403 Forbidden, Just Not Sure Why...

[ash992]

Hey everyone, So I just set up register and log-in scripts on my site, I've used this script a few times before and it's usually fine but for some reason every time I try to log in the log in page comes up with a 403 error, (Forbidden), Here's the code for the page :

 

<?PHP
session_start();
$user = $_POST['user'];
$pass = $_POST['password'];


$con = mysql_connect("localhost","xxxx","xxxx") or ("Cannot connect!" . mysql_error());
if (!$con)
die("Could not connect: " . mysql_error());

mysql_select_db("xxxx" , $con) or die ("could not load the database" . mysql_error());


$check = mysql_query("SELECT * FROM example WHERE `user`='".$user."'");
$numrows = mysql_num_rows($check);
if ($numrows == 0)
{
die ("User does not exist \n");
}
else
{
$pass = md5($pass);
while($row = mysql_fetch_assoc($check))
{
if ($pass == $row['pass'])
$_SESSION['user']="$user";
header("Location: charactercreator/charcreate.php");
else
die("Password does not match \n");
}
}


?>

 

 

and here's all the error says :/ :

 

 

Forbidden

 

You don't have permission to access /login.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache Server at xxxx.com Port 80

 

I've already checked the file permissions and they're set to 0644, what I assume is normal? So I'm really not sure why I'm getting this error... Anyone got any idea?

 

Thanks very much in advance.

[requinix]

You sure you have the right URL? What is the path to the file on the server? I mean the actual filesystem path.

[Christian F.]

Also check the ownership, permissions and for symlinks. Not only for the folder which the file resides in, but the parent folders as well. Especially when it comes to permissions and symlinks, ownership is usually only vital to the actual web root and the folders within it.

[ash992]

Okay this is very weird... If I open the directory in my browser, and press on the file, It loads successfully, however if my browser re-directs from the page where the user enters his log-in detials, the 403 occurs? I've also tried changing the directory of the file to the root, and made sure the premissions were fine, both didn't help, here's the page where you type your details but it looks fine to me... :s

 

<form action="login.php" method="POST">
<input type="text" value="username" name="user"/><br />
<input type="password" value="password" name="password"/><br />
<input type="submit" value="enter" />
</form>

 

Oh and both; when you press on the link from the directory's URL and when you go from the log-in page's URL, are exactly the same, so it's not a case of a misplaced slash or something:s

[ash992]

Oh.. I slightly changed the syntax of the log-in file and now it works? I had a broken if command, but instead of giving me an error it gave me 403. xD Thanks guys.

[requinix]

Ah.

if ($pass == $row['pass'])
$_SESSION['user']="$user";
header("Location: charactercreator/charcreate.php");
else
die("Password does not match \n");

Do you have mod_security installed? That's the only thing I know of that changes a 500 (what you should get because of the syntax error) into a 403 (so as to not expose the fact that there was an internal server error).