i wonder how to set a redirect rule when user is typing wrong username or password.
currently the .htaccess is placed in /path/to/my/dir/website/dlfiles
The user is on the website on path /path/to/my/dir/website/ with url mywebsite.com/downloads
When user tries to download file from /path/to/my/dir/website/dlfiles/myfile_123.zip the user gets the htaccess login alert. When typing wrong username or password it results in "Unauthorized" Error page but i want the user to directly go back to the page he was when clicking on download-link, how to do that?
If you are using PHP you could use the header() function.
<?php
header('Location: /path/to/my/dir/website/mywebsite.com/downloads'); //redirect on register
?>
You can add this to your "Unauthorized" Error page" which is probably found on your server.
Related
I have an Express/NodeJS app running on Google App Engine, for which I have the URL in the format of:
project-name.appspot.com, where project-name: My google project name
Now, for site verification, I am using HTML File Upload method.
I am serving the html verification file provided by google as follows:
res.sendFile(path.join(__dirname, path_to_html_file))
Now, when I enter the url: https://project-name.appspot.com/, I can view the file.
Also, the file has the same name as provided by Google.
However, when I click Verify in Webmaster, it still fails with error message "File not Found"
Can anyone point what I might be doing incorrectly ?
You need to serve this file from the /xxxxx.html url, not the root url.
In other words, it needs to be accessed from https://project-name.appspot.com/xxxxxxxx.html
Think about it... This file must stay up for as long as you want to be verified, so it doesn't make sense to be shown at the root url.
Also, make sure there are no redirects in serving this file.
I am trying to redirect using a button on a custom control (code below). the following is written to the debug toolbar which is where I want to go:
destBack=https://www.example.com/MyAttachments . But I instead get a Error 404 page and the following line appears on the server console:
HTTP Web Server: Item Not Found Exception [/site/home.nsf/https:/www.example.com/MyAttachments.xsp] Anonymous
I do have a reditection rule as follows:
Description: MyAttachmentsView
Type of rule: Redirection
Incoming URL pattern: */MyAttachments
Redirect to this URL: /site/home.nsf/MyProfileAttachmentsView.xsp
Send 301 Redirect:
If I copy and paste the destBack URL I get where I want to go.
My SSJS code behind the button is as follows
importPackage(com.example);
var destination = configBean.getValue("HostURL")+"MyAttachments";
dBar.info("destBack="+destination)
context.redirectToPage(destination)
Try this code to redirect
externalCtx = facesContext.getExternalContext();
externalCtx.redirect("http://www.tlcc.com");
See http://linqed.eu/2011/07/27/xpages-server-vs-client-side-redirects/
context.redirectToPage is designed to redirect the XPages runtime to an XPage within the current database. That's why the URL in the error message contains "/site/home.nsf/" (the current database path) and "https:/www.example.com/MyAttachments.xsp" (the URL you're defining).
If you want to change the whole URL, you need to change the URL client-side, not server-side, e.g. with location.href="...."
I want to create the following scenario:
1. Step:
Login page: The user will login into the web portal.
Each user has an username. For example tester12345.
This username is stored in the database.
2. Step:
After the redirect from the login page, all pages should be in this format:
http://tester12345.domain.com/..
This means: {username}.domain.com/..
How can I do this?
You would need to do something like this:
.addRule(Join.path("/").to("/internal_resource_blah.jsp"))
.when(Direction.isInbound()
.and(Domain.matches("username")
.and(***username is in database***)))
.otherwise(SendError.code(404, "Page not found or some error."))
.addRule()
.when(Direction.isOutbound()
.andNot(URL.matches("http://{username}.domain.com{suffix}"))
.and(***user is logged in***))
.perform(Substitution.with("http://{loggedInUser}.domain.com{suffix}"))
For security reasons I am trying to restrict my wordpress site admin and login panel access to non-admin users by rewriting the link, such that if user types in http://www.mysite.com/wp-login.php or http://www.mysite.com/wp-admin he is redirected to Error 404 page but if he types http://www.mysite.com/blah-login or http://www.mysite.com/blah-admin is redirected to my WP admin or login panel. I have following options to do that.
Rewrite .htaccess file which I am not good at and don't wanna mess up my site's .htaccess file.
Use $wp_rewrite class which I did by writing a small plugin, its code is given below.
register_activation_hook( __FILE__, 'activate' );
function activate() {
rewrite();
flush_rewrite_rules();
}
register_deactivation_hook( __FILE__, 'deactivate' );
function deactivate() {
flush_rewrite_rules();
}
add_action( 'init', 'rewrite' );
function rewrite() {
add_rewrite_rule( 'blah-admin/?$', 'wp-admin', 'top' );
add_rewrite_rule( 'blah-login/?$', 'wp-login.php', 'top' );
add_rewrite_rule( 'blah-register/?$', 'wp-register.php', 'top' );
}
It works perfectly only problem is it does not restrict access to wp-admin, wp-login.php or wp-registe.php (Which is must).
I can write following rule to a new .htaccess file.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</LIMIT>
and place it under wp-admin folder, it has 2 drawbacks one is it will only restrict access to my wp-admin folder not wp-register.php or wp-login.php and second is I am a DHCP client so allow from xxx.xxx.xxx.xxx will not work for me.
I could use a combination 2nd and third rule but it will definitely not work because I cannot provide an alternative permalink to a overall blocked folder.
As for a last resort I could use wp-modal plugin's permalink rewriting capability, it works like a charm but this plugin is not compatible with my theme.
So is there really a solution to my problem?
I use this snippet to redirect people away from the backend if they're not already logged in. You could modify it to point to your 404:
// BLOCK BACKEND ACCESS FOR NON-ADMINS
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
// If accessing the admin panel and not an admin
if ( is_admin() && !current_user_can('level_10') ) {
// Redirect to the homepage
wp_redirect( home_url() );
exit;
}
}
Just change the URL from the home_url() function to your 404 page under wp_redirect.
I assume that you're trying to protect yourself from brute-force attacks? Why not just limit the frequency of allowed login attempts? There is a pretty solid plugin called "Limit Login Attempts" which will track per IP and the use of cookies.
Check it out here: http://wordpress.org/plugins/limit-login-attempts/
Trying to mask the login page is an interesting idea, though. You could just create your own login page somewhere and have it interact with a custom login script that you write. This would allow you 301 redirect the login pages to a 404 page without messing with any core functionality.
You could have a form at something like https://yourwpsite.com/supersecretlogin and then have it POST to a custom handler that uses the wp_signon method. Here's an example of how to log someone in without using wp-admin:
$creds = array();
$creds['user_login'] = $_POST['user'];
$creds['user_password'] = $_POST['password'];
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error($user) )
exit($user->get_error_message());
header('Location: https://yourwpsite.com/wp-admin');
http://codex.wordpress.org/Function_Reference/wp_signon
Hope that helps!
I'm building a website with Joomla and Community builder.
What I need help with is redirecting to specific page when user is not logged in!
After pressing module link outside Joomla:
index.php?option=com_jevents&task=icalrepeat.detail&evid=16&Itemid=490&year=2011&month=11&day=17&title=personalefest-jysk&uid=3f380241e99b5db330b8e05f8920340a&login=1
Joomla redirecs to this: index.php/component/users/?view=login
Where I really want to go to this: /index.php/component/comprofiler/login (which is CB component's login view)
They go through some interesting things here
Issuing a redirect from a Joomla module
and here
RewriteRule to redirect with url that got parameters
But I'm not able to fully understand how I make the right changes.
The first link you provided has the answer:
You create a public article which you can call "dispatcher.php" and it will have the following code:
<?php
$user =& JFactory::getUser();
include_once JPATH_COMPONENT . DIRECTORY_SEPARATOR . "controller.php"; // assuming com_content
if (!$user->id) { //user is not logged in
$contentController = new ContentController();
$link = JRoute::_("/index.php/component/comprofiler/login");
$contentController->setRedirect($link);
return;
} else { //the user is logged in
$contentController = new ContentController();
$link = JRoute::_("/index.php?option=com_jevents&task=icalrepeat.detail&evid=16&Itemid=490&year=2011&month=11&day=17&title=personalefest-jysk&uid=3f380241e99b5db330b8e05f8920340a&login=1");
$contentController->setRedirect($link);
return;
}
?>
Instead of providing a link to your article - you provide a link to dispatcher.php which will "decide" where to redirect the user (to your page - if the user is logged in - else to the other login page)
You might have to debug it - since I don't have time to test it myself.
Good luck!