Cannot Download New Modules From Admin Page

[daniel-not-dan]

Greetings - 

I'm having an issue when I try to use the Modules admin page to download a new module to my PW installation.

It was working on my localhost installation, but now that I'm on a production server what happens is:

• I navigate to Modules->New
• I find the ModuleClassName from the Module info page and put it into the input box
• Click "Download and Install"
• I get a warning prompt in red saying "Ensure that you trust the source of the ZIP file above before continuing!"
• I click "Download and Install" again
• And then a green bar and a red bar appear at the top of the screen...
  • The green bar says "Download cancelled"
  • The red bar says "File could not be downloaded: https://github.com/jdart/ElasticSearchProcessWire/archive/master.zip"
• Nothing gets added to my Modules folder or downloaded.

Has anyone come across this issue who can provide some suggestions on how to fix it?

Thanks!

[adrian]

Is your modules directory writeable?

Try turning on debug mode and see if there is a more informative error message.

[daniel-not-dan]

My permissions for Modules are 755, which I set to recurse through all subfiles and subfolders. Is that correct? I also tried it with 777, but neither setting seemed to work. Where can I find some help on what the permissions should be set to?

I changed my config.php to set Debug on, but I'm not sure where to find the error log. I opened up assets/logs/errors.txt but that didn't have anything from today in it - only older errors.

I recently posted in the Pixlr module forum about an issue with Pixlr not saving my edited images correctly (which Adrian, you responded too - thanks!) - I wonder if the issues are related.

[adrian]

The exact required mod (eg 755) permission is not possible to determine without knowing the user/group of the owner of the directory/file and also the apache user. Usually 755 is sufficient for directories in most web server setups, but if you tested with 777 then that should rule out any owner issues.

Debug mode usually gives you more verbose error messages right in line where you are running things, but the error log is found under site/assets/logs/errors.txt - let us know if anything shows up there.

I don't think this is related to your Pixlr issue as they were saving, just with a new name - correct?

I wonder if the module download issue is due to the server not having file_get_contents or allow_url_fopen available? I haven't investigated properly to se how well the modules downloader checks for and reports if these are missing. Have you tried with Soma's Modules Manager to see if it works?

Also, what version of PW?

[daniel-not-dan]

OK, it WAS allow_url_fopen! That was the problem - my hosting provider didn't have it enabled.

I have added "allow_url_fopen = 1" to my php.ini file. However, my host is MediaTemple Grid Service and they recommend only using that as a temporary fix. Is it particularly dangerous to leave it in the php.ini file, though? Should I ask them about it? (Yeah, probably, but I just think this forum is SO much more helpful than your typical support technician.)

In addition to the module downloader now working correctly, it has also fixed the problem I was having with Pixlr (here). So now the question is - should I leave that line in my php.ini file, or is there some other way of enabling allow_url_fopen?

Thanks so much for your help!

[adrian]

Well allow_url_fopen can only be set in the php.ini file (or your apache conf file). Take a look at this list which can come in very handy:

http://docs.php.net/manual/en/ini.list.php

While there is some risk in having this enabled, I'd say that it is a pretty common requirement to have this available, so I wouldn't worry too much about it. If you're really concerned, it is possible to enable it via your apache conf / htaccess file instead and that way you can limit it to specific directories, eg:

<Directory /var/www/wire>
    php_admin_flag allow_url_fopen on
</Directory>

You could even limit it to a specific file if you wanted, but I wouldn't get too carried away. 

I'd be curious to know whether your host also blocks curl and file_get_contents and whether Ryan could implement (if it isn't already in there) an alternative using these.

Maybe others will chime in with their opinions too.

[daniel-not-dan]

Thanks again, Adrian! I really appreciate your help. I don't see my Apache conf file in the directory structure, and the knowledgebase has no answers on where it might be, so maybe it is hidden. Is it possible to set that up in the .htaccess file for the site? Or will it only work in the apache conf file?

If anyone else would like to chime in, I'd like to hear your opinions. As far as security, it's not like I'm building a site for Time Warner or something, and there's nothing that needs to particularly be protected on the site, but I'd rather err on the side of caution.

Thanks again!

[adrian]

Sorry, yes that setting should also be able to go in an htaccess file. I have gotten in the habit of using the config file sometimes for these sorts of things, so wasn't thinking. I adjusted the post above to reflect that. 

[adrian]

Just a head's up - as of today, the dev version of PW now supports CURL if allow_url_fopen is disabled (https://github.com/ryancramerdesign/ProcessWire/commit/bbd7569de8f9b398d35e2a12226a4e34b1224bf8) so if your host supports that by default, you may not need to do any modifications to get modules downloading automatically.