Recent Topics

1 Dec 29, 2010 21:26    

My b2evolution Version: Not Entered

Hi,
I have a v3.3.3 blog and can change and save all admin pages, except the 'Features'. I tried at first to cange 'allow comment on all posts', and got:

Forbidden
You don't have permission to access /blog/admin.php on this server.

Tried then to save the page without any changes at all, with same results. All other admin pages are allowed to edit and save ...

Any idea what to do?

regards
Tyrone

2 Mar 31, 2013 21:41

Two years later

Did anyone solve this as I have just come across the same problem?

4.1.6

3 Mar 31, 2013 21:59

Is this repeatable over time?

4 Mar 31, 2013 22:21

Hi Thanks

Yes for some week or two. I was too busy to think about it then. Been looking at the data base, but think it must be a fault of the calling file as the url is only **************/blog/admin.php with no action. But why I get a 403 error ???

All other admin options are ok.

I though it may have been a database issue as I upgraded and may have a password conflict, if the admin.php file has such a record - but then why would other admin options work - anyway I'm not recieving an email to change password, though I have checked the recorded email ??

5 Mar 31, 2013 22:26

Just checked admin.php - now remember I checked it before

//Check global permission:
if( ! $current_User->check_perm( 'admin', 'restricted' ) )
{	// No permission to access admin...
	require $adminskins_path.'_access_denied.main.php';
}


So it seems at this point as the current user I'm not admin ??

EDIT

The features url is ***********/blog/admin.php?ctrl=coll_settings&tab=features&blog=12

6 Mar 31, 2013 22:40

Just before that code try adding:

echo $current_User->ID;

What user Id does it show?

7 Mar 31, 2013 22:55

Added code but sadly it goes to a 403 error page. I'll have to stop that.

meanwhile I've looked at the data base table [coll_settings] and notice the ID is 1 for all entries and there is also duplicate entries for the first two lines with an ID of 2

EDIT

Even if I comment out the above code it goes to a 403 error so no luck on echoing the user ID

8 Mar 31, 2013 22:55

Can you post a screenshot of your 403?

Maybe you get that from your webhost and not from b2evolution...

Maybe they have some stupid "security" module (like mod_security) installed that thinks you are trying to hack your own site.

Who's your hosting company? What kind of hosting plan do you have?

Also you can try:


echo $current_User->ID;
exit();

9 Mar 31, 2013 23:03

Ha
!

I host my own site and the 403 is my own creation so it should only arise when there is no page. It's just an shtml page in the root

EDIT yes I do get just a [1] with the exit! I could have done that before

10 Mar 31, 2013 23:20

Ok I am now clutching at straws
1. What about the ID issue and duplicate records in the table
2. I have a header referal issue on new posts
Notice: Undefined index: HTTP_REFERER in /home/rogerlov/public_html/blog/skins/blood_wine/posts.main.php on line 135

11 Mar 31, 2013 23:22

By the way thanks for your attention fplanque- much appreitiated

12 Mar 31, 2013 23:38

There is no duplicate records issue as far as I can see. cset_coll_ID + cset_name is different for each line. The primary key is made of 2 columns here.

back to the topic: if you are saying the 403 page is an SHTML page, then it's not $adminskins_path.'_access_denied.main.php'; right?

So it's not b2evolution displaying that page.

You must have created a rule somewhere that kicks in where you don"t want it to kick in.

13 Mar 31, 2013 23:51

Ok the undefined header issue is a come and go thing so may not be related.
Ok looking at the table closely I see the IDs are for the different blogs so i can forget about the duplication issue

The problem practically is that I can't use the option in features to hide one of the blog from the 'public blog list'

I am wondering what the record is that sets the 'hide form public blog list' maybe until I can solve this problem I can set it via the database

It is only the features page that gives the 403 error.

14 Mar 31, 2013 23:55

Yes you can probably poke into the DB but I don't know exactly what field controls public listing of the blog.

However I would suggest your turn off (even temporarily) your 403 'off limits' setup.

15 Mar 31, 2013 23:58

Haven't created any rules.

Wondering why the url is just admin.php and where the code is for the features tab??

When I upgraded to 4.1.6 I copied the database and upgrade that. Only since then has there been an issue. it worked fine before that

Maybe there is a permissions error on a file ?

Going to try a new basic skin

16 Apr 01, 2013 00:01

Nope it's not the skin : (

17 Apr 01, 2013 00:02

It's a POST request. The data is POSTed intead of being concatenated to the URL as it is with GET requests.

I still believe a "stupid" module like mod_security in your apache configuration that thinks you are hacking yourself. You should disabled that.

It is entirely possible that module kicks in in v4 and not in v3. You can try to install v4.1.6 from scratch in a different database and different directory to see what happens.

I don't think there is any problem with your DB nor your skin.

18 Apr 01, 2013 02:44

Ok I'll look at the mod_security issue, but would that allow all the other admin options and just stop the ones on the features page?

19 Apr 01, 2013 04:09

Yes it would. Mod_security might pick on one very specific Param of that settings page.

20 Apr 01, 2013 13:53

No luck so far. I have a virtual resller hosting account. My providers have just told me

Could you please let me know what domain this is for please as on your rogerlovejoy.net domain the last mod_security match was on the 4th of January.

So if I understand it hasn't been invoked for a couple of months. I'm just confirming that.

I have noticed other 403 errors have come and gone since I last posted. I removed the new blog I was setting up and it cut me off all the others/ I was getting sent to the wrong blog when I clicked on a post link??

21 Apr 01, 2013 14:15

Yes, that's correct. There are not any recent entries in the log which show mod_security blocking anything on your domain.

So it appears that mod_security is not the issue.

I have added another blog tp replace the one delete earlier and the error is more prevelant. I can't use the expert option on write and can't save posts. Both options now give a 403 error.

I'd love to understnd what is happening but for expedience i may just delete the installation and start from scratch. My fear is that there is some mess in the database and I'll inflict the same problem on any new installation.

My earlier install was 2.4.7 this one 4.1.6

22 Apr 01, 2013 18:37

I repeat myself: You can try to install v4.1.6 from scratch in a different database and different directory to see what happens. I don't think there is any problem with your DB nor your skin.

23 Apr 02, 2013 22:46

I've just had my host reset. Installed 4.1.4 via Fantastico, rather than manually, and still the same, except I have the compounded issue of not being able to write a post. So I'm back to my host.

25 Apr 04, 2013 14:41

Thanks, Francois, is it. It seems sorted now. My host is voosevers.com

Can you give it a try now I think I have got it working with a few changes to modsecurity.

I will now try and install my old database over the default and see how that runs.

Thanks again for your help it seems you were on the ball from kickoff.

27 Apr 05, 2013 21:55

Glad you're back on track.

Mod_security is a pita almost every time a host uses it.


Form is loading...