• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

xF admin.php conflicts with existing redirect on server

dvox

New member
#1
I just did a successful install of xF and when I navigate to the "Admin Control Panel" I run into a conflict as there is an existing server-wide Apache redirect (rewrite rule) for "domain.com/admin/" over to "domain.com:2092/" which is the domain's cPanel control panel.

I copied the admin.php to a new file name thus avoiding the string "admin" and that works to get me to the Admin Control Panel Login screen but upon a successful log in I get a blank screen.

The HTML source code of that blank screen is making reference to "admin.php?login/csrf-token-refresh" which is why this is not going to be a good work-around.

Is there another solution short of having the entire server lose the Apache rewrite rule redirect?
 

Dan

Well-known member
#3
Also, perhaps moving your xf install to a subdirectory may help, domain.com -> domain.com/forum/

Or it is possible everything I am telling you is rubbish. :p Just thinking out loud.
 

Brogan

XenForo moderator
Staff member
#4
Well the quickest and easiest solution would be to lose the rewrite.
Is there a specific reason why it's there in the first place?

The next option would be to move the installation to a sub directory, as goblues has suggested.
Naturally that will affect URLs as there will be an additional /<directory-name> in the string.
 

dvox

New member
#5
I'm glad you're trying. I have been going to the /admin.php rather than /admin/ but the server redirects it to the cPanel admin port. Even if I put it under domain/forum/ I would still need to access /admin.php which gets redirected.

It seems like the xF scripts are expecting things to be named a certain way.
 

dvox

New member
#6
The admin/ redirect was for backwards compaibility with the name convention used by the previous control panel before cPanel

I think you're right about losing the rewrite redirect and replacing with an actual PHP script in each user's directory that handles the redirect may be a better solution.
 

James

Well-known member
#7
Is there another solution short of having the entire server lose the Apache rewrite rule redirect?

Ok. This requires getting into the code. This is the relevant code:

library/XenForo/Link.php

Code:
public static function buildAdminLink($type, $data = null, array $extraParams = array())
{
$type = self::_checkForFullLink($type, $fullLink, $fullLinkPrefix);

$link = self::_buildLink('admin', $type, $data, $extraParams);
$queryString = self::buildQueryString($extraParams);

if ($queryString !== '' && $link !== '')
{
$append = $link . '&' . $queryString;
}
else
{
// 1 or neither of these has content
$append = $link . $queryString;
}

if (($hashPos = strpos($type, '#')) !== false)
{
$append .= substr($type, $hashPos);
}

$outputLink = 'admin.php' . ($append !== '' ? '?' : '') . $append;
if ($fullLink)
{
$outputLink = $fullLinkPrefix . $outputLink;
}

return $outputLink;
}
You can see this line in there which specifies the file name:

Code:
$outputLink = 'admin.php' . ($append !== '' ? '?' : '') . $append;
If you change the file name here and then rename the file on your server then that will change the location of the Admin CP.

If you post a request in this forum then maybe some one can make an addon for this so you don't have to edit the files.
See if that helps, but you'll lose it during upgrades unless it can be converted to an add-on.
 

dvox

New member
#8
See if that helps, but you'll lose it during upgrades unless it can be converted to an add-on.
That is exactly what I was looking for. In fact, your suggestion about posting it as a potential add-on is a great one.

There is another good reason for such an add-on capability.
I see the hacker-bots attempting to brute force attack various PHP scripts all the time (coming from spoofed IPs).

They will look for things like phpMyAdmin that might be an older version that they can exploit and the bots will scan for every
possible common naming convention. In the past I have installed various packages and stayed far away from the default
name conventions for that reason.

It's not meant to be a perfect security solution but anything that slows them down or give you an alert that there is an
attempted compromise occurring is helpful.
 

dvox

New member
#9
See if that helps, but you'll lose it during upgrades unless it can be converted to an add-on.
Thanks again James. That change worked perfectly so far.

I posted that add-on request as well.

My only concern is that there are other references to admin.php. If I have any other problems I may update them as well.

In the event that it looks like an update of those other files are needed, I am posting those other references below:

install/data/templates.xml: <a href="admin.php" class="acp adminLink"><span class="itemLabel">{xen:phrase admin_control_panel}</span></a>
install/data/templates.xml: <a href="admin.php">{xen:phrase reopen_via_admin_control_panel}</a>
install/templates/install_complete.php: <p class="text"><a href="../admin.php" class="button primary">Enter your control panel</a></p>
install/templates/upgrade_complete.php: <p class="text"><a href="../admin.php" class="button primary">Enter your control panel</a></p>
install/templates/upgrade_login.php: <form action="../admin.php?login/login" method="post" class="xenForm">
js/xenforo/xenforo.js: XenForo.AutoComplete.defaultUrl = 'admin.php?users/search-name&_xfResponseType=json';

Does anything jump out to anyone that looks like an update of all these should be done?
I mean it's easy enough to just edit six more files but James is right about an add-on being a more elegant solution.
 

Jake Bunce

XenForo moderator
Staff member
#11
I tested that modification when I made the post. Changing that one line of code updates all links within the Admin CP. That is the only change that is required. The other instances are just shortcuts to get to the Admin CP, like this one at the top of the forum:

Screen shot 2011-05-17 at 11.18.47 PM.png

You can just manually visit the new URL when you need to visit the Admin CP, rather than use the shortcut.
 
#12
I tested that modification when I made the post. Changing that one line of code updates all links within the Admin CP. That is the only change that is required. The other instances are just shortcuts to get to the Admin CP, like this one at the top of the forum:

View attachment 15067

You can just manually visit the new URL when you need to visit the Admin CP, rather than use the shortcut.
Is there any other way to change this ?
I cant find a way to change this manually ?