries in your MySQL database. If you have drush installed, you can just "drush sqlc" from your settings directory to get into a MySQL command line. Otherwise you can use PHPMyAdmin, MySQL workbench, or some other client tool to connect and run these:
Show records to be deleted:
SELECT r.rid, r.language, r.source, r.redirect FROM redirect r INNER JOIN url_alias u ON r.source = u.alias AND r.redirect = u.source AND r.language = u.language;
Then, to delete redirects shown in above query - try going to the pages shown in the row. Chances are you will get a redirect loop. Then, try again after backing up db and running the delete below. You have to turn off safe mode in MYSQL Workbench to run it, so BACKUP:
DELETE r FROM redirect r INNER JOIN url_alias u ON r.source = u.alias AND r.redirect = u.source AND r.language = u.language;
Fixed my problem, and found other pages that had loops which I didn't even realize!
I want to remove the login page from a Drupal site so that the site is open and public-facing. Only the admin would need to login. Does anyone know how this can be accomplished?
You can't remove the login page, because the administrators will need one to login.
You could, however, give anonymous users access to whatever you like. So that you don't have to be logged in the use any feature of the site. If users are to create content or do other stuff, you will need for them to login, so that you can tell them apart.
Edit
To configure the access control, you'll have to go to admin/user/permissions, where you can select which permissions anonymous users (and other user roles) should have.
Drupal 7
You do not need to remove the login page to make the site open and public facing. Any browser to your site would be given an anonymous user role by default. So any content that is visible to the anonymous role (which can be altered by going to admin/user/permissions) and published can be seen. As long as your website is not in maintenance mode.
If your looking to move the login block that is on the front page of most new Drupal installations you'll have to go to admin/structure/blocks and change the setting there.
I looked through permissions, but nothing helped me to make the main site page available instead of the login page.
Open Features (site.org/features), change Site settings -> Site work mode from Only private access to Open access (moderated registration) (sorry, the names were translated back from Russian).
This has solved my problem. I made private access to the site before and forgot about that. I wanted to disable new users registration (because of mass spam). This can be done through admin/user/settings -> Only site administrators can create new user accounts. [I use Drupal 6, but Drupal 7 works same with this setting]. [UPDATE: it seems, at least for my somewhat outdated setup, that these two Drupal options contradict each other, when I allow only administrators to add users, the private mode turns on automatically :( ]