Drupageddon - Updating to Drupal 7.32 is not enough, your site may already be hacked!
Following up on the Drupageddon, I noticed something weird on one of my servers. While patching sites to Drupal 7.32, I noted that on some of the sites database.inc was already updated with todays date! I was sure nobody made the change so I went into investigating this more.
I made a diffcheck via git and discovered there was additional file on my server!
Drupageddon - SA-CORE-2014-005 - Drupal 7 SQL injection exploit demo
Yesterday Drupal security team announced highly critical bug at https://www.drupal.org/SA-CORE-2014-005. Looking at the actual patch which is simply:
How to reset admin password in Drupal 7
Previously for Drupal 6 site, when you forgot or didn't know the admin password, you could easily change it via database by following query:
UPDATE users SET pass = MD5('mynewpassword') WHERE uid = 1;
However if you tried that in Drupal 7 site you will see it doesn't work! Thats because Drupal 7 stores a salted SHA512 hash instead of MD5 hex hash. To get new password you must use the user_hash_password('mypassword') function (located in includes/password.inc), then paste it into the database.
Drupal 7 comes with jquery cookie plugin which can be find under
This plugin can be used to check if user is logged in or not directly from Jquery. We do that by checking if the cookie DRUPAL_UID exists and its value is not equal to 0.
Theming Drupal 7 user login page
Since I didn't find a good tutorial for theming the Drupal login page I wrote one here.
Getting a page template for the user login page should be as easy as copying your page.tpl.php file and renaming it to page--user-login.tpl.php. Problem is when I tested this It didn't run on /user but only on /user/login page. To get the same template file to run on both you must add to your template.php:
Drupal 7 - LinkedIn login module
If you are looking for a way to add Linkedin login/signup buttons to your Drupal 7 website then you came to the right place. Only module that seems to provide Linkedin integration is LinkedIn module but unfortunately its only available in dev version and quickly after enabling it I figured out its not working well to be used on production sites.