Reputation: 183
I have a blog with a add-post.php
page which contains a simple form with the action:
<form id="form" action="add-post-php.php" method="POST" enctype="multipart/form-data">
I then have the file, add-post-php.php
in the same folder as add-form.php
. So I enter the details of my blog into the form and press submit and get:
Forbidden
You don't have permission to access /add-post-php.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I've tested this on my localhost and it works correctly, the permission of the file is set at 0644, but I've also tried it at 0755, with no improvement. There is nothing wrong with my .htaccess file and there are no other .htaccess files in the directory.
My add-post-php.php
script in full is:
<?php
include("php/settings.php"); // Contains DB Connections
?>
<?php
$id= time();
$month = date("m");
$year = date("Y");
$path = "images/posts/$year/$month/";
$section = $_POST["section"];
$category = $_POST["category"];
$credit = $_POST["credit"];
$title = ucwords($_POST["title"]);
$text = $_POST["text"];
$exclusive = $_POST["exclusive"];
$added = date("Y-m-d H:i:s");
$photo = $_FILES["photo"]["name"];
$ext = substr(strrchr($photo, '.'), 1);
?>
<?php
$insert_sql = "INSERT INTO posts (id, section, category, credit, title, article, exclusive, added) VALUES('$id', '$section', '$category', '$credit', '$title', '$text', '$exclusive', '$added')";
$insert_res = mysqli_query($con, $insert_sql);
if(mysqli_affected_rows($con)>0){
move_uploaded_file($_FILES["photo"]["tmp_name"],"$path" . $id . "." . $ext);
}
else{
echo "0";
exit();
};
?>
<?php
header("Location: post.php?id=$id");
exit();
?>
Does anyone have any idea why I'm getting the Forbidden Error when the file clearly exists and it's permissions are correct?
Here is my .htaccess:
Options -MultiViews
DirectoryIndex posts.php
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^posts/([0-9]+)/?$ posts.php?currentpage=$1 [NC,L,QSA]
RewriteRule ^section/([\w-]+)/?$ section.php?section=$1 [NC,L,QSA]
RewriteRule ^section/([\w-]+)/([0-9]+)/?$ section.php?section=$1¤tpage=$2 [NC,L,QSA]
RewriteRule ^posts/([\w-]+)/?$ posts.php?category=$1 [NC,L,QSA]
RewriteRule ^posts/([\w-]+)/([0-9]+)/?$ posts.php?category=$1¤tpage=$2 [NC,L,QSA]
RewriteRule ^post/([0-9]+)/([\w-]+)/?$ post.php?id=$1&title=$2 [NC,L,QSA]
RewriteRule ^sites/([0-9]+)/?$ sites.php?currentpage=$1 [NC,L,QSA]
RewriteRule ^posts posts.php
RewriteRule ^section section.php
RewriteRule ^sites sites.php
RewriteRule ^about about.php
RewriteRule ^advertise advertise.php
RewriteRule ^subscribe subscribe.php
Folder structure:
I've just checked the php error log again and I'm seeing these messages:
[Thu Oct 22 13:04:14.575567 2015] [:error] [pid 1041578] [client 74.125.76.51:56087] File does not exist: /home/fulldist/public_html/***.com/feed.php,
[Thu Oct 22 09:53:14.646744 2015] [:error] [pid 944286] [client 31.13.113.90:59997] File does not exist: /home/fulldist/public_html/***.com/blog.php.
It's true that feed.php and blog.php don't exist, but why is it trying to look them up?
Upvotes: 0
Views: 65
Reputation: 94662
Is this not wrong
header("Location: post.php?id=$id");
Dont you need this as a header
header("Location: posts/$id");
based on this rule
RewriteRule ^posts/([0-9]+)/?$ posts.php?currentpage=$1 [NC,L,QSA]
Upvotes: 1