Pages: 1 2
Hello,
I can't login thru the link : http://www.hijgendhert.be/photo/piwigo/ … cation.php
I always get the error:
403 Forbidden page with message: You don't have permission to access /photo/piwigo/identification.php on this server.
I can login thru the link of the update:
http://www.hijgendhert.be/photo/piwigo/ … ge=updates
What is wrong here?
Piwigo version: 2.10.1
PHP version: 5.6.40
MySQL version: 5.5.58
Piwigo URL: http://www.hijgendhert.be/photo/piwigo/
Offline
Same problem here. After the barrage of emails to upgrade I finally relented, and now discover that the login is broken. Curiously, it's only the main login that is broken. If I use the "Quick connect" form at the bottom left of the elegant theme, I can login just fine.
Any idea why one login form results in a "403 Forbidden" error and the other one works without a hitch? I've been writing software for decades and will pull this apart if I have to, but I figured I'd see if anyone had an answer first before I waste more time with this problematic upgrade.
The only guess I have at the moment is that the main login form starts on sitename.com/identification.php, whereas the "Quick connect" form starts on just sitename.com. Since the login action calls identification.php, perhaps there's something wonky with the code when it calls back to itself when already on that page. Just a wild guess, though.
Offline
Thanks for the tip, this works!!
Hopefully you will find the final solution, please post it afterwards.
Offline
FWIW, I have the same problem logging in as well
I can't get in from
.../identification.php
But I can through using
.../admin.php
Offline
Maybe [Forum, topic 28846] Problem with identification.php helps, specifically [Forum, post 174751 by Mahdi196 in topic 28846] Problem with identification.php (i.e. disable mod_security); maybe there's also some bad version detection of 2.10.x (i.e. too stupid by character comparison resulting in 2.10 < 2.9)
Offline
If it were a server configuration like one of the PHP modules, I'd expect it to fail across the board. The fact that it works from one place within Piwigo but not another tells me the problem is in the application itself.
I'm going to do some live debugging later when I get a chance to see how the execution chain of the two different logins run. Hopefully that will expose where one is going astray.
Offline
Well, I've hacked in a fix for my sites. The problem is this line in theme/default/template/identification.tpl:
<input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">
The value argument is rendered as empty on my login pages, which apparently is treated either as a null or a URL outside the application's scope. Either way, it's triggering the "403 Forbidden" error. It's not the identification.php page which is the problem, that just happen to be the page the application is on when it tries to redirect to the invalid URL and fails out.
By changing the line to the below, users are redirected to the main page of the site after logging in:
<input type="hidden" name="redirect" value="/">
I'll be using this hack until the page is patched proper. Hope the trick helps other folks here too.
Offline
Sadly it didn't work for me
Offline
If it's not working, perhaps see if you are using another theme which has its own identification template that overrides the default one. If you've edited the correct template, this line should appear when you view the login page source:
<input type="hidden" name="redirect" value="/">
If it is there and still doesn't work, then there's something further amiss unfortunately.
Also, if your Piwigo installation isn't at the root level of the site, then my hack may not work as written. You'd have to change the line to the base page level of your Piwigo site, something like:
<input type="hidden" name="redirect" value="https://www.mysite.com/photos">
Last edited by TabulaRetina (2019-10-19 16:03:07)
Offline
TabulaRetina wrote:
Also, if your Piwigo installation isn't at the root level of the site, then my hack may not work as written. You'd have to change the line to the base page level of your Piwigo site, something like:
<input type="hidden" name="redirect" value="https://www.mysite.com/photos">
I'm using a subdomain and I guess I should have known better to begin with. I tweaked the address and it works now. Thanks
I'm guessing the subdomain is causing the issue I'm having with this
https://piwigo.org/forum/viewtopic.php?id=29678
Last edited by RonS (2019-10-20 15:21:44)
Offline
I had the same problem. When logging in, it would redirect to .../identification.php, and would give a "Forbidden 403" error.
In m case, it only acted up on mobile devices. I solved the problem by removing installed themes (keeping only Bootstrap, which is what m site uses). I had several themes active, maybe one was creating a conflict?
Offline
TabulaRetina wrote:
Well, I've hacked in a fix for my sites. The problem is this line in theme/default/template/identification.tpl:
<input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">
The value argument is rendered as empty on my login pages, which apparently is treated either as a null or a URL outside the application's scope. Either way, it's triggering the "403 Forbidden" error. It's not the identification.php page which is the problem, that just happen to be the page the application is on when it tries to redirect to the invalid URL and fails out.
By changing the line to the below, users are redirected to the main page of the site after logging in:
<input type="hidden" name="redirect" value="/">
I'll be using this hack until the page is patched proper. Hope the trick helps other folks here too.
@TabulaRetina.. I can't thank you enough enough for this hack! Hats off to you!!!
Before finding this post, I installed and re-installed Piwigo 3 times because of the dreaded 403 error when trying to log in. I have been using the latest Piwago 11.3.0 and I can't believe this bug hasn't been fixed yet. Your comment was posted on 10/19/19 and there have been numerous versions if Piwago released since then.
Offline
I have the same problem. When savings new configuration I get the "Forbidden 403 error. Access to this resource on the server is denied!". None above has worked.
Last edited by kadulazarini (2021-03-06 04:59:15)
Offline
so let's me resume:
the user access to the page identification.php
the user has a normal access to it
the user can and enters his credentials
the user is redirected to a 403 page after validating his credentials
right?
if that's the case, there is no need to panic. You are logged in, you just go to your gallery url.
We might need to refine the code to get a safer url to redirect to, but that's not a blocking or severe issue.
@kadulazarini your issue is not the one described here since you are in the config page
please open a new thread with more about the exact url and changes you were making
Offline
Wow, and the Piwigo team breaks it again! This time I get the 403 error when using the Single Mode edit page (bulk edit of multiple photos). It 403's me with bad permissions when I save the page. Yet I can edit each photo individually.
This broke very recently. How about you put it back the way it was? Or at least regression test these changes. Freaking unbelievable how touchy the permissions are in this thing. If I wasn't so invested in the product from years of using it I'd ditch it tomorrow.
Offline
Pages: 1 2