Announcement

#1 2019-10-17 18:40:01

jtheeuwes
Member
2019-04-17
2

You don't have permission to access /piwigo/identification.php

Hello,

I can't login thru the link : http://www.hijgendhert.be/photo/piwigo/ … cation.php

I always get the error:
403 Forbidden page with message: You don't have permission to access /photo/piwigo/identification.php on this server.

I can login thru the link of the update:
http://www.hijgendhert.be/photo/piwigo/ … ge=updates

What is wrong here?

Piwigo version: 2.10.1
PHP version: 5.6.40
MySQL version: 5.5.58
Piwigo URL: http://www.hijgendhert.be/photo/piwigo/

Offline

 

#2 2019-10-18 04:57:10

TabulaRetina
Member
2016-05-11
17

Re: You don't have permission to access /piwigo/identification.php

Same problem here. After the barrage of emails to upgrade I finally relented, and now discover that the login is broken. Curiously, it's only the main login that is  broken. If I use the "Quick connect" form at the bottom left of the elegant theme, I can login just fine.

Any idea why one login form results in a "403 Forbidden" error and the other one works without a hitch? I've been writing software for decades and will pull this apart if I have to, but I figured I'd see if anyone had an answer first before I waste more time with this problematic upgrade.

The only guess I have at the moment is that the main login form starts on sitename.com/identification.php, whereas the "Quick connect" form starts on just sitename.com. Since the login action calls identification.php, perhaps there's something wonky with the code when it calls back to itself when already on that page. Just a wild guess, though.

Offline

 

#3 2019-10-18 10:02:36

jtheeuwes
Member
2019-04-17
2

Re: You don't have permission to access /piwigo/identification.php

Thanks for the tip, this works!!
Hopefully you will find the final solution, please post it afterwards.

Offline

 

#4 2019-10-18 16:00:57

RonS
Member
2019-10-17
7

Re: You don't have permission to access /piwigo/identification.php

FWIW, I have the same problem logging in as well

I can't get in from
.../identification.php

But I can through using
.../admin.php

Offline

 

#5 2019-10-18 17:05:15

erAck
Only trying to help
2015-09-06
2059

Re: You don't have permission to access /piwigo/identification.php

Maybe [Forum, topic 28846] Problem with identification.php helps, specifically [Forum, post 174751 by Mahdi196 in topic 28846] Problem with identification.php (i.e. disable mod_security); maybe there's also some bad version detection of 2.10.x (i.e. too stupid by character comparison resulting in 2.10 < 2.9)


Running Piwigo at https://erack.net/gallery/

Offline

 

#6 2019-10-18 17:35:20

TabulaRetina
Member
2016-05-11
17

Re: You don't have permission to access /piwigo/identification.php

If it were a server configuration like one of the PHP modules, I'd expect it to fail across the board. The fact that it works from one place within Piwigo but not another tells me the problem is in the application itself.

I'm going to do some live debugging later when I get a chance to see how the execution chain of the two different logins run. Hopefully that will expose where one is going astray.

Offline

 

#7 2019-10-19 04:24:21

TabulaRetina
Member
2016-05-11
17

Re: You don't have permission to access /piwigo/identification.php

Well, I've hacked in a fix for my sites. The problem is this line in theme/default/template/identification.tpl:

<input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">

The value argument is rendered as empty on my login pages, which apparently is treated either as a null or a URL outside the application's scope. Either way, it's triggering the "403 Forbidden" error. It's not the identification.php page which is the problem, that just happen to be the page the application is on when it tries to redirect to the invalid URL and fails out.

By changing the line to the below, users are redirected to the main page of the site after logging in:

<input type="hidden" name="redirect" value="/">

I'll be using this hack until the page is patched proper. Hope the trick helps other folks here too.

Offline

 

#8 2019-10-19 15:22:21

RonS
Member
2019-10-17
7

Re: You don't have permission to access /piwigo/identification.php

Sadly it didn't work for me

Offline

 

#9 2019-10-19 16:02:43

TabulaRetina
Member
2016-05-11
17

Re: You don't have permission to access /piwigo/identification.php

If it's not working, perhaps see if you are using another theme which has its own identification template that overrides the default one. If you've edited the correct template, this line should appear when you view the login page source:

<input type="hidden" name="redirect" value="/">

If it is there and still doesn't work, then there's something further amiss unfortunately.

Also, if your Piwigo installation isn't at the root level of the site, then my hack may not work as written. You'd have to change the line to the base page level of your Piwigo site, something like:

<input type="hidden" name="redirect" value="https://www.mysite.com/photos">

Last edited by TabulaRetina (2019-10-19 16:03:07)

Offline

 

#10 2019-10-20 15:19:47

RonS
Member
2019-10-17
7

Re: You don't have permission to access /piwigo/identification.php

TabulaRetina wrote:

Also, if your Piwigo installation isn't at the root level of the site, then my hack may not work as written. You'd have to change the line to the base page level of your Piwigo site, something like:

<input type="hidden" name="redirect" value="https://www.mysite.com/photos">

I'm using a subdomain and I guess I should have known better to begin with. I tweaked the address and it works now. Thanks

I'm guessing the subdomain is causing the issue I'm having with this
https://piwigo.org/forum/viewtopic.php?id=29678

Last edited by RonS (2019-10-20 15:21:44)

Offline

 

#11 2019-10-21 03:32:52

elaurin
Member
2019-10-20
1

Re: You don't have permission to access /piwigo/identification.php

I had the same problem. When logging in, it would redirect to .../identification.php, and would give a "Forbidden 403" error.

In m case, it only acted up on mobile devices. I solved the problem by removing installed themes (keeping only Bootstrap, which is what m site uses). I had several themes active, maybe one was creating a conflict?

Offline

 

#12 2021-02-20 20:43:31

ksimones
Member
2020-12-16
1

Re: You don't have permission to access /piwigo/identification.php

TabulaRetina wrote:

Well, I've hacked in a fix for my sites. The problem is this line in theme/default/template/identification.tpl:

<input type="hidden" name="redirect" value="{$U_REDIRECT|@urlencode}">

The value argument is rendered as empty on my login pages, which apparently is treated either as a null or a URL outside the application's scope. Either way, it's triggering the "403 Forbidden" error. It's not the identification.php page which is the problem, that just happen to be the page the application is on when it tries to redirect to the invalid URL and fails out.

By changing the line to the below, users are redirected to the main page of the site after logging in:

<input type="hidden" name="redirect" value="/">

I'll be using this hack until the page is patched proper. Hope the trick helps other folks here too.

@TabulaRetina.. I can't thank you enough enough for this hack! Hats off to you!!!

Before finding this post, I installed and re-installed Piwigo 3 times because of the dreaded 403 error when trying to log in. I have been using the latest Piwago 11.3.0 and I can't believe this bug hasn't been fixed yet. Your comment was posted on 10/19/19 and there have been numerous versions if Piwago released since then.

Offline

 

#13 2021-03-06 04:58:25

kadulazarini
Member
2021-03-06
1

Re: You don't have permission to access /piwigo/identification.php

I have the same problem. When savings new configuration I get the "Forbidden 403 error. Access to this resource on the server is denied!". None above has worked.

Last edited by kadulazarini (2021-03-06 04:59:15)

Offline

 

#14 2021-03-08 12:08:39

flop25
Piwigo Team
2006-07-06
7037

Re: You don't have permission to access /piwigo/identification.php

so let's me resume:
the user access to the page identification.php
the user has a normal access to it
the user can and enters his credentials
the user is redirected to a 403 page after validating his credentials

right?

if that's the case, there is no need to panic. You are logged in, you just go to your gallery url.

We might need to refine the code to get a safer url to redirect to, but that's not a blocking or severe issue.


@kadulazarini your issue is not the one described here since you are in the config page
please open a new thread with more about the exact url and changes you were making


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#15 2021-05-05 06:28:33

TabulaRetina
Member
2016-05-11
17

Re: You don't have permission to access /piwigo/identification.php

Wow, and the Piwigo team breaks it again! This time I get the 403 error when using the Single Mode edit page (bulk edit of multiple photos). It 403's me with bad permissions when I save the page. Yet I can edit each photo individually.

This broke very recently. How about you put it back the way it was? Or at least regression test these changes. Freaking unbelievable how touchy the permissions are in this thing. If I wasn't so invested in the product from years of using it I'd ditch it tomorrow.

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact