Forbidden 403 Error trigerred upon submitting form

Dear friends, I’ve been fighting to solve an error (Forbidden
You don’t have permission to access /0admin/fauna/fauna_pic_exec2b.php
on this server.) trigerred when submitting data from fauna_pic_exec to the file above.

I scrutinised the code and unbelievable the error goes away when the attribute name in the form is removed, which sends filename to exec2b to delete it. When I replace exec2b with a dummy empty file, I still get the error indicating that the problem is with in posting php: fauna_pic_exec.php

Code:

case 2:

    $stm_pic = $db->prepare("Select spp,numpic,king from $db_main WHERE spp=?") ;  
    $stm_pic->execute(array($picfunc[0]));
    $img = $stm_pic->fetch();
    
    print "<center><h4>Delete main images from <b> $img[0] </b></b> profile currently with $img[1] images. </h4></center><br>";
      
    print '<form enctype="multipart/form-data" action="fauna_pic_exec2b.php" method="post">';
    print '<input type="hidden" name="species" value="' . $img[0] . '">'; 
    print '<input type="hidden" name="picnum" value="' . $img[1] . '">';  
    print '<input type="hidden" name="king" value="' . strtoupper($img[2]) . '">';
    print '<input type="hidden" name="auth_foto" value="'. $user . '">';

    print '<table border=1 align="center" width ="800">
                <tr bgcolor="white">
                <td width="550" align="center"> Image file </td>
                <td width ="50" align="center"> Delete </td>
                </tr>';
                
        $spp         = trim($img[0]); 
        $sppdir     = $picdir . strtoupper($img[2]) . "/" . dir_path($spp);     // print "[".$sppdir."]<br>";
        

    for ($p=0; $p <= $img[1]-1; $p++ )
        {    $filename     = str_replace(" ", "_", $spp);  
            $filename     = str_replace(".", "", $filename);    
            if ($p==0 )     { 
                            $destfile = $sppdir . $filename . '.jpg';
                            $filename = $filename . '.jpg';
                             $lastfile = $destfile ; }
        
            else             {
                            $destfile = $sppdir . $filename . ($p+1) . '.jpg'; 
                            $lastfile = $sppdir . $filename . $img[1] . '.jpg';
                            $filename = $filename . ($p+1) . '.jpg'; }
         

    print '    
    <tr> 
     <td align="right">'.$filename.' &nbsp; <font size=0>['.$lastfile.'] </font)</td>
     <td align="center"> <input name="df" type="radio" value="'.$destfile.'">  </td>
     </tr>';


    
    } // end of for loop

    
    print '</table><center>';
    print '<input name="lf" type="hidden"  value='.$destfile.'>';
    print '<br>    <input style='.$bu1.' type="reset" name="reset" value=" Reset Filenames " >  &nbsp;&nbsp; &nbsp;&nbsp; 
                <input style='.$bu3.' type="submit" name="send" value=" Delete this Image " >'; 
    print '</form></center>';

    $db = null;
    break;

When I remove name=“df” (hidden type) and name=“lf” (radio type) both passing filenames, the error goes away but no action since filenames are missing in the next execting script. What the heck is wrong with this - went crazy

Some explanation:

The first part of the routine fetches data from DB to build up the filenames.

2nd part: headers, palin info anf table construction

3rd part loop to build a list of filenames with radio button for user to select and delete. the filenames are always in the order name.jpg, name2.jpg, name3.jpg, name4.jpg…
$lastfile is needed to be renamed to the deleted file so as if user delete name2.jpg, name4.jpg is renamed to name2.jpg and so keeps the filing structure as above.

The deletion is executed in the next file, so this script only prepares the filenames and pass them on.

On the remote server, dir set to 755 files to 644
On local it works and deletion is successful, error only on remote

this is an example of the filename passed from input:
File to be deleted: Papillifera_papillaris4.jpg
Full path: …/…/!faunafungi/ANIMALIA/Papillifera_papillaris/Papillifera_papillaris4.jpg

?!?!

Oh God, finally I found a more specific error. The form is trying to pass the data with fullpath:
…/…/!faunafungi/ANIMALIA/Papillifera_papillaris/Papillifera_papillaris4.jpg
When instead I tried to pass a dummy value=“hi.jpg”, the error was not trigerred.

what is making the server not digesting the string and pass it on through the form?

It sounds like it might just be a permissions problem, if it works locally but not on the server.

What user are all of these files owned by? If it’s not the web server user (apache or www-data or what have you) then that could be the culprit, if they’re all 644.

Jeff, read my third post were I explained what the problem was, but only circumvented the solution.

I think $destfile has a wrong path, to be sure view source and see if it is what you expect.

The contents of $destfile are good but the string of the path was: …/…/!faunafungi/ANIMALIA/Papillifera_papillaris/Papillifera_papillaris4.jpg

For some reason, the server did not liked the part “…/…/!” When I chucked out that part, no error was given. maybe ‘/!’ is the apex of the spine! Well I solved it by passing from Animalia onwards and then added the …/…/! part in the successive php.

p.s. And how one is supposed to understand what was going on - 10hrs of my life for this error which had nothing to do with permissions!

‘…/…/!faunafungi/ANIMALIA/Papillifera_papillaris/Papillifera_papillaris4.jpg’ is not a full path.

‘/var/www/html/!faunafungi/ANIMALIA/Papillifera_papillaris/Papillifera_papillaris4.jpg’ (or whatever) is a full path.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.