Pixeldust Drupal Support Service

Unable to run update.php or update modules from web interface

I would really like to be able to install module updates through the web interface or run update.php when needed without changing settings.php, but something seems to be broken in my setup because it tells me I am not authorized to do so when I try.

In all attempts to make this work, I am using UID1, which besides any special properties that user has, it is an administrator which has the "Administer software updates" permission. In settings.php I have: $settings['allow_authorize_operations'] = TRUE; set explicitly, but I have also tried it in the default, not set, state which is also TRUE.

If I set $settings['update_free_access'] = TRUE; then I can run update.php, but that doesn’t seem to help with the module updates and I would rather not have to change that setting every time I need to do an update.

I have tried all of the usual things I have seen mentioned including:

  • Rebuild the user permissions
  • Cleared the session table in the db
  • Verified correct permissions on relevant files/directories
  • Looked through various server logs for any obvious failures

My first real clue came from looking at the log an noticing that the "access denied" entry is tied to the anonymous user instead of the user I was logged in as. I have tried digging through the code a bit to see if I could track down where it is losing track of my user, but I am in a little over my head at that point. Obviously, the authentication is working in general because I am able to log in the admin site and do most things.

Has anyone had any idea why Drupal would lose knowledge of the logged in user just while trying to do update type operations?

Version: Drupal 8.7.6

Note: I have looked a little more into the code to try to track down my problem. As seen from the logs, the problem is not that my user doesn’t have permission but rather that when I run those specific actions, drupal momentarily doesn’t see me as being logged in. In the file coreauthorize.php there is a method that gets called: authorize_access_allowed(Request) which is mostly checking to see if the logged in user has the ‘administer software updates’ permission. In that method, it doesn’t believe I am logged in. As far as I can tell, there are two ways it might pull the user out of that passed in Request (reading PHP_AUTH_USER out of the get headers or getting the UID out of a cookie). The get headers are definitely not there, and while there is a session cookie, it doesn’t seem to be able to pull a UID out of it. I have not been able to find the code that parses the Session string.

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Unable to run update.php or update modules from web interface

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256