May 17, 2012, 11:20:51 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Join the BIGACE Team
 
   Home   Help Search Login Register  
Community Forum > Support > Installation > Admin Error: 403 Forbidden
Pages: [1]
« previous next »
  Print  
Author Topic: Admin Error: 403 Forbidden  (Read 4314 times)
0 Members and 1 Guest are viewing this topic.
jmokie
Newbie
*
Posts: 9
« on: November 17, 2009, 03:46:04 PM »
Had to upload the files to my host after extracting on my machine.

Got the code uploaded and installed
Got an "installation complete" message
Finally I get to the login, and at last to the HOME page.

When I click on Administration -- I get:
 Error: 403 Forbidden   
 
SECURITY WARNING: Your referer does not match the root url.

I need interpretation?Huh

Manage portlets and edit content appear to work.
Logged
Kevin
Global Moderator
Bigace Guru
*****
Posts: 3045



WWW
« Reply #1 on: November 18, 2009, 07:09:36 PM »
Someone else reported that bug also. It seems to exist only for some user, I currently don't know why. Probably a browser/privacy setting.

I will turn theis check of by default for 2.7.1.

Till then you could edit the file "system/command/admin.cmd.php" and remove the check - somewhere around line ~545
Logged
Searching for help, join the Team! | Get Plugins | Support Bigace with a donation.
jmokie
Newbie
*
Posts: 9
« Reply #2 on: November 19, 2009, 02:00:22 AM »
Thanks Kevin
I commented out n 545 to ln 559 and everything seemed to work alright.  now need to explore and learn the system
Jerry
Logged
Kevin
Global Moderator
Bigace Guru
*****
Posts: 3045



WWW
« Reply #3 on: November 19, 2009, 03:25:02 PM »
I am glad you finally made it - sorry for the bugs, will be fixed with 2.7.1!
Have fun Smiley
Logged
Searching for help, join the Team! | Get Plugins | Support Bigace with a donation.
fathex
Team
Bigace Pro
*****
Posts: 133
« Reply #4 on: November 19, 2009, 08:20:36 PM »
This function seems to cause problems when bigace is installed in a subdirectory, e.g. yourdomain.com/cms/
I faced the same problem. RewriteBase is set to cms/ and BIGACE_ROOT_DIR ist also set to cms/
Perhaps it has something to do with this configuration...
Logged
fathex
Team
Bigace Pro
*****
Posts: 133
« Reply #5 on: November 19, 2009, 08:49:10 PM »
Ok. I have a solution, but I do not know if it breaks csrf attack protection.
The referer $_SERVER['HTTP_REFERER'] normally has the following form: httƿ://wwwexamplecom/subdirectory/
and the variable $_SERVER['SERVER_NAME'] has the corresponding value wwwexamplecom
However under the circumstances I mentioned in my last post (even if I do not know which setting exactly is responsable for this misbehaviour) the variable $_SERVER['SERVER_NAME'] has the value examplecom and therefore causes a mismatch

I replaced lines 553 and 554
Code:
        if($checkCsrf || (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'http://' . $_SERVER['SERVER_NAME']) !== 0 
        && strpos($_SERVER['HTTP_REFERER'], 'https://' . $_SERVER['SERVER_NAME']) !== 0)) {
with the following lines
Code:
        if($checkCsrf || (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'http://' . $_SERVER['SERVER_NAME']) !== 0 
&& strpos($_SERVER['HTTP_REFERER'], 'http://www.' . $_SERVER['SERVER_NAME']) !== 0
&& strpos($_SERVER['HTTP_REFERER'], 'https://www.' . $_SERVER['SERVER_NAME']) !== 0
        && strpos($_SERVER['HTTP_REFERER'], 'https://' . $_SERVER['SERVER_NAME']) !== 0)) {
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by SMF | Simple Machines LLC