Index.php showing "fileKey not found in session."

Knoxtane

Not sure what happened but some how my index.php is "in" the directory but just contains "fileKey not found in session."

Below is the only error log from storage. I tried to change an existing free domain to one that I own and I honestly don't know what happened to my index.php.

He is an actual quote from the host provider/owner himself

I had a little look in your account to look for potential issues. And there is a very obvious one.

Flarum has their web accessible files in the public directory. That’s why, in your .htaccess file, you have a rule that redirects the base URL to http://traxus.ct.ws/public.

Obviously, you’ll want to change that to your new domain name for the redirect to work properly.

Speaking of obvious errors, I had a look at https://traxus.network/public/ too to see if the forum loaded there. But there it just says fileKey not found in session.. That’s because the index.php file in that public directory simply contains this message. It doesn’t contain any PHP code, and definitely doesn’t look like the original Flarum source code.

I have the error log but its 64,144 characters long so I can't post it.

Flarum 1.8.10
PHP version 8.2

I really don't want to lose all the progress I made while setting up Flarum and it's extensions. is there any way I can salvage this?

clarkwinkelmann

Knoxtane you can see what the original files are supposed to look like on the GitHub repository flarum/flarumtree/v1.8.1 Or you can install a second copy of Flarum and compare the files.

If you see /public in your URL, you should take care of that. Either modify your webroot to use the public folder as base, or move the files around to not have the folder according to our docs https://docs.flarum.org/install#customizing-paths

What you can also do is re-install (maybe use the Zip download for ease), then copy the old config.php file and public/assets folders. Flarum will automatically re-connect to your existing database. Then re-install any missing extension if you had already installed any.

It would be interesting to find what caused the content of index.php to be overridden. I have no idea based on the available information. Were you using any Flarum extension? Flarum doesn't have any ability to override its own code. Most likely yourself over SSH or a software on the hosting ran a command that replaced the index.php content. Worst case scenario would be if an attacker exploited the incorrectly configured public folder, tried to write to the filesystem using an insecure file in vendor, but ended up breaking the index.php instead of whatever they were trying to do. If there's a possibility the hosting was compromised, I'd recommend backing up the database and avatar files (make sure there are no PHP files in the avatars folder), wipe the server, then re-install and restore the database backup.

Knoxtane

clarkwinkelmann

What you can also do is re-install (maybe use the Zip download for ease), then copy the old config.php file and public/assets folders. Flarum will automatically re-connect to your existing database. Then re-install any missing extension if you had already installed any.

So what you are saying is if I go into my "htdocs/public/assets" and download "assets" as a .zip then download my config.php and re-install Flarum, I should be good to go and then reupload "assets.zip" -> unpack -> overwrite and drop the original/old config.php into the installation directory which for me would be (home/htdocs[drop config.php here]) ?

I'm using a freemium webhost service so I don't have complete control over the shared server shard. I have vistapanel/cPanel and my options are very limited. Something I also just discovered is I have two Flarum installations somehow. see below

clarkwinkelmann

Knoxtane all your user/discussion data is in the database and assets folder. Copying config.php saves you time because autherwise you would have to re-create it by hand with your existing database credentials.

Some third-party extensions could store additional data in storage or public.

The safest would be to make a backup, this can be as simple as renaming the existing web folder, re-install, the copy the necessary files between old and new folder.

luceos

clarkwinkelmann unless you know what caused index.php to be changed I don't recommend reusing the assets directory if you allowed users to upload files. You might have allowed bad actors to upload files that could have changed the index.

clarkwinkelmann

luceos absolutely, in my first reply I suggested looking at the files within that folder when backing it up.

If it's a new forum with few users it's probably not a big issue to discard the content. But if many users have uploaded avatars, or of FoF Upload is used, it'll be necessary to keep this data.

For the avatars, it should be enough to check for file extensions. Only keep the .jpg files (there shouldn't be any other file extensions under normal circumstances).

If you had file uploads enabled, checking through those files will be a bit more complicated. The first step is to look for and delete any .php file.

Let's hope the server was not actually hacked, but it's best to be cautious. It will probably be difficult to rule out a hack unless the actual cause is found. If you have full webserver access logs and they are not editable by the webserver shell user, looking at those could also help rule out a hack (check for any GET/POST request to a /vendor/[...] file). But of course if a hacker can edit the log files it's no use.

Some further thoughts about the file content "fileKey not found in session", could this be a bug in the web FTP software your hosting uses? Did you try to edit or move files around using the web file manager? (assuming there is such a feature on your hosting)

I tried doing an exact match search for "fileKey not found in session" on Google, and the 2 results are this discussion and the Flarum discussion index 😅 What a mystery.

luceos

clarkwinkelmann seemed I replied to the wrong post ✌️🤣

Knoxtane

I ended up just re-installing and wiping the server. I was able to easily re-install the extensions.

However, is there an easy way to just remove "/public" from my main domain WITHOUT moving any files around in file manager? I don't want to break anything

clarkwinkelmann

Knoxtane if your hosting supports modifying the "document root" of your virtual host, you can find that setting, and add /public at the end of the value. This is the recommended installation method. Don't forget to then edit config.php to update your forum URL.

If that's not an option, you will have to move the files. If you are re-installing you can pick the Zip download with "public path: no" which has the files correctly placed out of the box.