Dizkus

I searched the forums for "Access Denied" issues, and found several solutions.. this is one of them http://forums.postnuke.com/index.php?name=PNphpBB2&file=viewtopic&t=28803&highlight=access+denied+module

I'm missing something, as none of the code changes I've tried has worked.
The module works on my test machine (old win ninety-eight) but won't load on the hosting server:

Hosting server info:
Linux t-rex 2.4.20-29.7
Apache 1.3.33
PHP 4.3.10
magic_quotes_gpc/runtime/sybase all are OFF
register_globals OFF
PostNuke .750 (just upgraded from 726 yesterday)
PostNuke Settings Enable support for legacy modules YES
Module in question has pn_admin_capable set to 1
My ID is in the Admin group
URL I'm using to get to the module:
http://www.thedomain.com/admin.php?module=moduleinquestion&op=main
Browser is Firefox and has cookies set to be accepted from all sites

I've tried all the following, commenting out one and trying another and I always get the Access denied or You can't access error message.

1. Original Module Code:
if (!defined('LOADED_AS_MODULE')) {
die ('Access Denied');
}

2. Next I tried:
if (!eregi("admin.php", $_SERVER['PHP_SELF'])) {
die (""._NOPERMISSION."");
}

3. Next try:
if (strpos($_SERVER['SCRIPT_NAME'], 'admin.php')) {
die ("You can't access this file directly...");
}

4. Next try:
Created a file personal_config.php and put it in the root HTML directory. This file contained the following:


5. Next try:
commented out all the above and renamed the personal_config.php to personal_config_txt.php. I still get the Access denied message. This makes me wonder if there is something else I should be considering but haven't.

Perplexed,
beckysue

You can let the original code as it was and fix it with exactly the same change that I gave for the EnvoAvatar module here : http://forums.postnu…e=viewtopic&t=35751
You can also upgrade to PostNuke .760 because it has this fix already applied. But as the current state of .760 is still Release Candidate I suggest that you stick with my fix for the moment.
Of course this is a patch of a core file but you can be assured it has no adverse effect and don't create any security hole.

--
Visit my live reef aquarium.

My Amazon wish list.

I began echoing out the value of the variables and found:

server[script name] /admin.php
server[phpself] /admin.php

As long as I change the check to be against /admin.php instead of admin.php it will bypass this error check, but I still get Access Denied when all other conditions are commented out.

So far the only thing that has given me the screen is:

$dbconn =& pnDBGetConn(true);

$result = pnModAvailable($modinfo['books']);
if ($result = true){
define('LOADED_AS_MODULE','1');
} else define('LOADED_AS_MODULE','0');

if (!defined('LOADED_AS_MODULE')) {
die ('Access Denied');
}

I can't get it to work unless I put the pnmodavailable value in a variable and explictly check again before I set the LOADED_AS_MODULE variable.
The original module didn't have to have all this extra code up top.

Very curious as to why this is happening.

I checked my root level admin file and it already had the code in it that you recommended.
<quote>
// set a constant so we can check the correct entry point later
define('LOADED_AS_MODULE','1');
<end quote="quote">
and it was sitting where it needed to be.

So, somehow it is still ignoring that variable for this module.

I remain confused, but constant in my direction to finish this third-party module!</end></quote>

Hello,
judging by your answer you are trying this on the books module, true ? Maybe you will be interestred to know that I have an improved version available (currently in beta-test) PM me inf you are interested in participating the beta-test of books .750.
The fix I gave in my previous message still hold for books .721 or .750

--
Visit my live reef aquarium.

My Amazon wish list.