ash992 Posted December 1, 2012 Share Posted December 1, 2012 Hey everyone, So I just set up register and log-in scripts on my site, I've used this script a few times before and it's usually fine but for some reason every time I try to log in the log in page comes up with a 403 error, (Forbidden), Here's the code for the page : <?PHP session_start(); $user = $_POST['user']; $pass = $_POST['password']; $con = mysql_connect("localhost","xxxx","xxxx") or ("Cannot connect!" . mysql_error()); if (!$con) die("Could not connect: " . mysql_error()); mysql_select_db("xxxx" , $con) or die ("could not load the database" . mysql_error()); $check = mysql_query("SELECT * FROM example WHERE `user`='".$user."'"); $numrows = mysql_num_rows($check); if ($numrows == 0) { die ("User does not exist \n"); } else { $pass = md5($pass); while($row = mysql_fetch_assoc($check)) { if ($pass == $row['pass']) $_SESSION['user']="$user"; header("Location: charactercreator/charcreate.php"); else die("Password does not match \n"); } } ?> and here's all the error says :/ : Forbidden You don't have permission to access /login.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache Server at xxxx.com Port 80 I've already checked the file permissions and they're set to 0644, what I assume is normal? So I'm really not sure why I'm getting this error... Anyone got any idea? Thanks very much in advance. Quote Link to comment Share on other sites More sharing options...
requinix Posted December 1, 2012 Share Posted December 1, 2012 You sure you have the right URL? What is the path to the file on the server? I mean the actual filesystem path. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted December 1, 2012 Share Posted December 1, 2012 Also check the ownership, permissions and for symlinks. Not only for the folder which the file resides in, but the parent folders as well. Especially when it comes to permissions and symlinks, ownership is usually only vital to the actual web root and the folders within it. Quote Link to comment Share on other sites More sharing options...
ash992 Posted December 1, 2012 Author Share Posted December 1, 2012 Okay this is very weird... If I open the directory in my browser, and press on the file, It loads successfully, however if my browser re-directs from the page where the user enters his log-in detials, the 403 occurs? I've also tried changing the directory of the file to the root, and made sure the premissions were fine, both didn't help, here's the page where you type your details but it looks fine to me... :s <form action="login.php" method="POST"> <input type="text" value="username" name="user"/><br /> <input type="password" value="password" name="password"/><br /> <input type="submit" value="enter" /> </form> Oh and both; when you press on the link from the directory's URL and when you go from the log-in page's URL, are exactly the same, so it's not a case of a misplaced slash or something:s Quote Link to comment Share on other sites More sharing options...
ash992 Posted December 1, 2012 Author Share Posted December 1, 2012 Oh.. I slightly changed the syntax of the log-in file and now it works? I had a broken if command, but instead of giving me an error it gave me 403. xD Thanks guys. Quote Link to comment Share on other sites More sharing options...
requinix Posted December 1, 2012 Share Posted December 1, 2012 Ah. if ($pass == $row['pass']) $_SESSION['user']="$user"; header("Location: charactercreator/charcreate.php"); else die("Password does not match \n"); Do you have mod_security installed? That's the only thing I know of that changes a 500 (what you should get because of the syntax error) into a 403 (so as to not expose the fact that there was an internal server error). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.