Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

9.03 - 403 error when granting groups via user profile

Quote


403
The link you followed may have expired, or the page may not be accessible to you.


I receive this error when attempting to grant custom groups via member profile pages. I can still add to group via admin panel as usual.

Thanks
It is prolly custom template in the theme, I can not replicate this issue. Still on Atom9?
Atom9: StarCity doesn't have custom profile tpl

Also I can not replicate.
Is there anything different about the build provided by Softoculus?

Any file permissions I should check out via ftp?
I installed PF via Softaculous and everything works fine.

Nothing you sent here, I didn't find.

Try this:

Softaculous installs system with MySQLi driver. In FTP, open config.php and change $db_driver = 'mysqli'; to $db_driver = 'pdo';
Sorry, had a busy week.

Done, but no dice.
Check your Main settings under settings, verify domain and path info so they are correct.
Troubleshooting has concluded that the infusion Avatar Studio is the culprit. Uninstalled and now it works like a charm.
I had it working last night but it popped up again for both me and my assistant Super Admin. At least this time it came up in the log, I think.

Quote

214
215 if (\defender::safe()) {
216 // Store into session
217 $_SESSION['csrf_tokens'][self::pageHash($file)][$form_id][] = $token;
218 // Round robin consume token
219 if (count($_SESSION['csrf_tokens'][self::pageHash($file)][$form_id]) > $max_tokens) {
220 array_shift($_SESSION['csrf_tokens'][self::pageHash($file)][$form_id]);
221 }
222 } else {
223 if (!empty($_SESSION['csrf_tokens'])) {
224 $token_ring = $_SESSION['csrf_tokens'][self::pageHash($file)][$form_id];
Line 224 -- 3 minutes ago
Undefined index: /error.php
225 $ring = array_rand($token_ring, 1);
226 $token = $token_ring[$ring];
227 } else {
228 $_SESSION['csrf_tokens'][self::pageHash($file)][$form_id][] = $token;
229 }
230 }
231
232 // Debugging section
233 if (self::$debug) {
234 if (!self::safe()) {
235
The token is pretty easy to fix on all version 7 infusions. Find all conventional <form> and replace with our function.

replace:

CodeDownload  

$action = FUSION_REQUEST;
echo "<form name='xyz' method='post' action='$action'> "



with:

CodeDownload  

$action = FUSION_REQUEST;
echo openform('xyz', 'post', $action);

I'm not using any community infusions at the moment. All stock aside from CSS.

The avatar studio infusion is currently disabled
You can try to change sessions type to database under Admin > Settings > Security Settings, also up the amount of allowed tokens, perhaps some UF generate more.
Yeah still not working for me or any of my admins.
Cause found: cPanel ModSecurity is not compatible with php-fusion. All admin and user related 403 errors ceased with ModSecurity disabled.
Thread Information
Author
Replies
14 posts
Views
552 times
Last Post
Last updated on 5 months ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, Chan, RobiNN, Scarcer3320