Access denied when accessing controller with Codeigniter

Asked

Viewed 658 times

2

I made an application with code Igniter and implemented a login screen. When logging in, the user is directed to the Dashboard screen. By clicking on any link on this screen, the "Access prohibited" message is displayed:

Acesso proibido

I did a check to understand what is the difference between the login screen (that works) and the other screens to understand the problem.

Login form:

  <div class="container">
<div class="card card-login mx-auto mt-5">
  <div class="card-header">Finanças</div>
  <div class="card-body">
    <form role="form" method="post" action="<?php echo site_url('login/auth');?>">
      <div class="form-group">
        <label for="login">Login</label>
        <input class="form-control c-form-control" id="login" name="username" type="text" aria-describedby="emailHelp">
      </div>
      <div class="form-group">
        <label for="password">Senha</label>
        <input class="form-control c-form-control" id="password" name="password" type="password">
      </div>
      <input type="submit" name="btnAcessar" value="Acessar" class="btn c-btn-login btn-block">
    </form>
    <div class="text-center">
      <a class="d-block c-a-style small mt-3" href="#">Esqueceu a senha?</a>
    </div>
  </div>
</div>

Method login/auth

public function auth() {

    //Captura da requisição os dados que vieram do formulario
    $username = $this->input->post('username');
    $password = $this->input->post('password');

    // Captura os dados do banco e valida com os da requisição
    $userInfo = $this->user_model->get_user($username);

    if(strtolower($username) == strtolower($userInfo["USERNAME"]) && md5($password) == $userInfo["PASSWORD"]){

        $data['username'] = $userInfo["USERNAME"];
        $data['name'] = $userInfo["NAME"];

        $this->session->set_userdata("user_logged", $username);
        $this->load->view('templates/system-header', $data);
        $this->load->view('pages/Dashboard', $data);
        $this->load->view('templates/system-footer');
    } else {
        echo "Usuário e/ou senha incorretos.";
    }
}

Example call to any screen within the application

<li class="nav-item" data-toggle="tooltip" data-placement="right" title="Titulos">
      <a class="nav-link call-content" href="<?php echo site_url('application/titulos');?>" value="pedidos">
        <i class="fa fa-fw fa-file-text-o"></i>
        <span class="nav-link-text">Titulos</span>
      </a>
    </li>

method Application/titles

public function titulos($page = 'titulos') {
    if (!file_exists(APPPATH.'views/pages/'.$page.'.php')) {
        show_404();
    }
    $this->load->view('templates/system-header', $data);
    $this->load->view('pages/titulos', $data);
    $this->load->view('templates/system-footer');
}

The framework itself generated a . htaccess file in the 'views' folder':

<IfModule authz_core_module>
    Require all denied
</IfModule>
<IfModule !authz_core_module>
    Deny from all
</IfModule>

and I have a . htaccess file at the root of the project to 'hide' the index.php of the url:

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?$1 [L]
</IfModule>

I think it’s important to say I’m wearing Septssion. Since the error screen is not formatted as Codeigniter does, I believe it is something with PHP or XAMPP that I am using. The directories have full access to read and write. I am using it locally on my Windows 10.

Any idea what it might be?

  • You use some . htacess file in the project?

  • @rray use yes, I will add to the question.

  • 1

    This seems to me user error or permission in the domain folder within /home on your server. Generally the permission for apache is 0755 gives a check on the file permissions and put there.

  • Look at the error on the server have to look mainly at these folders. application system index.php

  • has to be 644

  • It depends on whether the user of apache 0644 is on the user of the 0755 domain.This error ai is not from php is from apache httpd status 403 is when there is no file access permission.

  • The server worked well. I use Ubuntu 16.04 on Digitalocean. Permissions are set to 0755. Locally on Windows it does not work. The problem is with apache, php or Xampp permissions?

Show 2 more comments

1 answer

1


The error was in the config.php file, located in application/config/config.php. the variable $config['index_page'] was empty. I added the code below and the problem was fixed:

$config['index_page'] = 'index.php';

The . htaccess is not hiding the 'index.php' from the url, but this is a problem for another question.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.