Topic: I can't edit user, 403 Error Forbidden permission access usermgr.php (Read 6240 times)

cl9m · « **on:** December 15, 2010, 02:05:00 pm »

Hi,

I've install Cpg 1.5.10 an cpg 1.5.08, with no plugins, in php5, mysql5, chmod ok

In administator mode, I can't edit user, when user have a user_id over 9
(under id10 I can edit over id9 I can't edit)
I've got an error 403

Forbidden

You don't have permission to access /cpg/usermgr.php on this server.

No info in debug mode

my gallery test
http://imago-design.net/cpg/
*** deleted admin login data by André

thx for your help

Αndré · « **Reply #1 on:** December 15, 2010, 02:54:14 pm »

Never post admin login data! I changed the password on your website and removed the login data here.

That's a very odd issue. You always get this error if all three parameters for 'user_id', 'form_token' and 'timestamp' have more than one digit (e.g. http://imago-design.net/cpg/usermgr.php?op=edit&user_id=10&form_token=10&timestamp=10). If you remove one digit for any parameter it 'works' (it won't work as the form token is invalid, but you don't get this strange error message).

Please contact your hosting provider.

cl9m · « **Reply #2 on:** December 16, 2010, 10:05:19 am »

OK, sorry for login data (this is just an install for testing my bug there is not other informations).

The problem comes from user_id with more than one digit :

This url works
http://imago-design.net/cpg/usermgr.php?op=edit&user_id=9&form_token=9605c77ba45ff90cfe0915dc8fd48f2f&timestamp=1292489865
==> user_id with juste one digit

But this one not works:
http://imago-design.net/cpg/usermgr.php?op=edit&user_id=10&form_token=9605c77ba45ff90cfe0915dc8fd48f2f&timestamp=1292489865
==> same url but user_id has 2 digits

This is really strange !!
I had spent very long time on this bug and I tried many things to solved it. But no success...

Can you explain me why you think the problem comes from provider ??

Thanks a lot.

Αndré · « **Reply #3 on:** December 16, 2010, 11:09:01 am »

Quote from: cl9m on December 16, 2010, 10:05:19 am

Can you explain me why you think the problem comes from provider ??

Because:

Quote from: Αndré on December 15, 2010, 02:54:14 pm

You always get this error if all three parameters for 'user_id', 'form_token' and 'timestamp' have more than one digit (e.g. http://imago-design.net/cpg/usermgr.php?op=edit&user_id=10&form_token=10&timestamp=10). If you remove one digit for any parameter it 'works' (it won't work as the form token is invalid, but you don't get this strange error message).

Same happens e.g. when you try to open http://imago-design.net/index.html?asd=10&asd=10&asd=10&asd=10 - if you change just one '10' a '1' or 'a' it works. So it's definitely not related to Coppermine.

cl9m · « **Reply #4 on:** December 17, 2010, 06:07:53 pm »

André Thank you.

the problem comes from my provider OVH, If you have this probleme go to the OVH manager and disable the fire-wall

now it's good

thx

News:

Author Topic: I can't edit user, 403 Error Forbidden permission access usermgr.php (Read 6240 times)

cl9m

I can't edit user, 403 Error Forbidden permission access usermgr.php

Αndré

Re: I can't edit user, 403 Error Forbidden permission access usermgr.php

cl9m

Re: I can't edit user, 403 Error Forbidden permission access usermgr.php

Αndré

Re: I can't edit user, 403 Error Forbidden permission access usermgr.php

cl9m

Re: I can't edit user, 403 Error Forbidden permission access usermgr.php