Community Support for OpenDocMan (Deprecated)
403 Access Forbidden by CSRFProtector! again - Printable Version

+- Community Support for OpenDocMan (Deprecated) (https://forum.opendocman.com)
+-- Forum: OpenDocMan Community Discussion (https://forum.opendocman.com/forum-5.html)
+--- Forum: OpenDocMan Support - Community Based (https://forum.opendocman.com/forum-6.html)
+--- Thread: 403 Access Forbidden by CSRFProtector! again (/thread-961.html)



403 Access Forbidden by CSRFProtector! again - nasko - 09-28-2016

Hi!

I am sorry, but the other thread is closed. I am getting the same message when I am logging in from a workstation different from /localhost. When logged on /localhost, everything is working fine. There are some warnings and notices in the error.log file, but nothing from CSRFProtector.php.

Also during the installation there where some problems, but I've solved them. I have not checked are they discussed, so excuse me if I am duplicating:

/install/setup-config.php, line 133
$pieces = split('/',$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']));

split() function deprecated, changed to

$pieces = explode('/',$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']));

/install/odm.php, line 310

$query = "CREATE TABLE IF NOT EXISTS `{$dbprefix}settings` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT ,
`name` VARCHAR( 255 ) NOT NULL ,
`value` VARCHAR( 255 ) NOT NULL ,
`description` VARCHAR( 255 ) NOT NULL ,
`validation` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
UNIQUE ( `name` )
) ENGINE = MYISAM";

changed to

$query = "CREATE TABLE IF NOT EXISTS `opendocman`.`{$dbprefix}settings` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT ,
`name` VARCHAR(255) NOT NULL ,
`value` VARCHAR(255) NOT NULL ,
`description` VARCHAR(255) NOT NULL ,
`validation` VARCHAR(255) NOT NULL ,
PRIMARY KEY (`id`),
UNIQUE (`name`)
) ENGINE = MyISAM CHARSET=utf8 COLLATE utf8_bin";

and installation finished successfully.

I have installed the system on two test servers, running Ubuntu 16.04 (64-bit), and I am getting the same error on both. Can you help?

Thank you for the efforts.


RE: 403 Access Forbidden by CSRFProtector! again - Titan - 01-26-2017

You have done me a great service Nasko. I have been setting up the config file by editing the config-sample.php and importing the database.sql file in my attempts to set this up on Ubuntu 16.04. Unfortunately I'm also having theĀ 403 Access Forbidden by CSRFProtector! when trying to log in. I'm hoping we get to the bottom of this. When I look in the /var/log/apache2/access.log I see this entry when I try to log in :"POST /odm/index.php HTTP/1.1" 403 331 "http://10.10.10.20/odm/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" but I see nothing in the error.log.



RE: 403 Access Forbidden by CSRFProtector! again - drachenreiter1968 - 02-23-2017

Hi,

I just installed OpenDocMan in my local network and had the same problem.

The problem got solved by changing a value in the OPenDocMan MySQL-Database.
Table: 'opm_settings'
Field Name: 'base_url'

The value should be the actual address which you use to access OpenDocMan from another machine:

e.g. 'http://testnetwork.net/opendocman/

I used 'PHPMyAdmin' to manipulate the data in the database.

I hope it solves your problem.


RE: 403 Access Forbidden by CSRFProtector! again - mensahy - 05-08-2017

hello, I want to access Opendocman on my computer system from another computer system on a network using the IP address of my computer system but it showed me this massage 403 Access Forbidden by CSRFProtector! how can I fix this?

this is how my csrf_config.php page looks like.
<?php
/**
* Configuration file for CSRF Protector
* Necessary configurations are (library would throw exception otherwise)
* ---- logDirectory
* ---- failedAuthAction
* ---- jsPath
* ---- jsUrl
* ---- tokenLength
*/
return array(
"CSRFP_TOKEN" => "50",
"logDirectory" => "../log",
"failedAuthAction" => array(
"GET" => 0,
"POST" => 0),
"errorRedirectionPage" => "",
"customErrorMessage" => "",
"jsPath" => "vendor/owasp/csrf-protector-php/js/csrfprotector.js",
"jsUrl" => "http://localhost/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
"tokenLength" => 50,
"disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
See details of your web browser for how to enable JavaScript.",
"verifyGetFor" => array()
);