Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Forrm submission generating Forbidden error
Forrm submission generating Forbidden error
  • El Forum
    Guest
  •  
#1
06-07-2014, 10:13 AM

[eluser]dwlamb[/eluser]
A web site I have published is generating the error stated below when a valid user submits form content to be stored in the database:
Code:
Forbidden

    You don't have permission to access /index.php/user/add on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an
    ErrorDocument to handle the request.

This is a private web site. All users have to log-in. Some users can add content. Using CI sessions there is an added field of edit, with a value of 0 or 1 retrieved from the user's record in the user table, copied to the user_data session array at the time of log-in. The variable $this->session->userdata('edit') is used for if statements in the controller and views. Value of 1, user will see links that will bring up views (forms) to edit or add content.

This is a snippet for how I am using the variable to set menu items:
Code:
<?php if ($this->session->userdata('edit') == 1) { ?>
    <li><a href="&lt;?php echo site_url().'/user/add'; ?&gt;">Add</a></li>
&lt;?php }; ?&gt;
This is the logic for the processing of form data. This function is in the controller file user.php:
Code:
function add(){
    if ($this->session->userdata('logged_in') ){
            //runs form validation
        if ( $this->form_validation->run() == FALSE ) {
            //if false, redisplays the form and data with failed fields highlghted
        }//if
        if ($this->form_validation->run() == TRUE) {
            //processes the data and stores in the database
        }//form validation run
    } else {
        redirect ("user/login");
    } //if...else
}//add
Examining the database after one of these Forbidden errors, no data is inserting. A redisplayed form due to validation error(s) is not happening either. These factors lead me to believe this is a server problem more than a CodeIgniter issue. If you look at the attached file it shows a screen shot of the error received in the browser (either Firefox or Chrome, other browsers not in use yet), it is not the usual CodeIgniter appearance for an error generated from a mistake in CI code.

The add/edit content forms are working well. As stated above, the error occurs at time of form submission. As well, it is only happening on the hosting company's server. I have checked the permissions of user.php and they are 644 like the rest of the files.

CSRF was mentioned as a factor at another site I posted to. It is not enabled. The configuration for sessions has not been changed from the defaults. Time-out is still 7200 seconds.

What are possible fixes? If it is a server issue, what do I look for or ask my hosting company to look at? If it is a CI sessions issue, in the documentation CodeIgniter states it uses a system different from $_SESSION super global. Is it wise to copy the user data to that array and have the code look up the data from that variable array? Or do I create a distinct array and save the keys there?

Thanks for taking the time to read this.
  • El Forum
    Guest
  •  
#2
06-07-2014, 11:19 AM

[eluser]InsiteFX[/eluser]
First make sure you can connect to your database. Create a php file in your root.
Code:
&lt;?php
$db_conx = mysqli_connect("localhost", "user", "password", "database_name");
// Evaluate the connection
if (mysqli_connect_errno()) {
    echo mysqli_connect_error();
    exit();
} else {
echo "Successful database connection, happy coding!!!";
}
?&gt;

Second check the database access rights.
  • El Forum
    Guest
  •  
#3
06-07-2014, 03:30 PM

[eluser]CroNiX[/eluser]
Are you sure the form is posting to the correct url? if you remove all of the logic in your add() method and add an echo 'add'; to it does it display the message when clicking the link? Are you using ajax to submit the form? It's a bit confusing because you mention a form and are using form validation, but in your HTML it shows an anchor going to /user/add.
  • El Forum
    Guest
  •  
#4
06-11-2014, 09:00 AM

[eluser]dwlamb[/eluser]
Following InsiteFX's suggestion, I retested the connection then selecting or inserting from the database. Connecting and selecting were possible. Inserting was not.

Examining privileges for this user and the database, I discovered that while All Privileges was checked, none of the individual privileges was checked. (See attachment.) I ignored the All Privileges check-box and manually checked each of the other boxes. Conducting small tests like the ones outlined above and then interacting with the form on the site, I am getting results I expect.

Things I don't understand:

1. How can All Privileges be checked and none of the other check-boxes checked?

I have gone back and tried to check All Privileges and then uncheck the others individually. It's not possible. From interacting with Panelbox on this host often to set-up users and associate them with a database, I know it is not usual for the state I found described above.

2. Programmatically, since there is only one user and set of privileges associated with a CodeIgniter site, how was the admin for this site able to insert 5 records in the database before a Forbidden error started being returned from the server?

I did not outline it when I first posted this thread, but the Forbidden error did not happen right away with uploading and running the site from the server. Since the admin was able to submit five completed forms perfectly before starting to receive errors, I presumed it was a Sessions problem. This contention was also arrived at because sometimes deleting the cookie and then logging in, I or the admin was able to submit a form and the data was inserted in the database.




Theme © iAndrew 2016 - Forum software by © MyBB