2
I made an application with code Igniter and implemented a login screen. When logging in, the user is directed to the Dashboard screen. By clicking on any link on this screen, the "Access prohibited" message is displayed:
I did a check to understand what is the difference between the login screen (that works) and the other screens to understand the problem.
Login form:
<div class="container">
<div class="card card-login mx-auto mt-5">
<div class="card-header">Finanças</div>
<div class="card-body">
<form role="form" method="post" action="<?php echo site_url('login/auth');?>">
<div class="form-group">
<label for="login">Login</label>
<input class="form-control c-form-control" id="login" name="username" type="text" aria-describedby="emailHelp">
</div>
<div class="form-group">
<label for="password">Senha</label>
<input class="form-control c-form-control" id="password" name="password" type="password">
</div>
<input type="submit" name="btnAcessar" value="Acessar" class="btn c-btn-login btn-block">
</form>
<div class="text-center">
<a class="d-block c-a-style small mt-3" href="#">Esqueceu a senha?</a>
</div>
</div>
</div>
Method login/auth
public function auth() {
//Captura da requisição os dados que vieram do formulario
$username = $this->input->post('username');
$password = $this->input->post('password');
// Captura os dados do banco e valida com os da requisição
$userInfo = $this->user_model->get_user($username);
if(strtolower($username) == strtolower($userInfo["USERNAME"]) && md5($password) == $userInfo["PASSWORD"]){
$data['username'] = $userInfo["USERNAME"];
$data['name'] = $userInfo["NAME"];
$this->session->set_userdata("user_logged", $username);
$this->load->view('templates/system-header', $data);
$this->load->view('pages/Dashboard', $data);
$this->load->view('templates/system-footer');
} else {
echo "Usuário e/ou senha incorretos.";
}
}
Example call to any screen within the application
<li class="nav-item" data-toggle="tooltip" data-placement="right" title="Titulos">
<a class="nav-link call-content" href="<?php echo site_url('application/titulos');?>" value="pedidos">
<i class="fa fa-fw fa-file-text-o"></i>
<span class="nav-link-text">Titulos</span>
</a>
</li>
method Application/titles
public function titulos($page = 'titulos') {
if (!file_exists(APPPATH.'views/pages/'.$page.'.php')) {
show_404();
}
$this->load->view('templates/system-header', $data);
$this->load->view('pages/titulos', $data);
$this->load->view('templates/system-footer');
}
The framework itself generated a . htaccess file in the 'views' folder':
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
and I have a . htaccess file at the root of the project to 'hide' the index.php of the url:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L]
</IfModule>
I think it’s important to say I’m wearing Septssion. Since the error screen is not formatted as Codeigniter does, I believe it is something with PHP or XAMPP that I am using. The directories have full access to read and write. I am using it locally on my Windows 10.
Any idea what it might be?
You use some . htacess file in the project?
– rray
@rray use yes, I will add to the question.
– Csorgo
This seems to me user error or permission in the domain folder within /home on your server. Generally the permission for apache is 0755 gives a check on the file permissions and put there.
– Rafael Salomão
Look at the error on the server have to look mainly at these folders. application system index.php
– Panda
has to be 644
– Panda
It depends on whether the user of apache 0644 is on the user of the 0755 domain.This error ai is not from php is from apache httpd status 403 is when there is no file access permission.
– Rafael Salomão
The server worked well. I use Ubuntu 16.04 on Digitalocean. Permissions are set to 0755. Locally on Windows it does not work. The problem is with apache, php or Xampp permissions?
– Csorgo