Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I can't start any migration. I can't login though url, username and password are correct.
The only line I see in my server log is this (in Drupal log there is nothing):
[21/Mar/2014:17:34:12 +0100] "GET /wp-login.php HTTP/1.0" 200 868 "-" "-"
[21/Mar/2014:17:34:13 +0100] "POST /wp-login.php HTTP/1.1" 200 3873 "-" "Importer"
Comment | File | Size | Author |
---|---|---|---|
#8 | wordpress_migrate-could_not_login-2223229-8.patch | 1.53 KB | mikeryan |
Comments
Comment #1
mkhamash CreditAttribution: mkhamash commentedI think the problem lies with the testcookie post variable in method sourceDataFormValidate, I don't know why it is there but my guess it is legacy from an old wordpress behavior.
The problem is that we are sending a post request with username+password+testcookie, without requesting wp-login.php before which sends us Set-Cookie:wordpress_test_cookie=WP+Cookie+check;
I think removing testcookie form the post veriables that are sent shouldn't be a problem as the WordPress validation will skip the cookie validation if we didn't send testcookie :
Comment #2
mkhamash CreditAttribution: mkhamash commentedComment #3
giuvax CreditAttribution: giuvax commentedYEAH.
Patch is working fine. Testcookie was the problem.
Thanks a lot!
Giulia
Comment #4
mkhamash CreditAttribution: mkhamash commentedComment #5
docans CreditAttribution: docans commentedHi
I am having the same problem yet the patch does not work anymore.
Comment #6
mikeryanYup, doesn't work as-is, or with this patch (testing with a www.wordpress.com site). Presumably the login form has changed, researching.
Comment #7
mikeryanResponse from wordpress.com is
Probably they're enforcing form submissions coming from their own site only, which is (belatedly) security-prudent.
I'll update my old local install of Wordpress and see if they're doing anything in the code itself to prevent this working. It is just possible that this feature (which was always a little hackish) might need to be dropped, and you'll need to obtain the export yourself and upload it.
Comment #8
mikeryanOK, WordPress is now using yet another login cookie name, so I've added a check for that - it works with a local WordPress installation. As for wordpress.com, I tried setting a "real" user agent string on the request but nginx still blocks us, so I've added a note that this will not work. Please try out this patch - if you have any trouble, please be sure to include your WordPress version (this has been tested with 3.9.2 and 4.0).
Comment #10
mikeryan