Answered Request denied

  • Notice: New feature requests and suggestions won't be considered for Chevereto development at this time. Learn more.

kuna199

Core license
Aug 5, 2017
18
1
53
India
#1
Website URL
<private>

Chevereto version
3.10.12

Description of the issue
I unable to login my admin panel when i try to login it show

Request denied
You either don't have permission to access this page or the link has expired.

When I try to login as a user it show also unable to upload any image.
 

Rodolfo

Chevereto Guru
Staff member
Oct 7, 2008
15,483
3,846
237
Chevereto HQ
rodolfoberrios.com
#3
Hello, Are you there ? Kindly quickly look over my problem.
I'm not anywhere near a computer but I will check this today soon as I'm able to.

P.S. Please remember that support runs only on weekdays and you posted this at 10 pm last Friday.
 

Rodolfo

Chevereto Guru
Staff member
Oct 7, 2008
15,483
3,846
237
Chevereto HQ
rodolfoberrios.com
#4
There are two problems in your website.

1. Sessions are not handled properly. To check this, do the following:
- Open your website, then open the browser console (F12), enter this code and then hit enter.
Code:
PF.obj.config.auth_token
You will get the auth_token value, which is like the signature of each visitor.
- Repeat the first step, you will notice that the auth_token value changes.

The system checks if sessions are working properly (save), but the system can't tell when the session value is the actual value needed or not (read). In other words, the system can't tell when your server isn't working properly. You should always get the same PF.obj.config.auth_token value for your current browsing session. You can check this on the demo which should always return the same signature.

Most likely you have a session cache issue? Maybe you tweaked how sessions work in your webserver? In any case, please note that your server tweaking is on your own and it is outside the scope of support to fix your server for you.

Pay attention to the bottom of this documentation https://chevereto.com/docs/server-issues where you will learn how to use a different session save path (it will help you to determine if the issue is related to permissions or not).

2. You used HTML code as JS code.

I got this on L35

1523909363482.png

The code looks like this:

1523909409117.png

This is not JS code, it is HTML code:
HTML:
<script src="//luckypushh.com/ntfc.php?p=1602141"data-cfasync="false"async></script>
You may want to add that custom HTML code as hook. https://chevereto.com/docs/theme