I can't upload certain images (although I definetely should be able to)

[Georgio1234]

Website URL
<private>

Chevereto version
3.10.5

Description of the issue
Hey. My problem is the following: I have only GIF images allowed on my website, max size - 10MB. Now whenever I upload a GIF on my website from another website (using links), it successfully uploads, no problems. Same happens when I upload a gif smaller than 1MB on my website from my PC. Still no problems, but whenever I try to upload a gif bigger than 1MB (remember the limit is 10MB, 10 times more), I get a error saying "No image have been uploaded" "Request denied". It happens after the image finishes uploading. So I think it's some kind of an image processing issue which doesn't occur on small gif-s, but it's a HUGE problem, considering 95% of gifs are more than 1MB. Please help me as soon as possible

P.S. I have GD library working fine, tested it on phpinfo.php

 

[Rodolfo]

There's no support on weekends so this will be reviewed on Monday.

In the meanwhile, try to debug the system on your own: https://chevereto.com/docs/debug

 

[Rodolfo]

I can't check this without the error log. Do please send the error log or server access to inbox@chevereto.com

 

[Georgio1234]

Do you need FTP access? or something else.

 

[Rodolfo]

I need either a ftp or these error logs.

 

[Georgio1234]

Ok, could you please start a private conversation? I'll send ftp details there

 

[Georgio1234]

[25-Nov-2017 08:24:21 America/Santiago] no email
[25-Nov-2017 14:34:28 America/Santiago] Request denied
[25-Nov-2017 14:35:00 America/Santiago] Request denied
[25-Nov-2017 15:01:42 America/Santiago] Request denied
[25-Nov-2017 15:03:29 America/Santiago] Request denied
[25-Nov-2017 15:09:29 America/Santiago] Request denied
[25-Nov-2017 15:33:48 America/Santiago] Request denied
[26-Nov-2017 09:39:53 America/Santiago] no email
[26-Nov-2017 12:48:04 America/Santiago] Request denied
[26-Nov-2017 12:48:57 America/Santiago] Request denied
[26-Nov-2017 12:52:01 America/Santiago] Request denied
[26-Nov-2017 12:53:45 America/Santiago] Request denied
[26-Nov-2017 12:56:19 America/Santiago] Request denied
[26-Nov-2017 13:03:44 America/Santiago] Request denied
[26-Nov-2017 21:59:33 Asia/Tbilisi] Request denied
[26-Nov-2017 22:15:20 America/Santiago] Request denied
[27-Nov-2017 17:02:28 Asia/Tbilisi] no email
[28-Nov-2017 09:34:34 Asia/Tbilisi] Request denied
[28-Nov-2017 10:03:47 America/Santiago] no email

This is the error log

 

[Rodolfo]

Thanks, but it seems that those won't work. Send me server access to inbox@chevereto.com

 

[Georgio1234]

I sent it on that e-mail address

 

[Rodolfo]

It seems that you configured PHP to use URL sessions and that conflicts with the $_REQUEST superglobal.

As an example, check this: https://demo.chevereto.com/json/?action=some

{
  "status_code": 400,
  "error": {
    "message": "Request denied",
    "code": 400,
    "context": "Exception"
  },
  "request": {
    "action": "some"
  },
  "status_txt": "Bad Request"
}

And compare it with the return that you get from your website:

{
  "status_code": 400,
  "error": {
    "message": "Request denied",
    "code": 400,
    "context": "Exception"
  },
  "request": {
    "action": "some",
    "PHPSESSID": "68b97XXXXXXXXXXXXXXXXXXX",
    "_ga": "GA1.2.2XXXXX",
    "_gid": "GA1.2.46XXXXXX"
  },
  "status_txt": "Bad Request"
}

Notice the extra PHPSESSID, _ga and _gid properties? Chevereto doesn't add those. Your PHP settings (or maybe something else) is messing with the superglobal and while it does that, it gets rid of auth_token (which is added when the system issues the XHR). You can check this by opening your website, opening your web inspector (from your web browser) and check the XHR request while you upload an image. You will notice how the payload includes the auth_token, but the $_REQUEST superglobal doesn't have this value. Is just not there.

FYI $_REQUEST contains $_POST, $_GET and $_COOKIE. In your case it only contains $_COOKIE so for me is clear that some php.ini setting is causing trouble here.

Chevereto uses the auth_token validate the request origin. Since the auth_token isn't there (due to $_REQUEST being altered) you don't send the auth_token and the system throws you that error.

I don't know how to fix that thing besides from setting
session.use_trans_sid to 0 in your php.ini settings and restart your server.

More info here: https://stackoverflow.com/questions...dding-phpsessid-fgh2h45-to-the-end-of-the-url

 

[Georgio1234]

_ga and _gid seem like Google Analytics variables. I've turned them on these last few days, but the problem was there even before I added Google Analytics in the footer. I can temporarily disable Analytics (get the value in chv_settings null again so no Analytics code will be on page) so you can see what causes the problem, or I can give you website access, cPanel, phpMyAdmin, anything. Just please make it work, otherwise the fact that I bought chevereto doesn't make sense for me if users (and I) won't be able to upload pictures 🙁

 

[Rodolfo]

I understand your frustration but you have to realize that the problem here is your server and I can't provide you with server support because is out of the scope. Remember that Chevereto is just a piece of software that runs on top of your server. Is not the whole website concept, just the outer software.

I already tried to inject the missing php.ini setting via php and it didn't work. I did that before replying you the previous message and when that happens the only thing left to do is to inform you what I found so you can share those findings with your hosting provider or server administrator. There will be always issues related to servers and most hosting providers will be able to work on this, you pay them for the hosting service and they must fix your machine.

Beware: Some hosting providers will tell you to death that the issue is the script and that they will argue that they have a perfect setup and that other scripts are fine. Some hosting providers do that to save support costs by throwing that responsibility to us. We can't bear that cost, it takes time to fix a server and Chevereto can't afford that.

If the hosting company doesn't help you, simply ask them for money back and find another provider until you get the support that they should provide you in the first place.

 

[Georgio1234]

Thanks for the answer. Have a look at this [my-website]/phpinfo.php it shows, that session.use_trans_sid is already set to 0. So it must be something else that causes the problem, what can I tell the hosting provider? Do you have any clues what can be the reason?

 

[Rodolfo]

No, I'm out of possible reasons for this. This is a server issue and your hosting provider must fix this for you.

 

[Georgio1234]

Hey, I talked with server support, it took a hour and they successfully fixed it 🙂 The error was really on the server side