Just does not upload files at all. Always get error message "403 Forbidden" for every file I try to upload.

Created a single file upload using the exact same settings (with Pure php upload 2.1.8 ) and that works fine.

Permissions for destination folder set to 777

Did have htaccess file imposing password protection on the folder with the upload pages on. Removed this to see if it helped but it didn't.

Two files reproduced below:

multipics.php

<?php require_once('../ScriptLibrary/incPureUpload.php'); ?>
<?php
// Pure PHP Upload 2.1.8
$ppu = new pureFileUpload();
$ppu->path = "../images/clientpics/multipics";
$ppu->extensions = "GIF,JPG,JPEG,BMP,PNG";
$ppu->formName = "UploadQueue";
$ppu->storeType = "file";
$ppu->sizeLimit = "";
$ppu->nameConflict = "uniq";
$ppu->requireUpload = "false";
$ppu->minWidth = "";
$ppu->minHeight = "";
$ppu->maxWidth = "";
$ppu->maxHeight = "";
$ppu->saveWidth = "";
$ppu->saveHeight = "";
$ppu->timeout = "600";
$ppu->progressBar = "";
$ppu->progressWidth = "";
$ppu->progressHeight = "";
$ppu->redirectURL = "";
$ppu->checkVersion("2.1.8" ) ;
$ppu->doUpload();

if (isset($editFormAction)) {
if (isset($_SERVER['QUERY_STRING'])) {
if (!eregi("GP_upload=true", $_SERVER['QUERY_STRING'])) {
$editFormAction .= "&GP_upload=true";
}
} else {
$editFormAction .= "?GP_upload=true";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script language='JavaScript' src='../ScriptLibrary/incPureUpload.js' type="text/javascript"></script>
</head>

<body>
<form action="<?php echo $GP_uploadAction; ?>" method="post" enctype="multipart/form-data" name="UploadQueue" id="UploadQueue" onsubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,'','','','','','','');return document.MM_returnValue">
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,63,0" name="upload1" width="550" height="350" align="middle" id="upload1">
<param name="FlashVars" value="url=<?php echo urlencode($GP_uploadAction); ?>&formName=UploadQueue&allowedExtensions=GIF,JPG,JPEG,BMP,PNG"&redirecturl=".$ppu->redirectURL;}?>" />
<param name="movie" value="dmxMultiUploader.swf" />
<param name="quality" value="best" />
<param name="wmode" value="transparent" />
<embed src="dmxMultiUploader.swf" name="upload1" quality="best" flashvars="url=<?php echo urlencode($GP_uploadAction); ?>&formName=UploadQueue&allowedExtensions=GIF,JPG,JPEG,BMP,PNG"&redirecturl=".$ppu->redirectURL;}?>" wmode="transparent" type="application/x-shockwave-flash" width="550" height="350" pluginspage="www.macromedia.com/go/getflashplayer" />
</object>
<input name="Filename" type="file" style="display:none" onchange="checkOneFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',true,'','','','','','','')" />
<input type="hidden" name="Filedata" />
<script type="text/javascript">window.upload1 = document.forms["UploadQueue"].upload1;</script>
</form>
</body>
</html>

==========================================

singlepic.php

<?php require_once('../ScriptLibrary/incPureUpload.php'); ?>
<?php
// Pure PHP Upload 2.1.8
$ppu = new pureFileUpload();
$ppu->path = "../images/clientpics/multipics";
$ppu->extensions = "GIF,JPG,JPEG,BMP,PNG";
$ppu->formName = "UploadQueue";
$ppu->storeType = "file";
$ppu->sizeLimit = "";
$ppu->nameConflict = "uniq";
$ppu->requireUpload = "false";
$ppu->minWidth = "";
$ppu->minHeight = "";
$ppu->maxWidth = "";
$ppu->maxHeight = "";
$ppu->saveWidth = "";
$ppu->saveHeight = "";
$ppu->timeout = "600";
$ppu->progressBar = "";
$ppu->progressWidth = "";
$ppu->progressHeight = "";
$ppu->redirectURL = "";
$ppu->checkVersion("2.1.8" ) ;
$ppu->doUpload();

if (isset($editFormAction)) {
if (isset($_SERVER['QUERY_STRING'])) {
if (!eregi("GP_upload=true", $_SERVER['QUERY_STRING'])) {
$editFormAction .= "&GP_upload=true";
}
} else {
$editFormAction .= "?GP_upload=true";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script language='JavaScript' src='../ScriptLibrary/incPureUpload.js' type="text/javascript"></script>
</head>

<body>
<form action="<?php echo $GP_uploadAction; ?>" method="post" enctype="multipart/form-data" name="UploadQueue" id="UploadQueue" onsubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',false,'','','','','','','');return document.MM_returnValue">
<input name="fileField" type="file" id="fileField" onchange="checkOneFileUpload(this,'GIF,JPG,JPEG,BMP,PNG',false,'','','','','','','')" />
<input type="submit" name="button" id="button" value="Submit" />
</form>
</body>
</html>

========================================

Please help

Bruce

Hello Bruce,

Do you have any user sessions restrictions or restrict access to page? If yes - please remove them.
Advanced Multi Uploader is a flash component that processes your files. It uses a new session for every new file.

Thanks for the reply

I don't have any sessions running at all and although the folder is protected using .htaccess I disabled that and it still didn't work.

Just to make sure I've now created uploaded the files to a brand new folder which never had .htaccess protection on it and I'm still getting the same error.

Dear Bruce,

Is this a Remote server you are using? Try on local machine server or on another server without any htaccess restrictions.
Check also this article: www.dmxzone.com/go?1425

OK, it looks like it's failing on any domain on my reseller account with United Hosting. Don't understand the relevance of the link you sent me about .htaccess though. That just seems to be about redirecting 404 errors. How does that affect my problem? Will modifying a .htaccess file somewhere on my server solve it? Or is it the fact that .htaccess appears at all on my server that is causing it?

Please contact your hosting provider and ask if there are any user sessions restrictions.

OK, checking that now. Will get back to you

Bruce

OK, they've got it fixed now. For the record, the problem and solution is below in case anyone else has this problem:

===========================

Hi Bruce,

I have dug through the error logs and found that the error was due to mod_security blocking the access.
--------
[Thu May 14 12:12:56 2009] [error] [client (restricting this information)] mod_security: Access denied with code 403. Error processing request body: Multipart: final boundar
y missing [severity "EMERGENCY"] [hostname "(restricting this information)"] [uri "/testupload/multipics.php?&GP_upload=true"]

I have now disabled mod_Security for the site by adding the following to the .htaccess file. Could you please try now?
---------
SecFilterEngine Off
SecFilterScanPOST Off

Regards,
Murali
UH Support

===========================


Thanks for the help in sorting this out for me

Bruce

We're happy to hear that the problem is solved and now you can use the extension as you like

Thanks

One last thing. Queried the hosting company about the use of mod_Security and they replied as follows:

Hi Bruce,

Mod_security is an apache module which gives you the ability to scan ALL messages received by your website, including POST, Trackbacks, Pings, Ajax XMLHTTP calls, etc. It lets you create your own rules so that you can stop spam and prevent web application, protocol, and server attacks.

If you can make your site working with mod_security that would be good.

Regards,
Murali
UH Support

====

With this in mind, don't know if it's something you guys want to look into from your side. I've not seen this problem mentioned elsewhere in the support forum so I'm wondering if it's an issue with a particular version of mod_Security.

Anyway, will leave it up to you if you want to check it out.

cheers
bruce

Hello Bruce,

That is a valuable feedback and we will check on that so we can make our products better for you. Thank You.

Regards,