search

exponentcms / exponent-cms

Content Management, Simple.
exponentcms.org
GNU General Public License v2.0
60 stars 24 forks source link

Authorization Failed when saving #1456

Closed exponentcms closed 4 years ago

exponentcms commented 4 years ago

www.sandtoft.org - I have today upgraded to 2.4.1 then applied patch 5. When I first went in to edit, the old blank edit window problem occurred. I copied the config.js you gave me for the other site and now it goes into edit OK.

However when I Save it gives me Authorization Failed. See attached.

exponentcms commented 4 years ago

Other admin functions seem OK, just the editor. Not tested everything though.

exponentcms commented 4 years ago

What were you trying to save? What level of user account (system/1st admin, super-admin, admin, user with permissions)?

exponentcms commented 4 years ago

Just a straightforward text module edit then save with my super admin account I was using before the update. Also tried another super user login with same result.

exponentcms commented 4 years ago

You might go into site configuration, security tab and turn ON 'Disable Privacy Check?' This enhanced security can be led astray if many pages have been moved.

exponentcms commented 4 years ago

It is already ticked ON. Your dleffma1nt login is still there if you need a look. Peter.

exponentcms commented 4 years ago

Which page? I'm able to edit/save text in the top text module on the home page.

I've noticed is a possible corrupt or extra file in the /framework/core/forms/js folder? There is one .php file with seven .js files. the .php file basically loads all the other files in the folder appending them to the page's javascript for file input.

The error being appended/inserted directly into the page's javascript is

PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20090626/imagick.so' - libMagickWand.so.2: cannot open shared object file: No such file or directory in Unknown on line 0
exponentcms commented 4 years ago

I have noticed sometimes a text edit saves first time but then not. I am working on the page "http://www.sandtoft.org/events".

Edit the calendar, switch to source, then Save. Fails every time.

Anything outside of Themes and Files is the result of running the update to 2.4.1 then Patch 5. I have not touched anything else.

exponentcms commented 4 years ago

Looks like the errors are a php server configuration error. Either php was incorrectly compiled, or the imagick module is missing? Don't think it necessarily is associated with the issue though.

exponentcms commented 4 years ago

Not sure if I can do anything about PHP problems, I'll need to contact the site owner.

If it's not associated with the issue, I guess it's not so urgent? I'm about to do a major update to the content, which I've modelled in the development server over the last week. Anything you can do to get me going again would be gratefully appreciated.

exponentcms commented 4 years ago

Just looking, I see we're on 5.6. There's an option to change to 7. Would that cause me any different problems?

exponentcms commented 4 years ago

Also, this site is not hosted on one of my Fasthosts servers.It's with Hostrocket.

exponentcms commented 4 years ago

Seems to be working OK now. Did you do anything? Peter.

exponentcms commented 4 years ago

Oops sorry. Not working. Was on the dev site and hadn't switched back. Any idea when you can get to this please, I do need to get the huge number of updates done. Thanks.

exponentcms commented 4 years ago

Though I can see the issue on your site, I'm unable to reproduce it locally and am perplexed as to the logic being induced...what version were you running prior to installing 2.4.1?

exponentcms commented 4 years ago

2.3.5 if I remember rightly.

exponentcms commented 4 years ago

Don't know if this is relevant, just been checking server error logs and found this:

[Wed May 10 20:33:44.725832 2017] [autoindex:error] [pid 1004754:tid 139763451340544] [client 66.249.64.128:64748] AH01276: Cannot serve directory /home/sandtof/public_html/external/yui/3.18.1/build/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive

I'm supposed to get last 300 errors but this is the only one in the list, although it behaves as if it was loading more. I looked in both live (Hostrocket) and development (Fasthosts) sites and there is no index.php in that folder in either case, thus I don't know if relevant or not.

exponentcms commented 4 years ago

Regarding the error, YUI is a javascript library and has no .php files, also not sure why server would be building an index...though it's irrelevant (I believe).

You are receiving an http 403 Authorization Failed error, which normally means you are trying to access a page or location which you are not allowed to see, This could be a soft 403 generated by Exponent (a page which is not public and you don't have view permissions which can not be the case for an admin/super-admin), or it could also be if the server is attempting to access a physical file/folder on the system which it doesn't have permission to read.

You might try running one of the two optional 'security' upgrade scripts.

Basically the alternate script ensures all files/folders are set to 775 with the primary script ensuring they are at 755. It is an optional script, so it is only run during an upgrade if is selected to run.

Normally, I would expect you to be receiving an error of 'You don't have permission to xxx' if it was related to any regression bug as a result of the recent security enhancements, but the 403 error is confounding me.

exponentcms commented 4 years ago

Ran the alternate, said OK. Clicked to go to a page - internal server error. Can't access anything now. Site broken.

exponentcms commented 4 years ago

Thu May 11 10:05:35.006044 2017] [:error] [pid 129229:tid 139763587708672] [client 82.22.148.130:55109] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:05:34.989469 2017] [:error] [pid 129229:tid 139763587708672] [client 82.22.148.130:55109] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:05:32.028829 2017] [:error] [pid 129231:tid 139763598198528] [client 82.22.148.130:55108] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:05:31.897758 2017] [:error] [pid 129228:tid 139763587708672] [client 82.22.148.130:55107] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:05:31.628088 2017] [:error] [pid 129230:tid 139763440850688] [client 82.22.148.130:55106] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:05:31.609373 2017] [:error] [pid 129230:tid 139763440850688] [client 82.22.148.130:55106] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:04:12.378350 2017] [:error] [pid 129228:tid 139763629668096] [client 82.22.148.130:55052] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:04:12.360421 2017] [:error] [pid 129228:tid 139763629668096] [client 82.22.148.130:55052] SoftException in Application.cpp:262: File "/home/sandtof/public_html/login.php" is writeable by group [Thu May 11 10:03:16.881701 2017] [:error] [pid 129227:tid 139763587708672] [client 82.22.148.130:55049] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:03:16.864196 2017] [:error] [pid 129227:tid 139763587708672] [client 82.22.148.130:55049] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:02:57.738167 2017] [:error] [pid 129471:tid 139763472320256] [client 34.223.218.57:57243] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:02:57.721977 2017] [:error] [pid 129471:tid 139763472320256] [client 34.223.218.57:57243] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:02:36.888440 2017] [:error] [pid 129228:tid 139763535259392] [client 82.22.148.130:55046] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:02:36.761448 2017] [:error] [pid 129227:tid 139763751802624] [client 82.22.148.130:55047] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 10:02:36.491279 2017] [:error] [pid 129471:tid 139763556239104] [client 82.22.148.130:55045] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group, referer: http://www.sandtoft.org/index.php [Thu May 11 10:02:36.474502 2017] [:error] [pid 129471:tid 139763556239104] [client 82.22.148.130:55045] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group, referer: http://www.sandtoft.org/index.php [Thu May 11 10:01:59.864682 2017] [:error] [pid 129232:tid 139763608688384] [client 82.22.148.130:54995] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group, referer: http://www.sandtoft.org/index.php [Thu May 11 10:01:59.845806 2017] [:error] [pid 129232:tid 139763608688384] [client 82.22.148.130:54995] SoftException in Application.cpp:632: Directory "/home/sandtof/public_html/framework" is writeable by group, referer: http://www.sandtoft.org/index.php

exponentcms commented 4 years ago

Sorry, I've not seen that before, looks like the server strictly forbids allowing group write (775/664) permissions on files. (Therefore) It needs all files/folders set to a 755/644 permission.

Do you have ssh shell access? or can you set file permissions via a cpanel like dashboard?

exponentcms commented 4 years ago

Just logged in with FileZilla and attempting to change.

exponentcms commented 4 years ago

I have recursed 775 through all Exponent folders plus files / themes. I still have the 500 internal server error.

[Thu May 11 11:18:47.492017 2017] [:error] [pid 129232:tid 139763503789824] [client 82.39.66.14:50014] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group, referer: http://www.sandtoft.org.uk/ [Thu May 11 11:18:46.691738 2017] [:error] [pid 129227:tid 139763566728960] [client 82.39.66.14:50013] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group, referer: http://www.visitdoncaster.com/whats-on/weekend-trolley-days [Thu May 11 11:18:46.673917 2017] [:error] [pid 129227:tid 139763566728960] [client 82.39.66.14:50013] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group, referer: http://www.visitdoncaster.com/whats-on/weekend-trolley-days [Thu May 11 11:18:00.529056 2017] [:error] [pid 129228:tid 139763524769536] [client 82.22.148.130:57498] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 11:18:00.398220 2017] [:error] [pid 129229:tid 139763619178240] [client 82.22.148.130:57497] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 11:18:00.124774 2017] [:error] [pid 129472:tid 139763629668096] [client 82.22.148.130:57496] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group [Thu May 11 11:18:00.106918 2017] [:error] [pid 129472:tid 139763629668096] [client 82.22.148.130:57496] SoftException in Application.cpp:262: File "/home/sandtof/public_html/index.php" is writeable by group

Help!!

exponentcms commented 4 years ago

I can access text files on the root folder, but cannot do anything else. From the server error log ( not the control panel log which I previously sent), typical errors:

[11-May-2017 13:37:55 UTC] PHP Warning: include(eucookie.php): failed to open stream: No such file or directory in /home/sandtof/public_html/themes/sandtofttheme/mobile/events.php on line 48 [11-May-2017 13:37:55 UTC] PHP Warning: include(): Failed opening 'eucookie.php' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/sandtof/public_html/themes/sandtofttheme/mobile/events.php on line 48 [11-May-2017 13:37:55 UTC] PHP Warning: include(imbeds/copyright.inc): failed to open stream: No such file or directory in /home/sandtof/public_html/themes/sandtofttheme/mobile/events.php on line 58 [11-May-2017 13:37:55 UTC] PHP Warning: include(): Failed opening 'imbeds/copyright.inc' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/sandtof/public_html/themes/sandtofttheme/mobile/events.php on line 58 [11-May-2017 13:37:55 UTC] PHP Warning: include(imbeds/analytics.inc): failed to open stream: No such file or directory in /home/sandtof/public_html/themes/sandtofttheme/mobile/events.php on line 62 [11-May-2017 13:37:55 UTC] PHP Warning: include(): Failed opening 'imbeds/analytics.inc' for inclusion (include_path='.:/opt/cpanel/ea-php56/root/usr/share/pear') in /home/sandtof/public_html/themes/sandtofttheme/mobile/events.php on line 62

exponentcms commented 4 years ago

Dave. How long can you work on this today please? I have been browsing around but am rather in the dark. Thanks. Peter.

exponentcms commented 4 years ago

I'm not available tomorrow until mid afternoon, so I really need to get this up and running tonight. If running your alternative security script caused it to crash the site, what could have been screwed up?

I've checked the database and run a repair, no problems identified.

Would a reinstall do any good?

exponentcms commented 4 years ago

Tonight I worked through permissions directly on the server - all of framework, themes, files, tmp. I have done external down as far as ckeditor, and need to complete the externals tomorrow. All changed / checked as 755. Filezilla kept hanging so often I gave up on that.

The site is back up. The original Authorisation Failed problem is still there. Please can you continue to investigate, I appreciate you have lots to do but after today's debacle I really do now need to get the site updated as a matter of urgency.

I guess you will also need to see why your little alternate routine totally screwed up the site. I shan't run that again!

Thank you.

exponentcms commented 4 years ago

This was apparently caused by a server configuration issue where the host provided greatly increased server security due to a perceived threat.

exponentcms commented 4 years ago

Lighthouse URL: https://exponentcms.lighthouseapp.com/projects/61783/tickets/1413