How can I get a module to redirect if a user doesn't have the correct permissions to view it instead of getting the usual "Access denied. You are not authorized to access this page." message?
If it is a module you are writing yourself use the goto function of Drupal
http://api.drupal.org/api/function/drupal_goto
If you are not writing it yourself then it's a bit tougher, you can set the error redirects with Drupal and some modules however for a specific module I think you might have to go in and patch it in some way.
pretty much anything you wanna do to modify drupal stock behaviour can be handled via hook_nodeapi
Custom Error provides the ability to easily customize 403 and 404 error messages. With that, you could use drupal_goto() to automatically redirect users, or drupal_get_destination() to build a login link that will return the user to the page they attempted to view.
For more general, login-specific functionality, you might check out LoginToboggan.
The source code for both modules will also include useful examples of how to approach this problem space if you do not want the overhead or external dependency of a module.
Related
I have a problem when placing an App module(v 8.4.8) on a page. When I placed an App module on a page I got a pop up saying "Had an error talking to the server (status 404). if you are an advanced user you can learn more about what went wrong - discover how on 2sxc.org/help?tag=debug".
This error happens on whatever action I try to do: trying to add and app, refresh page etc.
I checked a communication to the server using Firebug and seems that one of APIs are missing:
~/desktopmodules/2sxc/api/view/Module/GetSelectableApps
Referer: ~/desktopmodules/tosic_sexycontent/dist/dnn/ui.html?sxcver=8.4.8.19191
Did I missed something? Should I make some configuration after SexyContent module install (v 8.4.8)?
I just checked a video by Daniel Mettler where he showed how to install a module and seems that process is simple. Nothing to worry about.
Does anybody has any idea what might went wrong here?
The same actually happens when I install and Content module: Error about missing APIs:
~/desktopmodules/2sxc/api/view/Module/GetSelectableContentTypes
~/desktopmodules/2sxc/api/view/Module/GetSelectableTemplates
Thanks a lot for your time
My best guess is that it's an issue with the dnn domain/path configuration. So basically my guess is that
you have multiple domains, and if this is configured incorrectly, the paths in the js-calls won't fully match the original one
you have sub-portal (with paths like /products/) or something, and this isn't configured correctly in dnn
languages in portal-paths are causing similar issues.
So please compare EXACTLY the full base path and see if that's the issue.
Every new plone site as a /contact-info/ url with a generic email form on it.
Spambots can easily find this and use it spam the webmaster with malicious emails (specifically note that the 'subject' can be set in the email).
This old thread http://plone.293351.n2.nabble.com/modify-or-disable-site-contact-form-td7258555.html suggests that you can simply update the template so it is an empty page. However, this is not enough to prevent spam.
wget http://localhost:8080/contact-info --post-data "sender_fullname=d&sender_from_address=doug#localhost.com&subject=d&message=d&form.submitted=1"
Will still send email on the form handler.
How do you completely disable this form handler?
edit: I see you can modify the form handler script at:
/portal_skins/plone_form_scripts/send_feedback_site/manage_main
/portal_skins/custom/contact-info
To generate a custom handler script and replace the default actions. However, this doesn't really remove the page, it just makes it do nothing.
What you must customize is not the template but the end point the send_feedback_site script.
Replace the whole script code with:
from zExceptions import NotFound
raise NotFound()
Or probably Unauthorized is better.
If you are running nginx or apache in front of your Plone site you could write a redirect rule for that URL. This could then be added to your 'standard' buildout so that it always is there for new sites.
I'm having a problem with a Drupal 7 install where pages keep loading.
The page will load and then repeat itself over and over until Chrome suggests killing the page.
It seems to happen at random times and there are no JS errors being reported or errors retrieving the page.
Anyone else had similar issues?
Modules include:
Panels
Views
Ctools
etc
This is usually caused by url aliases and/or url redirects doing some sort of circular definition. I've also seen this caused by login tobogin module setting up a circular redirect with something in the url redirect module. Find out which page is doing it and check your alieses and redirects for circular definition. It will probably be tricky to catch as it is usually two steps a -> b then b-> a, or something like that.
How to rename drupal's admin directory as I already have a directory named "admin"?
As Bleadedu pointed out, Drupal has no "directories" in its URL.
The urls you see are all so called "clean urls", achieved with a nifty trick in Apache (the webserver)
configuration. You could disable clean urls that will fix your problem, but may not be an option, if you rely on this feature for some reason.
Another option is to use path module to circumvent this issue. This has downsides too, most notably, the fact you need to manually change each url with admin in it.
The last option is to change the rewrite rules in Apache. This is hard to achieve and requires some knowledge of mod_rewrite.
you can't. simply because admin directory doesn't exist. it's just a url path (defined in all modules that have got a reference of it in hook_menu)
The only solution I have right now is to implements hook_menu_alter and redirect all menus that starts with admin/ somewhere else, but I can't say that it will work 100%.
Instead of changing the path of /admin, you should beef up security elsewhere.
First, finding out your site uses Drupal is a piece of cake.
Huge companies use Drupal, and don't change their /admin path.
Don't use User 1. Most of the time, there is no need for anyone to be using User 1. Even the highest of admins should be given a role, and certain permissions. User 1 should have a complicated long password, changed every (x) number of days or hours, but never actually used. I think there is also a module for this, but I can't remember off the top of my head because I just do this programmatically.
logintoboggan.module
The Login Toboggan module will display the login form for Access denied pages
login_security.module
protect_critical_users.module
userprotect.module
session_limit.module
nodeaccess.module
Don't let direct access to update.php and cron.php. Create a cronjob to run via shell.
-have them direct to forbidden/or a 404 with a search page
Use the tools in cpanel/whm or similar. Knock out bad login attempts and such.
There are a ton of other ways to beef up security in drupal.
I somehow forgot that you said "as I already have a directory named "admin". opps.
I think you would be wise to either alter that other directly instead, put it inside of another directory, or simply don't use it.
It is just going to be very messy. You would have to look into every single module to see if it needs adjusting.
Off the top of my head, the user.module will need to be altered, and also take a look at http://api.drupal.org/api/search/6/url_rewrite.
custom_url_rewrite_outbound and custom_url_rewrite_inbound will work, BUT you will still be able to access /admin by typing it in manually. You will get a forbidden if you stick a "admin" folder in your root.
All in all, I think it would be a messy venture, and you might get a lot of broken updates. Until something like this is offered in core, I wouldn't do it. Even if there was a module that could, I wouldn't use it.
*You will have to "Hack Core," and I don't think this justifies hacking the core.
I've got a grid which provides some links for users to download files. Files are stored outside of the application, the path references are read from the database and a HTTP handler (*.ashx) is used to serve each requested file. It is, however, possible that there could be a database entry pointing to a non existent file. I catch the FileNotFoundException, but I'm not sure what would be the best method to inform the user of the missing file (so that they can contact support).
First idea is to set a standard 404 code on the response, and that's what I'm doing now.
A more helpful way would be to display a notification (jQuery) about a missing file, but the file download is not done in AJAX, so this would involve a two step process - a client side onclick handler calls a web service method to check if the file exists, if not, then I cancel the click (return false) and display a friendly message to the user. If the file exists however, I proceed with the normal execution. But this adds yet another server call.
Have you dealt with a similar problem? How did you solve it?
Some clarifications - the application is built in ASP.NET 2.0 and uses jQuery to call the web service methods.
Pawel, it seems you've answered your question already...
...(so that they can contact
support)...
By stating the above I would suggest you create a custom 404 page which notifies the user of the file not existing on disk and provide them information on how to get in contact with the support office.
I've created a HTTP Handler for handling files and if a file does not exist on disk then I return a 404 response. I've setup IIS to display a custom page if a 404 reponse has been thrown.. (and I do the same for error 500).
Hope this helps and good luck with finding the solution that fits your needs!