Forum
Perch 2.8.26 403 Problem - Config/inc/auth.php
A strange one,
When navigating to www.mysite.com/perch I get a 403 error.
I tracked it down to line 49 of /perch/config/inc/auth.php, which throws a 403 if $auth_page is true and $CurrentUser->logged_in() is not true.
Looks like $auth_page is always set to be true on /perch/core/index.php.
Obviously $CurrentUser->logged_in() is not true, as I haven't logged in yet. So basically this condition is ALWAYS met, and so header("HTTP/1.0 403 Forbidden", true, 403); is always run. (I've commented it out for now, and it works fine).
Any idea what the issue is here (should $auth_page always be being set to true automatically?)
Thanks,
That's correct because it's the auth page. As soon as you're logged in you get bounced into the app. You'll only be on
/perchif you're not logged in yet, or if you've just logged out.But you have to go to /perch to login - when I go to /perch, I'm given a 403 error (so am unable to login).
That sounds like something you need to raise with your host. That should not be the case and is not an issue with Perch code.
How is the 403 preventing you from logging in?
I am dealing with the hosting, on my own server.
I have uploaded the site in the exact same way I have many times before (this is the first time uploading the current version 2.8.26).
The 403 IS being caused by the following code in /perch/core/inc/auth.php
I know this, as all file permissions and access rights are fine, all files are accessed fine, and commenting out this line stops the 403 being thrown (I have currently commented this line, meaning that the site works fine, and I can login fine).
This if conditions is ALWAYS met whenever I go to www.mywebsite.com/perch, meaning I cannot see the backend user login form.
Bearing all this in mind, I'm not sure how this can be a problem with anything other than the Perch code...
That's correct - what I don't understand is why the 403 status code is stopping you from logging in. What happens?
You're trying to access the application, but first you need to authenticate, so the system responds with a 403 status and presents the login form.
What I don't understand is why that's a problem - what's happening?
Well it's quite simple:
This is a problem, as it means I can't login, and therefore can't access the perch backend (commenting the code in auth.php that sets header 403 fixes the problem, but I don't want to comment out perch code without fully understanding the repercussions).
Where is that coming from?
Perch sets an HTTP 403 status code, but not an error. This is what I'm confused about. Where is the error coming from? Is it a browser thing? Something from your server? What does it look like?
Hi,
I see what you are saying - it's possibly a difference in how windows servers handle 403 status code?
As an example, I added this code to a php file
So possible a windows server issue...
Ah, so the server itself is replacing our output? Sounds like just the sort of thing IIS would do.
Leave the header commented out for now, and we'll make it conditional in the next build.
Sure - sorry to have been a pain!
Believe me I will not be keeping a windows server for long - just one of those awful things I've inherited saddly...
I think we've probably not seen this as most people running Windows are doing so with Apache in a dev environment rather than with IIS in production.