1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

xF admin.php conflicts with existing redirect on server

Discussion in 'Troubleshooting and Problems' started by dvox, May 17, 2011.

  1. dvox

    dvox New Member

    I just did a successful install of xF and when I navigate to the "Admin Control Panel" I run into a conflict as there is an existing server-wide Apache redirect (rewrite rule) for "domain.com/admin/" over to "domain.com:2092/" which is the domain's cPanel control panel.

    I copied the admin.php to a new file name thus avoiding the string "admin" and that works to get me to the Admin Control Panel Login screen but upon a successful log in I get a blank screen.

    The HTML source code of that blank screen is making reference to "admin.php?login/csrf-token-refresh" which is why this is not going to be a good work-around.

    Is there another solution short of having the entire server lose the Apache rewrite rule redirect?
     
  2. Dan

    Dan Well-Known Member

    What happens when you browse to domain.com/admin.php as opposed to domain.com/admin/?
     
  3. Dan

    Dan Well-Known Member

    Also, perhaps moving your xf install to a subdirectory may help, domain.com -> domain.com/forum/

    Or it is possible everything I am telling you is rubbish. :p Just thinking out loud.
     
  4. Brogan

    Brogan XenForo Moderator Staff Member

    Well the quickest and easiest solution would be to lose the rewrite.
    Is there a specific reason why it's there in the first place?

    The next option would be to move the installation to a sub directory, as goblues has suggested.
    Naturally that will affect URLs as there will be an additional /<directory-name> in the string.
     
  5. dvox

    dvox New Member

    I'm glad you're trying. I have been going to the /admin.php rather than /admin/ but the server redirects it to the cPanel admin port. Even if I put it under domain/forum/ I would still need to access /admin.php which gets redirected.

    It seems like the xF scripts are expecting things to be named a certain way.
     
  6. dvox

    dvox New Member

    The admin/ redirect was for backwards compaibility with the name convention used by the previous control panel before cPanel

    I think you're right about losing the rewrite redirect and replacing with an actual PHP script in each user's directory that handles the redirect may be a better solution.
     
  7. James

    James Well-Known Member



    See if that helps, but you'll lose it during upgrades unless it can be converted to an add-on.
     
  8. dvox

    dvox New Member

    That is exactly what I was looking for. In fact, your suggestion about posting it as a potential add-on is a great one.

    There is another good reason for such an add-on capability.
    I see the hacker-bots attempting to brute force attack various PHP scripts all the time (coming from spoofed IPs).

    They will look for things like phpMyAdmin that might be an older version that they can exploit and the bots will scan for every
    possible common naming convention. In the past I have installed various packages and stayed far away from the default
    name conventions for that reason.

    It's not meant to be a perfect security solution but anything that slows them down or give you an alert that there is an
    attempted compromise occurring is helpful.
     
  9. dvox

    dvox New Member

    Thanks again James. That change worked perfectly so far.

    I posted that add-on request as well.

    My only concern is that there are other references to admin.php. If I have any other problems I may update them as well.

    In the event that it looks like an update of those other files are needed, I am posting those other references below:

    install/data/templates.xml: <a href="admin.php" class="acp adminLink"><span class="itemLabel">{xen:phrase admin_control_panel}</span></a>
    install/data/templates.xml: <a href="admin.php">{xen:phrase reopen_via_admin_control_panel}</a>
    install/templates/install_complete.php: <p class="text"><a href="../admin.php" class="button primary">Enter your control panel</a></p>
    install/templates/upgrade_complete.php: <p class="text"><a href="../admin.php" class="button primary">Enter your control panel</a></p>
    install/templates/upgrade_login.php: <form action="../admin.php?login/login" method="post" class="xenForm">
    js/xenforo/xenforo.js: XenForo.AutoComplete.defaultUrl = 'admin.php?users/search-name&_xfResponseType=json';

    Does anything jump out to anyone that looks like an update of all these should be done?
    I mean it's easy enough to just edit six more files but James is right about an add-on being a more elegant solution.
     
  10. James

    James Well-Known Member

    dvox likes this.
  11. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I tested that modification when I made the post. Changing that one line of code updates all links within the Admin CP. That is the only change that is required. The other instances are just shortcuts to get to the Admin CP, like this one at the top of the forum:

    Screen shot 2011-05-17 at 11.18.47 PM.png

    You can just manually visit the new URL when you need to visit the Admin CP, rather than use the shortcut.
     
    dvox likes this.

Share This Page