Request denied error on upload and register user (Arvixe)

[mkerala]

I have one site running on Arvixe and found that the upload/user register is not working. I tried re-uploading all files again as mention in previous support threads. It worked for about 10 mins and the same error came back. This time re-uploading the files did not solve it.

Request denied
You either don't have permission to access this page or the link has expired.

Site: http://itspic.com

Could you please advise how resolve this issue?

 

[mkerala]

Just found that I can upload fine when I am logged in.

 

[Rodolfo]

Ask them to check if PHP sessions are working properly.

 

[mkerala]

Ask them to check if PHP sessions are working properly.

Already escalated with Arvixe [SUPPORT #LUN-290-66871].

Having lot of issue with Arvixe recently. Even FTP is not working.

 

[Rodolfo]

@greggarvixe can you check this?

 

[mkerala]

Quick update: I asked Arvixe to do a complete clean install and issue still persists. Now can't upload even after login.

 

[Rodolfo]

Thanks for the update, sadly at my end there's no much in which I can help because I don't manage those servers. However, I trust that Arvixe will fix this issue for you because they always provide support.

 

[mkerala]

Arvixe guys are now telling that they are able to upload.

I tried Chrome, Mozilla and IE same error. I asked my friends who are on a different IP/ISP and they also get the same error.

 

[Rodolfo]

I also can't upload. I'm seeing that sessions are working properly so maybe the issue is a wrong update procedure or another server issue like a conflicting library or something like that. It will help a lot if you can enable the debug mode and paste the results of the error_log file. https://chevereto.com/docs/debug

 

[mkerala]

I also can't upload. I'm seeing that sessions are working properly so maybe the issue is a wrong update procedure or another server issue like a conflicting library or something like that. It will help a lot if you can enable the debug mode and paste the results of the error_log file. https://chevereto.com/docs/debug

Thanks Rodolfo. Arvixe guy told he was able to upload 2 images while logged in as guest. Also this is currently a clean install not upgrade.

I will enable the debug if I can manage to login.

 

[mkerala]

Enabled debug level 3. error_log contained this.

[27-Aug-2015 09:05:20 America/Santiago] Request denied
[27-Aug-2015 09:17:25 America/Santiago] Request denied
[28-Aug-2015 10:46:33 America/Santiago] Request denied


Other observations:
1. Had to try two times to login
2. Able to upload image while logged in.
3. Able to upload as guest after admin account logout.

 

[Rodolfo]

Send me FTP info and a link to this topic, I will check it on Monday.

 

[mkerala]

Send me FTP info and a link to this topic, I will check it on Monday.

Thanks. I have emailed the details.

I am fed up with Arvixe. For the last one week nothing seems to work. First it was FTP. Had to fight them for days and raised with Q&A to get resolved. Another issue with new domain I added to Arvixe account is not working. I only took Arvixe to get Chevereto licence.

 

[mkerala]

No update from Arvixe since 29th Aug. Escalated to Q&A and they said no issues with server.

 

[Rodolfo]

I've checked your website and the problem is that your website is not setting PHPSESSID on load. On load Chevereto stores an auth_token, which is not being saved in your machine at all. I've noticed that the build date of your PHP is August 27th and it has memcache. I don't know if you build it or someone at Arvixe did it, but the problem seems related to memcache in the way that sessions are not being properly saved.

You can easily test this, here: lib/G/classes/class.handler.php

    /**
     * Returns the 40 char length safe request token
     */
    public static function getAuthToken() {
        $token = isset($_SESSION['G_auth_token']) ? $_SESSION['G_auth_token'] : random_string(40);
        $_SESSION['G_auth_token'] = $token;
        return $token;
    }

Change it to this:

    /**
     * Returns the 40 char length safe request token
     */
    public static function getAuthToken() {
        $token = isset($_SESSION['G_auth_token']) ? $_SESSION['G_auth_token'] : random_string(40);
        $_SESSION['G_auth_token'] = $token; debug($_SESSION);
        return $token;
    }

It should show you the session data. If not, then sessions are not working properly.

 

[mkerala]

I've checked your website and the problem is that your website is not setting PHPSESSID on load. On load Chevereto stores an auth_token, which is not being saved in your machine at all. I've noticed that the build date of your PHP is August 27th and it has memcache. I don't know if you build it or someone at Arvixe did it, but the problem seems related to memcache in the way that sessions are not being properly saved.

You can easily test this, here: lib/G/classes/class.handler.php

    /**
     * Returns the 40 char length safe request token
     */
    public static function getAuthToken() {
        $token = isset($_SESSION['G_auth_token']) ? $_SESSION['G_auth_token'] : random_string(40);
        $_SESSION['G_auth_token'] = $token;
        return $token;
    }

Change it to this:

    /**
     * Returns the 40 char length safe request token
     */
    public static function getAuthToken() {
        $token = isset($_SESSION['G_auth_token']) ? $_SESSION['G_auth_token'] : random_string(40);
        $_SESSION['G_auth_token'] = $token; debug($_SESSION);
        return $token;
    }

It should show you the session data. If not, then sessions are not working properly.

Thank you very much for your help.

The website and all settings were setup by Arvixe. Could you let me know what need to be change to fix this issue?

 

[Rodolfo]

Sadly I don't use memcache and the only feedback that I can give you is that is conflicting with PHP sessions. I've forwarded this issue to Arvixe and they should fix your website soon.

 

[mkerala]

Sadly I don't use memcache and the only feedback that I can give you is that is conflicting with PHP sessions. I've forwarded this issue to Arvixe and they should fix your website soon.

Thanks Rodolfo. You are always very helpful.

It has been over one week since this issue started and it took one week to make Arvixe replicate the issue.

 

[Rodolfo]

That is because the issue is extremely difficult to detect, even for me was hard to detect it. You have to understand that server setups could have million combinations and if something looks fine in a couple test then we assume than the thing is working.

When I was testing it didn't worked at the first time but on the second test it worked instantly, so most likely support didn't spotted that the problem is triggered on first load on a new session. I was able to spot that because I've saw it earlier in maybe 2 or 3 installations.

I know that is hard but you will need to wait a bit more.

 

[mkerala]

That is because the issue is extremely difficult to detect, even for me was hard to detect it. You have to understand that server setups could have million combinations and if something looks fine in a couple test then we assume than the thing is working.

When I was testing it didn't worked at the first time but on the second test it worked instantly, so most likely support didn't spotted that the problem is triggered on first load on a new session. I was able to spot that because I've saw it earlier in maybe 2 or 3 installations.

I know that is hard but you will need to wait a bit more.

Yes I can understand that. But the problem is Arvixe still haven't started investigating the issue. They rarely updates the support ticket. I got update today after 29th. All these days they were saying its working from there end. I had to ask them 3 times to try from another browser or computer to replicate the issue. After a week they replicated the issue and started investigation today.

Q&A just forwarded the ticket to scripts for yet another reinstall. I have forwarded your findings to them.