Same problem here. After the barrage of emails to upgrade I finally relented, and now discover that the login is broken. Curiously, it's only the main login that is  broken. If I use the "Quick connect" form at the bottom left of the elegant theme, I can login just fine.

Any idea why one login form results in a "403 Forbidden" error and the other one works without a hitch? I've been writing software for decades and will pull this apart if I have to, but I figured I'd see if anyone had an answer first before I waste more time with this problematic upgrade.

The only guess I have at the moment is that the main login form starts on sitename.com/identification.php, whereas the "Quick connect" form starts on just sitename.com. Since the login action calls identification.php, perhaps there's something wonky with the code when it calls back to itself when already on that page. Just a wild guess, though.

FWIW, I have the same problem logging in as well

I can't get in from
.../identification.php

But I can through using
.../admin.php

If it were a server configuration like one of the PHP modules, I'd expect it to fail across the board. The fact that it works from one place within Piwigo but not another tells me the problem is in the application itself.

I'm going to do some live debugging later when I get a chance to see how the execution chain of the two different logins run. Hopefully that will expose where one is going astray.

Sadly it didn't work for me

TabulaRetina wrote:

Also, if your Piwigo installation isn't at the root level of the site, then my hack may not work as written. You'd have to change the line to the base page level of your Piwigo site, something like:

<input type="hidden" name="redirect" value="https://www.mysite.com/photos">

I'm using a subdomain and I guess I should have known better to begin with. I tweaked the address and it works now. Thanks

I'm guessing the subdomain is causing the issue I'm having with this
https://piwigo.org/forum/viewtopic.php?id=29678

Last edited by RonS (2019-10-20 15:21:44)

TabulaRetina wrote:

Well, I've hacked in a fix for my sites. The problem is this line in theme/default/template/identification.tpl:

<input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">

The value argument is rendered as empty on my login pages, which apparently is treated either as a null or a URL outside the application's scope. Either way, it's triggering the "403 Forbidden" error. It's not the identification.php page which is the problem, that just happen to be the page the application is on when it tries to redirect to the invalid URL and fails out.

By changing the line to the below, users are redirected to the main page of the site after logging in:

<input type="hidden" name="redirect" value="/">

I'll be using this hack until the page is patched proper. Hope the trick helps other folks here too.

@TabulaRetina.. I can't thank you enough enough for this hack! Hats off to you!!!

Before finding this post, I installed and re-installed Piwigo 3 times because of the dreaded 403 error when trying to log in. I have been using the latest Piwago 11.3.0 and I can't believe this bug hasn't been fixed yet. Your comment was posted on 10/19/19 and there have been numerous versions if Piwago released since then.

so let's me resume:
the user access to the page identification.php
the user has a normal access to it
the user can and enters his credentials
the user is redirected to a 403 page after validating his credentials

right?

if that's the case, there is no need to panic. You are logged in, you just go to your gallery url.

We might need to refine the code to get a safer url to redirect to, but that's not a blocking or severe issue.


@kadulazarini your issue is not the one described here since you are in the config page
please open a new thread with more about the exact url and changes you were making