$cookie_domain value causes access denied upon login - drupal

I have FCK editor installed, and trying to enable FCK file manager.
It tells me that in order to use it, $cookie_domain must be set.
Easy enough, I set it to www.mysite.com. I can log in, register, etc just fine. However I started seeing a number of people get Access Denied after logging in or trying to access any protected area.
Commenting out $cookie_domain, users can get in fine.
I am looking for one of the following:
A. A harmonious answer where FCK file manager and $cookie_domain can be set
-or-
B. An alternative to FCK editor (like CK) that allows in-place file uploading without requiring cookie domain to be set (and interrupting user experience).

Change $cookie_domain in your settings.php into this:
$cookie_domain = substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.'));

This is what wound up working for me (Domain Access is installed):
$base_domain = explode('.', $_SERVER['SERVER_NAME']);
unset($base_domain[0]);
$base_domain = '.' . implode($base_domain, '.');
$cookie_domain = $base_domain;

Try setting $cookie_domain to simply mysite.com instead of www.mysite.com. This will avoid problems if users are accessing your site via just http://mysite.com or http://some-subdomain.mysite.com.
Try as an experiment to use the FCK filemanager when logged in at http://mysite.com (no leading www) -- does it fail or work under the current settings?
See under Domain and Path on http://www.quirksmode.org/js/cookies.html

Check the spelling of the domain name. I left an 's' off the domain name in the settings.php file and it caused this problem. Darn, I hate when I do that...

Just clear your browser cache and delete cookies as described here
Good luck!

Related

Can I edit the hosts file to see the new website and still access the old one?

I'm developing a new website that will have the same domain name as the current old one, but a different host. The new one doesn't have DNS nameservers pointed to it yet, but I edited the hosts file on my computer to be able to access it. Is there a way I can now still access the old current one on the same computer, since it would help me with development, without changing the hosts file everytime?
Thanks :)
You can check the old site by using the temporary URL
http://server_ip/~cpanelusername/
but many of host block ip preview. You also can use archive.org. You can save the old site before starting new.
For this type scenario, I use a subdomain to built a new site.
www.mysite.com >> www.dev.mysite.com
If possible, it can be helpful to set up an alias and then create an A record for that alias that points to the new site. This allows you to reach the new site via a different name but it will still look at all the files and database(s) as it would normally.
This is helpful for when you want to test the new site before it goes live without having to comment and uncomment the hosts file continuously.
One thing to watch out for is that any URLs that are the full URL such as example.com/whatever instead of /whatever won't work. However, as it is generally bad practise to do the full URL in case the domain ever changes; this can be a good way of finding and corrected any.

Error establishing database connection if i dont type https before domain

Site worked properly till recently when i got EEDBC error. Accidentaly realised that i can get to ebsite only if I type https before domain. What could be the problem? (And solution, of course)
You need to pay close attention to whether the URLs that you found have www. included. If your database includes a URL without it or vice versa, then this needs to be changed to match your database.
Check the wp-config.php file in your directory and change it. Without seeing the config file I could not answer the exact answer.
The prolem was, that my hosting provider moved directory from subdirectory to root folder on their own without notice

open_bir restriction in effect at Wordpress [duplicate]

I'm getting this error on an avatar upload on my site. I've never gotten it before and nothing was changed recently for me to begin getting this error...
Warning: is_writable() [function.is-writable]:
open_basedir restriction in effect.
File(/) is not within the allowed path(s):
Modify the open_basedir settings in your hosting account and set them to none. Find the open_basedir setting given under 'PHP Settings' area of your Plesk/cPanel. Set it to 'none' from the dropdown given there.
I have shown them in the Plesk panel picture.
To resolve this error, you must edit the file httpd.conf.
Way before it can be seen in phpinfo in apache2handler section directive Server Root.
For example, in my case this way - / etc / httpd / httpd.conf.
Open the file httpd.conf, find the mention of the parameter open_basedir. And set it to none. (php_admin_value open_basedir none)
If you're running this with php file.php. You need to edit php.ini
Find this file:
: locate php.ini
/etc/php/php.ini
And append file's path to open_basedir property:
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/:/run/media/andrew/ext4/protected
For me the problem was bad/missing config values for the Plesk server running the whole thing.
I just followed the directions here:
http://davidseah.com/blog/2007/04/separate-php-error-logs-for-multiple-domains-with-plesk/
You can configure PHP to have a separate error log file for each VirtualHost definition. The trick is knowing exactly how to set it up, because you can’t touch the configuration directly without breaking Plesk.
Every domain name on your (dv) has its own directory in /var/www/vhosts. A typical directory has the following top level directories:
cgi-bin/
conf/
error_docs/
httpdocs/
httpsdocs/
...and so on
You’ll want to create a vhost.conf file in the domain directory’s conf/ folder with the following lines:
php_value error_log /path/to/error_log
php_flag display_errors off
php_value error_reporting 6143
php_flag log_errors on
Change the first value to match your actual installation (I used /tmp/phperrors.log). After you’re done editing the vhost.conf file, test the configuration from the console with:
apachectl configtest
…or if you don’t have apachectl (as Plesk 8.6 doesn’t seem to)…
/etc/init.d/httpd configtest
And finally tell Plesk that you’ve made this change.
/usr/local/psa/admin/bin/websrvmng -a
Laravel
If you have this problem when using Laravel.
Only go to folder bootstrap/cache and rename config.php to anything you want and reload site.
If used ispconfig3:
Go to Website section -> Options -> PHP open_basedir:
In this field has described allowed paths and each path is separated
with ":"
/var/www/clients/client2/web3/image:/var/www/clients/client2/web3/web:/var/www/...
and so on
So here must put the path that you want to have access, in my case is:
/var/www/clients/client2/web3/image:
The problem appears because:
When a script tries to access the filesystem, for example using include, or fopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to access it.
The path you're refering to is incorect, and not withing the directoryRoot of your workspace. Try building an absolute path the the file you want to access, where you are now probably using a relative path...
if you have this kind of problem with ispconfig3 and got an error like this
open_basedir restriction in effect.
File(/var/www/clients/client7/web15) is not within the allowed
path(s):.........
To solve it (in my case) , just set PHP to SuPHP in the Website's panel of ispconfig3
Hope it helps someone :)
I had this problem # one of my wordpress sites after updating and/or moving :)
Check in database table 'wp_options' the 'upload_path' and edit it properly...
For Plesk, you can change or set the openbase dir settings via the panel
https://support.plesk.com/hc/en-us/articles/360006170513-How-to-add-custom-or-additional-path-to-the-open-basedir-option-for-Plesk-domain-
Edit the php.ini or .user.ini that is located within the main directory
open_basedir = none
If you are running a PHP IIS stack and have this error, it is usually a quick permission fix.
If you administer the windows server yourself and have access, try this FIRST:
Navigate to the folder that is giving you grief on writing to and right click it > open properties > security.
See what users have access to the folder, which ones have read only and which have full. Do you have a group that is blocking write?
The fix will be specific to your IIS setup, are you using Anonymous Authentication with specific user IUSR or with the Application Pool identity?
At any rate, you are going to end up adding a new full write permission for one of IUSR, IIS_IUSRS, or your application pool identity - like I said, this is going to vary depending on your setup and how you want to do it, you can go down the google rabbit hole on this one (one such post - IIS_IUSRS and IUSR permissions in IIS8) For me, i use anon with my app pool identity so i can get away with MACHINE_NAME\IIS_IUSRS with full read/write on any temp or upload folders.
I do not need to add anything extra to my open_basedir = in the php.ini.
In addition to #yogihosting's answer, if you are using DirectAdmin, then follow these steps:
Go to the DirectAdmin's login page. Usually, its port is 2222.
Login as administrator. Its username is admin by default.
From the "Access Level" on the right panel, make sure you are on "Admin Level". If not, change to it.
From the "Extra Features" section, click on "Custom HTTPD Configurations".
Choose the domain you want to change.
Enter the configurations you want to change in the textarea at the top of the page. You should consider the existing configuration file and modify values based on it. For example, if you see that open_basedir is set inside a <Directory>, maybe you should surround your change in the related <Directory> tag:
<Directory "/path/to/directory">
php_admin_value open_basedir none
</Directory>
After making necessary changes, click on the "Save" button.
You should now see your changes saved to the configuration file if they were valid.
There is another way of editing the configuration file, however:
Caution: Be careful, and use the following steps at your own risk, as you may run into errors, or it may lead to downtime. The recommended way is the previous one, as it prevents you from modifying configuration file improperly and show you the error.
Login to your server as root.
Go to /usr/local/directadmin/data/users. From the listed users, go to one related to the domain you want to change.
Here, there is an httpd.conf file. Make a backup from it:
cp httpd.conf httpd.conf.back
Now edit the configuration file with your editor of choice. For example, edit existing open_basedir to none. Do not try to remove things, or you may experience downtime. Save the file after editing.
Restart the Apache web server using one of the following ways (use sudo if needed):
httpd -k graceful
apachectl -k graceful
apache2 -k graceful
If your encounter any errors, then replace the main configuration file with the backed-up file, and restart the web server.
Again, the first solution is the preferred one, and you should not try the second method at the first time. As it is noted in the caution, the advantage of the first way is that it prevents saving your bad-configured stuff.
Hope it helps!
I am using an Apache vhost-File to run PHP with application-specific ini-options on my windows-server. Therefore I use the -d option of the php-command.
I am setting the open_basedir for every application as one of these options.
I needed to set multiple urls as open_basedir, including an UNC-Path, and the syntax for this case was a bit hard to find. You have to seperate the paths with semicolons and if your first path starts with a driveletter you might have to start the list with a semicolon too. At least that's what works for me.
Example:
php.exe -d open_basedir=;d:/www/applicationRoot;//internal.unc.path/ressource/
I uploaded my codeigniter project on Directadmin panel. I was getting same error.
Then I change in php settings.
open_basedir =
session.save_path = ./temp/
Then it worked for me.
As most do not find a solution, the solutions are broad for WordPress most even don't know fully why things are they are.
I've found out you will have to enable IP for your server in especially when using Cerber in some cases it can think you are not uploading .png instead you are uploading .js files.
The server IP needs to be whitelisted. Even the uploaders in some rare cases.
A great to know is to have a tmp folder 755 in your base directory, you actually do not need a folder called tmp.: "Also remember / properly inedited as below:
open_basedir = "/home/user/site.com/:/tmp"
upload_tmp_dir = /home/user/site.com/tmp
The best option for quick setup is in Cpanel where you use the MultiPHP INI Editor you can actually save and both .htaccess and php.ini will be updated as well as settings being initiated at the same time on site.
It's NOT recommended to have basedir as "none" since you are enabling root files that can be edited with just a single file editor in WordPress. If that truly is possible.
Check \httpdocs\bootstrap\cache\config.php file in plesk to see if there are some unwanted paths.
Just search
open_basedir =
in php.ini and disable it. That's the simplest solution to solve this issue.
Before Changes open_basedir =
After Changes ;open_basedir =
P.s - After changes don't forget to restart your server.
Enjoy ;)
Modify the open_basedir settings in your PHP configuration (See Runtime Configuration).
The open_basedir setting is primarily used to prevent PHP scripts for a particular user from accessing files in another user's account. So usually, any files in your own account should be readable by your own scripts.
Example settings via .htaccess if PHP runs as Apache module on a Linux system:
<DirectoryMatch "/home/sites/site81/">
php_admin_value open_basedir "/home/sites/site81/:/tmp/:/"
</DirectoryMatch>

Elegant way to make site temporarily unavailable?

Do You know elegant way to make site temporarily unavailable?
Any configuration or settings for this?
In IIS you can put a app_offline.htm
http://weblogs.asp.net/scottgu/archive/2005/10/06/426755.aspx
In others web servers check the manual or use a script to rename the index to a backup name and then rename the offline page to index and vice versa...
You could also create an 'inactive' file, the 'inactive' file will be checked for existence when pages are loading. If the content is found then you can abort logic.
E.g. in php you would include the following line (via an include inter alia)
<?php if(file_exists('/path/to/OffLine.file')) die('The Application is currently Offline! Please try again in a few minutes...'); ?>
If you wanted this # the box level you would add the function to the PHP.ini... see http://uk.php.net/manual/en/ini.core.php#ini.auto-prepend-file
To set a PHP.ini per site see https://serverfault.com/questions/34078/how-do-i-set-up-per-site-php-ini-files-on-a-lamp-server-using-namevirtualhosts
The same is obviously possible in other languages.
I have a particular script which does some patching and actually creates this file for me... see Custom app_offline.htm file during publish
Actually, there is a mechanism already to do it, out of the box.
You can find a post about it here.
Basically you have to include an App_Offline.htm in the root of your site, and IIS will bring down the site until that file is removed.

Does WordPress do something that overrides .htaccess?

I'm working locally on a WordPress site for a client. The client keeps their install of wordpress in the server root, but because I have more than one client, I like to install everything in a client folder, like localhost/client. Normally it's a simple matter to add a rewrite rule to .htaccess, setting the rewrite base to be /client/. But today it's not working at all. Even if I put nonsense in the rewrite rule, the site works (which it should not, if the rewrite rules are in effect). The images references are still looking for root at localhost/, instead of localhost/client/, which means they are broken.
I looked into WordPress's documentation and found it has something called WP_rewrite, and there is a place to set parameters for it in wp-includes/rewrite.php). I set the root parameter to client/ but that doesn't seem to have any effect either.
One last thing: there is an .htaccess file in localhost/client/, and another one in localhost/client/wp/. I have them both set to RewriteBase = /client/, but I've tried just about every other sensible combination--no change.
So my question is: does WordPress do something else that would make the rewrite rules I set in .htaccess not work?
I'd recommend a small change to your local environment for a more flexible solution. Use virtual hosts. If you're running WAMP/MAMP, this tool is readily available to you. It allows you run a directory within your localhost as its own site, which you can access using a local-only URL of your choosing. I have my sites set up as sitename.local, for instance, so they all live in their own happy little ecosystem. Highly recommended.
Yes it does, you have to make some steps that will change entries in db before you move it to subfolder.
Here are detailed info:
http://codex.wordpress.org/Moving_WordPress#Moving_WordPress_Within_Your_Site
What you need to do:
copy everything as it is setup on your clients server i.e. in root folder
do the steps in above url, important are 4. & 5.; step 10. actually just go to permalink settings and click on "Save" button (or "Update" I do not remember how it says)
Now you can work :)
Are you modifying only theme or what?

Resources