Installed update, cannot log in!

If this works on one installation but not another, then there must be some conflict that is causing the issue – somewhere. Nobody else has reported any issue since the 1.1.3 update. The plugin doesn’t even run when accessing the backend so really not sure why this is happening to be honest.

I know, it’s pretty frustrating, and it’s likely that it’s on my end since it seems to be only this one site, even though, oddly, it happens only with this plug-in, and only after an update.

This link covers the issue pretty thoroughly, I think: https://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php

I suppose it’s possible that the sites are on different servers, and that they have different “output buffering php.ini settings,” as the top-voted responder on that thread suggests.

This is all over my head, and both sites are hosted, so I have a message out to my hosting service. I’ll chime back if I learn anything.

Hosting service says both sites are identical, including their “output buffering settings.”

So, it’s just very strange: works on one site but not another. Very baffled by this, so I went back to Googling it, and I found someplace that said, essentially, “focus on the first error, and chances are, it will take care of the subsequent ones.”

So the first error always seems to be

Notice: Undefined index: domains in /home/[username]/[site].com/wp-content/plugins/semalt/semalt.php on line 55

And the heart of this, I think, is the string “domains.” Just out of curiosity, I deleted the “s” and I got the same error, but with the word “domain.” So clearly the string “domains” is causing a problem. But only, I think so far, for me, and only on this one site.

Again this is way over my head, but it seems crackable, since it works on my other site and for everyone else.

Any ideas as to why this might be happening?

Hi Alex — Re: “undefined indexes,” I found this.

How might I experiement with that, to see if it solves my problem?

In semalt.php, lines 54 and 55, it says

$domain  = $_SERVER['SERVER_NAME'];
foreach(explode("\n", $options['domains']) as $line) {

Does it seem reasonable to tweak “domains” with isset? If so how would one do that? Confused about (many things, including) “domains” vs “domain,” and what exactly is the variable here. ; )

Thanks,

David

$domain finds the domain name of your WP install, $options[‘domains’] are the domains you enter in the textarea field of the plugin settings. The second option will always have some sort of entry…

Well, THAT was interesting! : )

Alex, I looked at the Semalt Blocker settings panel for the site that was (yes, that’s WAS) having problems, and in the Domains to Block field, it contained this:

<br />
<b>Notice</b>:  Undefined index: domains in <b>/home/[username]/[site].com/wp-content/plugins/semalt/class-admin.php</b> on line <b>77</b><br />

Then I looked at the settings panel for the site that didn’t have the problem, and it was blank.

So, I deleted said code above from the site where it wasn’t working, and boom; problem solved! : )

My only question now is, how/why did that code get there? This was a fresh install, and I never modified that field. Why would that happen, and only on that site? Perhaps there is still something “odd” in the setup of this site, and it would be great to really know what was going on.

Any ideas, Alex?

Please do not post duplicate topics in these forums, those get deleted when found. This is your topic and you can un-resolve it in the right hand column if you choose.

Let’s see what’s going on here…

My only question now is, how/why did that code get there?

So this is what I see when I download the zip file for the plugin zip.

https://plugins.trac.www.ads-software.com/browser/semalt/tags/1.1.3/class-admin.php

$ curl 2>/dev/null https://plugins.trac.www.ads-software.com/browser/semalt/tags/1.1.3/class-admin.php?format=txt | md5sum
a1ecd2a1dec9fcf07326b2e42819a92b  -

Which just shows me the md5sum is a1ecd2a1dec9fcf07326b2e42819a92b.

Download the https://downloads.www.ads-software.com/plugin/semalt.1.1.3.zip file, extract it to a non-web server accessible directory and run md5sum on that file.

$ md5sum semalt/class-admin.php
a1ecd2a1dec9fcf07326b2e42819a92b  semalt/class-admin.php

So far so good. Download onto my test installation via the WordPress dashboard, don’t activate it and check the md5sum.

$ cd wp-content/plugins/semalt/
$ md5sum class-admin.php
a1ecd2a1dec9fcf07326b2e42819a92b  class-admin.php

No change there. Now to activate the plugin, go to the options page and save the settings just to see if that does anything.

$ md5sum class-admin.php                           a1ecd2a1dec9fcf07326b2e42819a92b  class-admin.php

Looks good to me. I think your site is hacked, there’s really nothing to indicate that that file is changed upon activation.

Hi Jan —

Please do not post duplicate topics in these forums

Noted!

And thanks for digging in!

No, nothing is changed on activation on my side, either; when I install the plug-in via WP, and look at the file using FTP, before activation, it contains that code.

Ok so I could be hacked. That there could be some kind of malware in there, triggering this code. How would I know for sure? Could there be any other explanation? If I have to conclude I’ve been hacked, what would be my next step?

I had marked this as resolved because now, I can log in with the plug-in activated, which was the original problem on this thread. It seems to me that the hack question would be another topic, and beyond the forum for this plug-in, correct?

Alex, could it be that WP was caching something somewhere, related to this plug-in, so the code kept on being carried over, added to the class-admin file when the plug-in’s zip file was decompressed? And that now that I’ve deleted this code, all is well?

When the plugin is activated, $options[‘domains’] has a default value that was not there in the initial release. However, as Jan pointed out, there’s nothing wrong with the code. Beyond that I can’t provide any more feedback.

Well, my hosting service did a security scan and it turns out I wasn’t hacked. This is what I suspected, because aside from this, there was nothing amiss on that site.

I’m just very baffled as to how that code ended up in Semalt Blocker’s settings panel, after fresh installs, repeatedly. The fix above (Post 22?) worked, but I’d be so interested in learning how this may have happened.

So if any experts happen upon this thread, I’d be grateful for any insight!