Forum

Thread tagged as: Problem, Installation, Configuration

Perch 2.8.26 403 Problem - Config/inc/auth.php

A strange one,

When navigating to www.mysite.com/perch I get a 403 error.

I tracked it down to line 49 of /perch/config/inc/auth.php, which throws a 403 if $auth_page is true and $CurrentUser->logged_in() is not true.

Looks like $auth_page is always set to be true on /perch/core/index.php.

Obviously $CurrentUser->logged_in() is not true, as I haven't logged in yet. So basically this condition is ALWAYS met, and so header("HTTP/1.0 403 Forbidden", true, 403); is always run. (I've commented it out for now, and it works fine).

Any idea what the issue is here (should $auth_page always be being set to true automatically?)

Thanks,

Matthew Lymer

Matthew Lymer 1 points

  • 5 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

That's correct because it's the auth page. As soon as you're logged in you get bounced into the app. You'll only be on /perch if you're not logged in yet, or if you've just logged out.

But you have to go to /perch to login - when I go to /perch, I'm given a 403 error (so am unable to login).

Rachel Andrew

Rachel Andrew 394 points
Perch Support

That sounds like something you need to raise with your host. That should not be the case and is not an issue with Perch code.

Drew McLellan

Drew McLellan 2638 points
Perch Support

How is the 403 preventing you from logging in?

I am dealing with the hosting, on my own server.

I have uploaded the site in the exact same way I have many times before (this is the first time uploading the current version 2.8.26).

The 403 IS being caused by the following code in /perch/core/inc/auth.php

    if (!$CurrentUser->logged_in() && $auth_page) {
        header("HTTP/1.0 403 Forbidden", true, 403);
    }

I know this, as all file permissions and access rights are fine, all files are accessed fine, and commenting out this line stops the 403 being thrown (I have currently commented this line, meaning that the site works fine, and I can login fine).

This if conditions is ALWAYS met whenever I go to www.mywebsite.com/perch, meaning I cannot see the backend user login form.

Bearing all this in mind, I'm not sure how this can be a problem with anything other than the Perch code...

Drew McLellan

Drew McLellan 2638 points
Perch Support

That's correct - what I don't understand is why the 403 status code is stopping you from logging in. What happens?

You're trying to access the application, but first you need to authenticate, so the system responds with a 403 status and presents the login form.

What I don't understand is why that's a problem - what's happening?

Well it's quite simple:

  • Currently I am not logged in.
  • To log in, I navigate to /perch
  • Instead of being presented with the login form, I receive a 403 error, and so the form doesn't load in
  • I am therefore unable to login

This is a problem, as it means I can't login, and therefore can't access the perch backend (commenting the code in auth.php that sets header 403 fixes the problem, but I don't want to comment out perch code without fully understanding the repercussions).

Drew McLellan

Drew McLellan 2638 points
Perch Support

Instead of being presented with the login form, I receive a 403 error, and so the form doesn't load in

Where is that coming from?

Perch sets an HTTP 403 status code, but not an error. This is what I'm confused about. Where is the error coming from? Is it a browser thing? Something from your server? What does it look like?

Hi,

I see what you are saying - it's possibly a difference in how windows servers handle 403 status code?

As an example, I added this code to a php file

header("HTTP/1.0 403 Forbidden", true, 403);
  • when run on a linux/apache server, it works as you suggest (page still loads, just with a 403 in the background).
  • when run on windows iis 8 (the server with my current issue) the 403 manifests itself by fully blocking all of the pages content and just showing a large "403 Forbidden - server error" text.

So possible a windows server issue...

Drew McLellan

Drew McLellan 2638 points
Perch Support

Ah, so the server itself is replacing our output? Sounds like just the sort of thing IIS would do.

Leave the header commented out for now, and we'll make it conditional in the next build.

Sure - sorry to have been a pain!

Believe me I will not be keeping a windows server for long - just one of those awful things I've inherited saddly...

Drew McLellan

Drew McLellan 2638 points
Perch Support

I think we've probably not seen this as most people running Windows are doing so with Apache in a dev environment rather than with IIS in production.