Set PHP file upload size limit

It’s easy, just config the php.ini. But there is four setting we need to check:

For example in .htaccess:

If you set upload_max_filesize 100M but leave post_max_size 50M, you will only allow to upload 50M. That is a place we need to notice.

More check here:  How to upload big files

Drupal commerce orders not process with Paypal payment

We have a site based on Drupal Commerce and Paypal WPS payment method. After launch, we found some orders by Paypal is stuck in the status of “Checkout: Confirm order” and not go to the next status.

After checking we find when a Paypal payment finished,  the user will be gave two options. One is go back to our site, another is go to Paypal site. And if a user chose the second option, we will lost the order confirmation from Paypal.

Luckily I find Paypal has a “auto return” option for us. So we can force user to redirect to our site after he/she finished the payment, without giving a option to Paypal site.

It works but has some exceptions. We still found some orders are not confirmed after set our Paypal to “auto return”.

The issue be found when a user chose Paypal but select the credit card to pay. This is called “Paypal account optional”, and if this one is turning on, the user using credit card will not be redirected. As in the Paypal docs said:

Note: If you have turned on Auto Return and have chosen to turn on PayPal Account Optional for new users, a new user will not be automatically directed back to your website, but will be given the option to return.

So turn off this option will fix the issue.

For more solutions, we can look at this discussion on “When completing the checkout process” never fires if a rule sets order complete on IPN

The solution works around “auto redirect”:

Drupal mobile site for Acquia cloud

Responsive mobile theme is not in this scope. Here is talking about dedicated theme for mobile devices.

Acquia cloud is using Varnish. For theme switch solution, it has a problem.

Here is Acquia documentation for mobile:  Enabling device-based redirects

And another one about back to desktop version:  Circumvent mobile redirects with a desktop cookie

So in my understanding, it requires us to give a different mobile domain, usually subdomain like to your mobile version.

Create a cron job in Linux

Add cronjob to crontab

Follow this one:

Here is a good Cron Job tutorial: How to Create a Cron Job (Scheduled Task) for Your Website or Blog

Use below command to create/edit crontab:

Use below command to list crontab:

Check if cronjob is running

After add a crontab, if it is not working. You can check the log, in my server, it is like this:

Ubuntu may has different log location:

You can see just cron jobs in that logfile by running

Different server may have different path. Check this answer to find more:

Check output

If there is no MTA installed, cron just throws the job output away. The above log will only record the cron running history.

Also, check log you may will see this error:

Linux uses mail for sending notifications to the user. Most Linux distributions have an mail service (including an MTA) installed. Ubuntu doesn’t though. You can install a mail service, postfix for example, to solve this problem.

Check more:

Or you can not send mail by add  2>&1  to not send mail like below. Log them into log file.

Below cron job will redirect all standard output and errors that may be produced by the script that is run to the log file specified:

Drush and cronjob

If you are using Drupal, you may need Drush. Using drush in the cronjob is same as other script. But you may will get “Can’t run drush from cron” error.

My simple solution is like this:

Replace “/var/www/html” to your Drupal site root path.
Replace “/home/ubuntu/.composer/vendor/bin” to your Drush install location.
Create any log file to replace “/var/log/mycron.log”.
For the reason and other solutions, check following links:

Git note

Git: How to view file diff before commit

You’re looking for git diff. Depending on your exact situation, there are three useful ways to use it:

It’ll work recursively on directories, and if no paths are given, it shows all changes.

Git: git ignore files only locally(Prevent local changes getting pushed in Git)

Patterns which are specific to a particular repository but which do not need to be shared with other related repositories (e.g., auxiliary files that live inside the repository but are specific to one user’s workflow) should go into the $GIT_DIR/info/exclude file.

The .git/info/exclude file has the same format as any .gitignore file. You can also set core.excludesfile to the name of a file containing global patterns.

If you already have unstaged changes you must then run:

To get it back if one day you need it:

Note on $GIT_DIR: This is a notation used all over the git manual simply to indicate the path to the git repository. If the environment variable is set, then it will override the location of whichever repo you’re in, which probably isn’t what you want.

Git commads

Checkout remote branch



After a Drupal site got hacked

Just like last year’s Drupal security issue, Drupal sites not updated are easily got hacked. To recover from that, it’s better to restore everything from a clean backup( files & db ).

But if you don’t have a clean backup, and the database has too much data you can’t simply rebuild the site. Then maybe here is something you can do. But remember, there is no 100% guarantee you can remove all the backdoors and malwares.


Look at this simple step to confirm that you were hacked: How to Check Your Drupal Site Security

As in above article mentioned, you need to notice the data table ‘menu_route’, searching for file_put_contents like below:

Also look at the users & users_roles tables. Here are some typical names that the hackers used:

  • drupaldev
  • megauser
  • system
  • admin122


Using some module to check the site:

There is a module called Drupalgeddon which was designed to look for back doors.

The module creators say very honestly that this module is not perfect. It may miss some exploits and it may produce some false positives, but it may also help you uncover some suspicious files.

There are other modules that may help including Hacked and Site Audit.

You can find modified files based on date: Linux / Unix: Find Files Modified On Specific Date

Update your site as soon as possible.

Finally, install some module to secure your site:

Find files modified on specific date or date period

Following works on Godaddy linux shared hosting:

For other command, check this post: