403 Forbidden in FreePBX UCP

coobic · March 15, 2015, 11:04am

Hi Guys,

I have two issues with FreePBX UCP 12:

Sometimes - 403 Forbidden in index.php after user push Login button.

From Chrome debugger
token:9c5c48989d40c578bb291bf6ba6db7e9
username:XXX
password:XXX
email:
quietmode:1
module:User
command:login

Error is:

I`m found error point in Session.class.php

        function verifyToken($id='default') {
                $this->startSession();
                if(!isset($_SESSION[$this->prefix.$id.'_token'])) { // HERE
                        return false;
                }

But i cannot understand why sometime error exist and sometime not (i`m newbie in php).

403 Forbidden in index.php after logout with (http://x.y.z.w/?logout=1).

When user try to Login after Logoff - 403 Forbidden always returned.
When user change URL: cut ‘?logout=1’ and reload page - Login successful.

PS. I`m developing small module for UCP, but these errors exist before i make changes in code.

Any help anyone can provide would be very much appreciated.
Many thanks in advance.

GameGamer43 · March 18, 2015, 7:41pm

@coobic, What version of UCP are you using? The reason I ask is because this was an issue early on when UCP was in early stages of development but should no longer be an issue. If you are not already using the latest version of UCP, can you please upgrade and see if that helps.

Also as you are developing a custom module, ensure you are using pjax within UCP or you can end up with issues like what you are describing.

coobic · March 22, 2015, 1:46pm

@GameGamer43, many thanks for answer.
Version of UCP is 12.0.9, i`m include ChromeLogger to UCP for PHP debugging and see strange issues (UCP_login_token sometimes null and sometimes differ from token in POST).
I will try to update to latest 12.0.11 tomorrow, but i want to find root cause of 403 for my ‘php’ knowledges.

Yes, i`m using pjax (‘data-pjax’ and custom handlers for my classes) - it work perfectly.

coobic · March 26, 2015, 6:14am

@GameGamer43, i`m found root cause of 403 - token is not verified in function

 function verifyToken($id='default') {

because session in php could not start (!headers_sent) - its output buffering "issue". Session could not start because im added some comments and 3 lines with css styles to “views/header.php”.
Increase output_buffering parameter in php.ini to 8192 (or erase my comments and correct style include via less ) is eliminate the problem.
I don`t think that this issue is interesting for you, but for community and for history
Topic is closed.