Forbidden page problem after updating..

[chibib0]

I got this Forbidden error page while updating a link in a mysql table.
For example, I would like to update the tracker.css URL link in my profile info, after clicking the update button i got this:

Forbidden
You don't have permission to access /update-profileck.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at mysite.com Port 80

But if I input a text/word like "test" = it works
but if a URL link like "http://domain.com/test/tracker.css" = forbidden error.


here is the php code of update-profileck.php,

<?
include "include/session.php";

include "include/z_db.php";
//////////////////////////////

/*
while (list ($key,$val) = each ($_POST)) {
$$key = $val;
}
*/

?>
<!doctype html public "-//w3c//dtd html 3.2//en">

<html>

<head>
<title>(Type a title for your page here)</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>

<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">
<?
$todo=$_POST['todo'];
$name=$_POST['name'];
$css=$_POST['css'];
$email=$_POST['email'];
$sex=$_POST['sex'];
// check the login details of the user and stop execution if not logged in
require "check.php";

if(isset($todo) and $todo=="update-profile"){

// set the flags for validation and messages
$status = "OK";
$msg="";

// if name is less than 5 char then status is not ok
if (strlen($name) < 5) {
$msg=$msg."Your name  must be more than 5 char length<BR>";
$status= "NOTOK";}    

if (strlen($css) < 5) {
$msg=$msg."Your new CSS Link must be more than 5 char length<BR>";
$status= "NOTOK";}

if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // if all validations are passed.
if(mysql_query("update users set email='$email',name='$name',css='$css',sex='$sex' where CONVERT(`users`.`userid` USING utf8)='$_SESSION[userid]'")){
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
}else{echo "<font face='Verdana' size='2' color=red>There is some problem in updating your profile. Please contact site admin<br></font>";}
}}

require "bottom.php";
?>

</body>

</html>

I already CHMOD the file to 777 and 755 and i still get this error.
After and during the upgrades/updates, I and my users encounter this problem sometimes. Any help?

 

[tittat]

Can you please post here what your cpanel error log says...
Go to cpanel>>Error logs.
Have tried CHMODing update-profileck.php to 644 ???

 

[LongJohnnyE]

I have this same error. When I try to go to /lib/ajax/handler.php (for example) I get a 403 error. I can access .html files in there, but not .php.

 

[kbjradmin]

like tittat said, check the file permissions, and if you don't have permission to access the files in the way you want, use CHMOD.

 

[LongJohnnyE]

I checked that, all the perms for the files I'm trying to get to are 755. I've checked my error logs in cPanel, and after I created my own 403 Error document handler, I'm not getting any more error messages in that console.

I've also tried adding "allow from all" in a .htaccess file in the directory I'm looking into.

However, I still can't load the files. Also, what I am trying to do is load the file inside an iframe. I'm having no problems with the exterior files, but anything inside the iframe returns a 403.

Here is the url I am attempting to call inside the iframe:

/fbapp/ajax/statistics.php?fb_sig_in_iframe=1&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=12347548.3397&fb_sig_added=1&fb_sig_profile_update_time=12317371&fb_sig_expires=0&fb_sig_user=1311519&fb_sig_session_key=23e5b73f8398f92e6dbc8-1311519&fb_sig_ss=18e51f3427b563e45557373f25a1ddaa&fb_sig_ext_perms=offline_access%2Cemail&fb_sig_api_key=ccc6231d773b5121726deee94cee&fb_sig_app_id=403236&fb_sig=7f0e95632dfcb4120c26c75655fb

I'd really appreciate any guidance with this.

When I try linking directly to the link, I get the same 403 error and the server adds an auth_token to the end of the link.

?auth_token=6cf72bed07760844c9cc77029a0dee

Edit:
I believe mod_security to be the culprit behind my problems. I've submitted a ticket asking for it to be disabled or facebook.com whitelisted for my account (the problem is that facebook acts as a proxy and pulls the page from my account to display to users).

Any tips?

 

[kbjradmin]

first, unless you absolutely have to (which you generally don't), you shouldn't use iframes, they are a horrible invention and should be removed from HTML all together.

second, i don't know how easy that will be. if you're trying to take a page from your account, you would need to authenticate yourself as being yourself, and i don't know if that can be done through an iframe (it probably can, but i have no idea how, and its probably more trouble than its worth).