I can't edit user, 403 Error Forbidden permission access usermgr.php I can't edit user, 403 Error Forbidden permission access usermgr.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

I can't edit user, 403 Error Forbidden permission access usermgr.php

Started by cl9m, December 15, 2010, 02:05:00 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cl9m

Hi,

I've install Cpg 1.5.10 an cpg 1.5.08, with no plugins, in php5, mysql5, chmod ok

In administator mode, I can't edit user, when user have a user_id over 9
(under id10 I can edit over id9 I can't edit)
I've got an error 403

Forbidden

You don't have permission to access /cpg/usermgr.php on this server.

No info in debug mode

my gallery test
http://imago-design.net/cpg/
*** deleted admin login data by André

thx for your help

Αndré

Never post admin login data! I changed the password on your website and removed the login data here.

That's a very odd issue. You always get this error if all three parameters for 'user_id', 'form_token' and 'timestamp' have more than one digit (e.g. http://imago-design.net/cpg/usermgr.php?op=edit&user_id=10&form_token=10&timestamp=10). If you remove one digit for any parameter it 'works' (it won't work as the form token is invalid, but you don't get this strange error message).

Please contact your hosting provider.

cl9m

OK, sorry for login data (this is just an install for testing my bug there is not other informations).

The problem comes from user_id with more than one digit :

This url works
http://imago-design.net/cpg/usermgr.php?op=edit&user_id=9&form_token=9605c77ba45ff90cfe0915dc8fd48f2f&timestamp=1292489865
==> user_id with juste one digit

But this one not works:
http://imago-design.net/cpg/usermgr.php?op=edit&user_id=10&form_token=9605c77ba45ff90cfe0915dc8fd48f2f&timestamp=1292489865
==> same url but user_id has 2 digits

This is really strange !!
I had spent very long time on this bug and I tried many things to solved it. But no success...

Can you explain me why you think the problem comes from provider ??

Thanks a lot.

Αndré

Quote from: cl9m on December 16, 2010, 10:05:19 AM
Can you explain me why you think the problem comes from provider ??
Because:
Quote from: Αndré on December 15, 2010, 02:54:14 PM
You always get this error if all three parameters for 'user_id', 'form_token' and 'timestamp' have more than one digit (e.g. http://imago-design.net/cpg/usermgr.php?op=edit&user_id=10&form_token=10&timestamp=10). If you remove one digit for any parameter it 'works' (it won't work as the form token is invalid, but you don't get this strange error message).

Same happens e.g. when you try to open http://imago-design.net/index.html?asd=10&asd=10&asd=10&asd=10 - if you change just one '10' a '1' or 'a' it works. So it's definitely not related to Coppermine.

cl9m

André Thank you.

the problem comes from my provider OVH, If you have this probleme go to the OVH manager and disable the fire-wall

now it's good

thx