[eluser]dwlamb[/eluser]
A web site I have published is generating the error stated below when a valid user submits form content to be stored in the database:
Code:
Forbidden
You don't have permission to access /index.php/user/add on this server.
Additionally, a 404 Not Found error was encountered while trying to use an
ErrorDocument to handle the request.
This is a private web site. All users have to log-in. Some users can add content. Using CI sessions there is an added field of edit, with a value of 0 or 1 retrieved from the user's record in the user table, copied to the user_data session array at the time of log-in. The variable $this->session->userdata('edit') is used for if statements in the controller and views. Value of 1, user will see links that will bring up views (forms) to edit or add content.
This is a snippet for how I am using the variable to set menu items:
Code:
<?php if ($this->session->userdata('edit') == 1) { ?>
<li><a href="<?php echo site_url().'/user/add'; ?>">Add</a></li>
<?php }; ?>
This is the logic for the processing of form data. This function is in the controller file user.php:
Code:
function add(){
if ($this->session->userdata('logged_in') ){
//runs form validation
if ( $this->form_validation->run() == FALSE ) {
//if false, redisplays the form and data with failed fields highlghted
}//if
if ($this->form_validation->run() == TRUE) {
//processes the data and stores in the database
}//form validation run
} else {
redirect ("user/login");
} //if...else
}//add
Examining the database after one of these Forbidden errors, no data is inserting. A redisplayed form due to validation error(s) is not happening either. These factors lead me to believe this is a server problem more than a CodeIgniter issue. If you look at the attached file it shows a screen shot of the error received in the browser (either Firefox or Chrome, other browsers not in use yet), it is not the usual CodeIgniter appearance for an error generated from a mistake in CI code.
The add/edit content forms are working well. As stated above, the error occurs at time of form submission. As well, it is only happening on the hosting company's server. I have checked the permissions of user.php and they are 644 like the rest of the files.
CSRF was mentioned as a factor at another site I posted to. It is not enabled. The configuration for sessions has not been changed from the defaults. Time-out is still 7200 seconds.
What are possible fixes? If it is a server issue, what do I look for or ask my hosting company to look at? If it is a CI sessions issue, in the documentation CodeIgniter states it uses a system different from $_SESSION super global. Is it wise to copy the user data to that array and have the code look up the data from that variable array? Or do I create a distinct array and save the keys there?
Thanks for taking the time to read this.