403 forbidden error in custom module in magento -
i have custom module in magento, getting forbidden error below-
forbidden don't have permission access /index.php/custom/adminhtml_custom/save/id/73/key/46af940903ec3251359c2b5db00e8092/back/edit/ on server.
this problem coming after clicking on save or save , continue edit button.
here controller file have save function--
<?php class assel_custom_adminhtml_customcontroller extends mage_adminhtml_controller_action { protected function _initaction() { $this->loadlayout(); return $this; } public function indexaction() { $this->_initaction() ->_addcontent($this->getlayout()->createblock('custom/adminhtml_custom')) ->renderlayout(); } public function editaction() { $id = $this->getrequest()->getparam('id'); $model = mage::getmodel('custom/custom')->load($id); if ($model->getid() || $id == 0) { $data = mage::getsingleton('adminhtml/session')->getformdata(true); if (!empty($data)) { $model->setdata($data); } mage::register('custom_data', $model); $this->loadlayout(); $this->_setactivemenu('custom/items'); $this->_addbreadcrumb(mage::helper('adminhtml')->__('item manager'), mage::helper('adminhtml')->__('item manager')); $this->_addbreadcrumb(mage::helper('adminhtml')->__('item news'), mage::helper('adminhtml')->__('item news')); $this->getlayout()->getblock('head')->setcanloadextjs(true); $this->_addcontent($this->getlayout()->createblock('custom/adminhtml_custom_edit')); $this->renderlayout(); } else { mage::getsingleton('adminhtml/session')->adderror(mage::helper('custom')->__('item not exist')); $this->_redirect('adminhtml/cms_page/edit/',array('page_id' => $this->getrequest()->getparam('page_id'))); } } public function newaction() { $this->_forward('edit'); } public function saveaction() { $filedata = array(); $main_image = 'main_image'; $_helper = mage::helper('custom'); if (!empty($_files[$main_image]['name'])) { try { $ext = $_helper->getfileextension($_files[$main_image]['name']); $fname = 'file-' . time() . $ext; $uploader = new varien_file_uploader($main_image); #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip")); $uploader->setallowrenamefiles(true); $uploader->setfilesdispersion(false); $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds; $uploader->save($path, $_files[$main_image]['name']); $filedata[$main_image] = 'assel/custom/' . $_files[$main_image]['name']; } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); return; } } $backgrounddata = array(); $background_image = 'background_image'; if (!empty($_files[$background_image]['name'])) { try { $ext = $_helper->getfileextension($_files[$background_image]['name']); $fname = 'file-' . time() . $ext; $uploader = new varien_file_uploader($background_image); #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip")); $uploader->setallowrenamefiles(true); $uploader->setfilesdispersion(false); $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds; $uploader->save($path, $_files[$background_image]['name']); $backgrounddata[$background_image] = 'assel/custom/' . $_files[$background_image]['name']; } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); $this->_redirect('*/*/edit',array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); return; } } $thumbdata = array(); $thumb_image = 'thumb_image'; if (!empty($_files[$thumb_image]['name'])) { try { $ext = $_helper->getfileextension($_files[$thumb_image]['name']); $fname = 'file-' . time() . $ext; $uploader = new varien_file_uploader($thumb_image); #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip")); $uploader->setallowrenamefiles(true); $uploader->setfilesdispersion(false); $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds; $uploader->save($path, $_files[$thumb_image]['name']); $thumbdata[$thumb_image] = 'assel/custom/' . $_files[$thumb_image]['name']; } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); return; } } $circleimagedata = array(); $circle_image = 'circle_image'; if (!empty($_files[$circle_image]['name'])) { try { $ext = $_helper->getfileextension($_files[$circle_image]['name']); $fname = 'file-' . time() . $ext; $uploader = new varien_file_uploader($circle_image); #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip")); $uploader->setallowrenamefiles(true); $uploader->setfilesdispersion(false); $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds; $uploader->save($path, $_files[$circle_image]['name']); $circleimagedata[$circle_image] = 'assel/custom/' . $_files[$circle_image]['name']; } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); return; } } $audiodata = array(); $audio_file = 'audio'; if (!empty($_files[$audio_file]['name'])) { try { $ext = $_helper->getfileextension($_files[$audio_file]['name']); $fname = 'file-' . time() . $ext; $uploader = new varien_file_uploader($audio_file); $uploader->setallowedextensions(array("wmv","mp3")); $uploader->setallowrenamefiles(true); $uploader->setfilesdispersion(false); $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds; $uploader->save($path, $_files[$audio_file]['name']); $audiodata[$audio_file] = 'assel/custom/' . $_files[$audio_file]['name']; } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); return; } } if ($data = $this->getrequest()->getpost()) { if (!empty($filedata[$main_image])) { $data[$main_image] = $filedata[$main_image]; } else { if (isset($data[$main_image]['delete']) && $data[$main_image]['delete'] == 1) { if ($data[$main_image]['value'] != '') $this->removefile($data[$main_image]['value']); $data[$main_image] = ''; }else { unset($data[$main_image]); } } if (!empty($backgrounddata[$background_image])) { $data[$background_image] = $backgrounddata[$background_image]; } else { if (isset($data[$background_image]['delete']) && $data[$background_image]['delete'] == 1) { if ($data[$background_image]['value'] != '') $this->removefile($data[$background_image]['value']); $data[$background_image] = ''; }else { unset($data[$background_image]); } } if (!empty($thumbdata[$thumb_image])) { $data[$thumb_image] = $thumbdata[$thumb_image]; } else { if (isset($data[$thumb_image]['delete']) && $data[$thumb_image]['delete'] == 1) { if ($data[$thumb_image]['value'] != '') $this->removefile($data[$thumb_image]['value']); $data[$thumb_image] = ''; }else { unset($data[$thumb_image]); } } if (!empty($circleimagedata[$circle_image])) { $data[$circle_image] = $circleimagedata[$circle_image]; } else { if (isset($data[$circle_image]['delete']) && $data[$circle_image]['delete'] == 1) { if ($data[$circle_image]['value'] != '') $this->removefile($data[$circle_image]['value']); $data[$circle_image] = ''; }else { unset($data[$circle_image]); } } if (!empty($audiodata[$audio_file])) { $data[$audio_file] = $audiodata[$audio_file]; } else { if (isset($data[$audio_file]['delete']) && $data[$audio_file]['delete'] == 1) { if ($data[$audio_file]['value'] != '') $this->removefile($data[$audio_file]['value']); $data[$audio_file] = ''; }else { unset($data[$audio_file]); } } if($data['block_type'] == 16) { $page_id=$this->getrequest()->getparam('page_id'); $url= mage::helper('cms/page')->getpageurl($page_id); $char = mage::getmodel('character/character') -> getcollection(); $char->addfieldtofilter('name', $data['character']); foreach($char $character) { $id= $character->getdata('id'); } if($id) { $char = mage::getmodel('character/character')->load($id); $char->setlink($url)->save(); } } foreach ($data $key => $value) /* save configurable product id in array in database*/ { if (is_array($value)) { $data[$key] = implode(',',$this->getrequest()->getparam($key)); } } $model = mage::getmodel('custom/custom'); $model->setdata($data) ->setid($this->getrequest()->getparam('id')); try { $read = mage::getsingleton('core/resource')->getconnection('core_read'); $write = mage::getsingleton('core/resource')->getconnection('core_write'); //$data = $this->getrequest()->getpost(); $blockid=$this->getrequest()->getparam('id'); if(!isset($blockid) || $blockid=='') // check if new block { if($data['sort']=='') //check if contains 'sort' value { $resultarray1 = $read->fetchall("select * custom page_id ='".$data['page_id']."'"); $totalrow=count($resultarray1); $data['sort']=$resultarray1[$totalrow-1]['sort']; $data['sort']=$data['sort']+1; mage::log('ashu11'.$data['sort']); } else { $resultarray2 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort>='".$data['sort']."'"); if(count($resultarray2)>0) { foreach($resultarray2 $result) { $write->query("update custom set sort ='".++$data['sort']."' id='".$result['id']."'"); } } } } else { if($data['sort']=='') //check if contains 'sort' value { $resultarray3 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , id='".$blockid."'"); $totalrow=count($resultarray3); $data['sort']=$resultarray3[0]['sort']; } else { $resultarray4 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , id='".$blockid."'"); $sort1=$resultarray4[0]['sort']; $sort2=$data['sort']; if($sort2>$sort1)//downwoards { $resultarray5 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort >'".$sort1."' , sort<='".$sort2."'"); foreach($resultarray5 $result) { $write->query("update custom set sort ='".--$result['sort']."' id='".$result['id']."'"); } $write->query("update custom set sort ='".$sort2."' id='".$blockid."'"); } else { $resultarray7 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort<'".$sort1."' , sort>='".$sort2."'"); foreach($resultarray7 $result) { mage::log($result['id']); $write->query("update custom set sort ='".++$result['sort']."' id='".$result['id']."'"); } $resultarray6 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort='".$sort2."'"); $write->query("update custom set sort ='".$sort1."' id='".$blockid."'"); } } } $model->setdata($data) ->setid($this->getrequest()->getparam('id')); $model->save(); mage::getsingleton('adminhtml/session')->addsuccess(mage::helper('custom')->__('block saved')); mage::getsingleton('adminhtml/session')->setformdata(false); if ($this->getrequest()->getparam('back')) { $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $model->getid())); return; } $this->_redirect('adminhtml/cms_page/index/'); return; } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); mage::getsingleton('adminhtml/session')->setformdata($data); $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); return; } } mage::getsingleton('adminhtml/session')->adderror(mage::helper('custom')->__('unable find block save')); $this->_redirect('adminhtml/cms_page/index/'); } public function deleteaction() { if( $this->getrequest()->getparam('id') > 0 && $this->getrequest()->getparam('page_id')) { try { $read = mage::getsingleton('core/resource')->getconnection('core_read'); $write = mage::getsingleton('core/resource')->getconnection('core_write'); $sorttobedelete=$read->fetchone("select sort custom id='".$this->getrequest()->getparam('id')."'"); mage::log($sorttobedelete); $resultarray = $read->fetchall("select * custom page_id ='".$this->getrequest()->getparam('page_id')."' , sort >'".$sorttobedelete."'"); mage::log($resultarray); if(count($resultarray)>0) { foreach($resultarray $result) { $write->query("update custom set sort ='".--$result['sort']."' id='".$result['id']."'"); } } $model = mage::getmodel('custom/custom'); $model->setid($this->getrequest()->getparam('id')) ->delete(); mage::getsingleton('adminhtml/session')->addsuccess(mage::helper('adminhtml')->__('item deleted')); $this->_redirect('adminhtml/cms_page/index/'); } catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id'))); } } $this->_redirect('adminhtml/cms_page/index/'); } public function sortrowaction() { $currentindex=$this->getrequest()->getpost('curid'); $changedindex=$this->getrequest()->getpost('chaid'); $rowid=$this->getrequest()->getpost('rid'); $pageid=$this->getrequest()->getpost('pageid'); $output['currentindex'] = $currentindex; $output['changedindex'] = $changedindex; $output['rowid'] = $rowid; $output['pageid'] = $pageid; $output['ashu'] = "sdfds"; $read = mage::getsingleton('core/resource')->getconnection('core_read'); $write = mage::getsingleton('core/resource')->getconnection('core_write'); $sort1=$currentindex; $sort2=$changedindex; try { if($sort2>$sort1)//downwoards { $resultarray5 = $read->fetchall("select * custom page_id ='".$pageid."' , sort >'".$sort1."' , sort<='".$sort2."'"); foreach($resultarray5 $result) { $write->query("update custom set sort ='".--$result['sort']."' id='".$result['id']."'"); } $write->query("update custom set sort ='".$sort2."' id='".$rowid."'"); } else { $resultarray7 = $read->fetchall("select * custom page_id ='".$pageid."' , sort<'".$sort1."' , sort>='".$sort2."'"); foreach($resultarray7 $result) { $write->query("update custom set sort ='".++$result['sort']."' id='".$result['id']."'"); } $write->query("update custom set sort ='".$sort2."' id='".$rowid."'"); } }catch (exception $e) { mage::getsingleton('adminhtml/session')->adderror($e->getmessage()); mage::getsingleton('adminhtml/session')->setformdata($data); return; } $json = json_encode($output); $this->getresponse() ->clearheaders() ->setheader('content-type', 'application/json') ->setbody($json); } public function removefile($file) { $_helper = mage::helper('custom'); $file = $_helper->updatedirsepereator($file); $directory = mage::getbasedir('media') . ds . $file; $io = new varien_io_file(); $result = $io->rmdir($directory, true); } }
this code running on localhost on server. can't find out why nor working on actual server.
.htacess--
############################################ ## uncomment these lines cgi mode ## make sure specify correct cgi php binary file name ## might /cgi-bin/php-cgi # action php5-cgi /cgi-bin/php5-cgi # addhandler php5-cgi .php ############################################ ## godaddy specific options # options -multiviews ## might need add line php.ini ## cgi.fix_pathinfo = 1 ## if still doesn't work, rename php.ini php5.ini ############################################ ## line specific 1and1 hosting #addtype x-mapp-php5 .php #addhandler x-mapp-php5 .php ############################################ ## default index file directoryindex index.php <ifmodule mod_php5.c> ############################################ ## adjust memory limit # php_value memory_limit 64m php_value memory_limit 256m php_value max_execution_time 18000 ############################################ ## disable magic quotes php request vars php_flag magic_quotes_gpc off ############################################ ## disable automatic session start ## before autoload initialized php_flag session.auto_start off ############################################ ## enable resulting html compression #php_flag zlib.output_compression on ########################################### # disable user agent verification not break multiple image upload php_flag suhosin.session.cryptua off ########################################### # turn off compatibility php4 when dealing objects php_flag zend.ze1_compatibility_mode off </ifmodule> <ifmodule mod_security.c> ########################################### # disable post processing not break multiple image upload secfilterengine off secfilterscanpost off </ifmodule> <ifmodule mod_deflate.c> ############################################ ## enable apache served files compression ## http://developer.yahoo.com/performance/rules.html#gzip # insert filter on content ###setoutputfilter deflate # insert filter on selected content types #addoutputfilterbytype deflate text/html text/plain text/xml text/css text/javascript # netscape 4.x has problems... #browsermatch ^mozilla/4 gzip-only-text/html # netscape 4.06-4.08 have more problems #browsermatch ^mozilla/4\.0[678] no-gzip # msie masquerades netscape, fine #browsermatch \bmsie !no-gzip !gzip-only-text/html # don't compress images #setenvifnocase request_uri \.(?:gif|jpe?g|png)$ no-gzip dont-vary # make sure proxies don't deliver wrong content #header append vary user-agent env=!dont-vary </ifmodule> <ifmodule mod_ssl.c> ############################################ ## make https env vars available cgi mode ssloptions stdenvvars </ifmodule> <ifmodule mod_rewrite.c> ############################################ ## enable rewrites options +followsymlinks rewriteengine on ############################################ ## can put here magento root folder ## path relative web root #rewritebase /magento/ ############################################ ## uncomment next line enable light api calls processing # rewriterule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [qsa,l] ############################################ ## rewrite api2 calls api.php (by rest only) rewriterule ^api/rest api.php?type=rest [qsa,l] ############################################ ## workaround http authorization ## in cgi environment rewriterule .* - [e=http_authorization:%{http:authorization}] ############################################ ## trace , track http methods disabled prevent xss attacks rewritecond %{request_method} ^trac[ek] rewriterule .* - [l,r=405] ############################################ ## redirect mobile user agents #rewritecond %{request_uri} !^/mobiledirectoryhere/.*$ #rewritecond %{http_user_agent} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [nc] #rewriterule ^(.*)$ /mobiledirectoryhere/ [l,r=302] ############################################ ## send 404 on missing files in these folders rewritecond %{request_uri} !^/(media|skin|js)/ ############################################ ## never rewrite existing files, directories , links rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewritecond %{request_filename} !-l ############################################ ## rewrite else index.php rewriterule .* index.php [l] </ifmodule> ############################################ ## prevent character encoding issues server overrides ## if still have problems, use second line instead adddefaultcharset off #adddefaultcharset utf-8 <ifmodule mod_expires.c> ############################################ ## add default expires header ## http://developer.yahoo.com/performance/rules.html#expires expiresdefault "access plus 1 year" </ifmodule> ############################################ ## default allow access order allow,deny allow ########################################### ## deny access release notes prevent disclosure of installed magento version <files release_notes.txt> order allow,deny deny </files> ############################################ ## if running in cluster environment, uncomment ## http://developer.yahoo.com/performance/rules.html#etags #fileetag none
can me pls find out issue.
Comments
Post a Comment