403 forbidden error in custom module in magento -


i have custom module in magento, getting forbidden error below-

forbidden  don't have permission access /index.php/custom/adminhtml_custom/save/id/73/key/46af940903ec3251359c2b5db00e8092/back/edit/ on server. 

this problem coming after clicking on save or save , continue edit button.

here controller file have save function--

<?php class assel_custom_adminhtml_customcontroller extends mage_adminhtml_controller_action {      protected function _initaction() {         $this->loadlayout();         return $this;     }         public function indexaction() {         $this->_initaction()             ->_addcontent($this->getlayout()->createblock('custom/adminhtml_custom'))             ->renderlayout();     }      public function editaction() {         $id     = $this->getrequest()->getparam('id');         $model  = mage::getmodel('custom/custom')->load($id);          if ($model->getid() || $id == 0) {             $data = mage::getsingleton('adminhtml/session')->getformdata(true);             if (!empty($data)) {                 $model->setdata($data);             }              mage::register('custom_data', $model);              $this->loadlayout();             $this->_setactivemenu('custom/items');              $this->_addbreadcrumb(mage::helper('adminhtml')->__('item manager'), mage::helper('adminhtml')->__('item manager'));             $this->_addbreadcrumb(mage::helper('adminhtml')->__('item news'), mage::helper('adminhtml')->__('item news'));              $this->getlayout()->getblock('head')->setcanloadextjs(true);              $this->_addcontent($this->getlayout()->createblock('custom/adminhtml_custom_edit'));              $this->renderlayout();         } else {             mage::getsingleton('adminhtml/session')->adderror(mage::helper('custom')->__('item not exist'));             $this->_redirect('adminhtml/cms_page/edit/',array('page_id' => $this->getrequest()->getparam('page_id')));         }     }      public function newaction() {         $this->_forward('edit');     }      public function saveaction()      {         $filedata = array();         $main_image = 'main_image';          $_helper = mage::helper('custom');         if (!empty($_files[$main_image]['name'])) {             try {                 $ext = $_helper->getfileextension($_files[$main_image]['name']);                 $fname = 'file-' . time() . $ext;                 $uploader = new varien_file_uploader($main_image);                 #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip"));                  $uploader->setallowrenamefiles(true);                 $uploader->setfilesdispersion(false);                  $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds;                  $uploader->save($path, $_files[$main_image]['name']);                  $filedata[$main_image] = 'assel/custom/' . $_files[$main_image]['name'];             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));                 return;             }         }         $backgrounddata = array();         $background_image = 'background_image';         if (!empty($_files[$background_image]['name'])) {             try {                 $ext = $_helper->getfileextension($_files[$background_image]['name']);                 $fname = 'file-' . time() . $ext;                 $uploader = new varien_file_uploader($background_image);                 #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip"));                  $uploader->setallowrenamefiles(true);                 $uploader->setfilesdispersion(false);                  $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds;                  $uploader->save($path, $_files[$background_image]['name']);                  $backgrounddata[$background_image] = 'assel/custom/' . $_files[$background_image]['name'];             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 $this->_redirect('*/*/edit',array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));                 return;             }         }          $thumbdata = array();         $thumb_image = 'thumb_image';         if (!empty($_files[$thumb_image]['name'])) {             try {                 $ext = $_helper->getfileextension($_files[$thumb_image]['name']);                 $fname = 'file-' . time() . $ext;                 $uploader = new varien_file_uploader($thumb_image);                 #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip"));                  $uploader->setallowrenamefiles(true);                 $uploader->setfilesdispersion(false);                  $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds;                  $uploader->save($path, $_files[$thumb_image]['name']);                  $thumbdata[$thumb_image] = 'assel/custom/' . $_files[$thumb_image]['name'];             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));                 return;             }         }           $circleimagedata = array();         $circle_image = 'circle_image';         if (!empty($_files[$circle_image]['name'])) {             try {                 $ext = $_helper->getfileextension($_files[$circle_image]['name']);                 $fname = 'file-' . time() . $ext;                 $uploader = new varien_file_uploader($circle_image);                 #$uploader->setallowedextensions(array("txt", "csv", "htm", "html", "xml", "css", "doc", "docx", "xls", "xlsx", "rtf", "ppt", "pdf", "swf", "flv", "avi", "wmv", "mov", "wav", "mp3", "jpg", "jpeg", "gif", "png","zip"));                  $uploader->setallowrenamefiles(true);                 $uploader->setfilesdispersion(false);                  $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds;                  $uploader->save($path, $_files[$circle_image]['name']);                  $circleimagedata[$circle_image] = 'assel/custom/' . $_files[$circle_image]['name'];             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));                 return;             }         }          $audiodata = array();         $audio_file = 'audio';         if (!empty($_files[$audio_file]['name'])) {             try {                 $ext = $_helper->getfileextension($_files[$audio_file]['name']);                 $fname = 'file-' . time() . $ext;                 $uploader = new varien_file_uploader($audio_file);                 $uploader->setallowedextensions(array("wmv","mp3"));                  $uploader->setallowrenamefiles(true);                 $uploader->setfilesdispersion(false);                  $path = mage::getbasedir('media') . ds . 'assel' . ds. 'custom' . ds;                  $uploader->save($path, $_files[$audio_file]['name']);                  $audiodata[$audio_file] = 'assel/custom/' . $_files[$audio_file]['name'];             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));                 return;             }         }          if ($data = $this->getrequest()->getpost()) {              if (!empty($filedata[$main_image])) {                 $data[$main_image] = $filedata[$main_image];             } else {                 if (isset($data[$main_image]['delete']) && $data[$main_image]['delete'] == 1) {                     if ($data[$main_image]['value'] != '')                         $this->removefile($data[$main_image]['value']);                     $data[$main_image] = '';                 }else {                     unset($data[$main_image]);                 }             }              if (!empty($backgrounddata[$background_image])) {                 $data[$background_image] = $backgrounddata[$background_image];             } else {                 if (isset($data[$background_image]['delete']) && $data[$background_image]['delete'] == 1) {                     if ($data[$background_image]['value'] != '')                         $this->removefile($data[$background_image]['value']);                     $data[$background_image] = '';                 }else {                     unset($data[$background_image]);                 }             }              if (!empty($thumbdata[$thumb_image])) {                 $data[$thumb_image] = $thumbdata[$thumb_image];             } else {                 if (isset($data[$thumb_image]['delete']) && $data[$thumb_image]['delete'] == 1) {                     if ($data[$thumb_image]['value'] != '')                         $this->removefile($data[$thumb_image]['value']);                     $data[$thumb_image] = '';                 }else {                     unset($data[$thumb_image]);                 }             }              if (!empty($circleimagedata[$circle_image])) {                 $data[$circle_image] = $circleimagedata[$circle_image];             } else {                 if (isset($data[$circle_image]['delete']) && $data[$circle_image]['delete'] == 1) {                     if ($data[$circle_image]['value'] != '')                         $this->removefile($data[$circle_image]['value']);                     $data[$circle_image] = '';                 }else {                     unset($data[$circle_image]);                 }             }              if (!empty($audiodata[$audio_file])) {                 $data[$audio_file] = $audiodata[$audio_file];             } else {                 if (isset($data[$audio_file]['delete']) && $data[$audio_file]['delete'] == 1) {                     if ($data[$audio_file]['value'] != '')                         $this->removefile($data[$audio_file]['value']);                     $data[$audio_file] = '';                 }else {                     unset($data[$audio_file]);                 }             }              if($data['block_type'] == 16)             {                 $page_id=$this->getrequest()->getparam('page_id');                 $url= mage::helper('cms/page')->getpageurl($page_id);                 $char = mage::getmodel('character/character') -> getcollection();                 $char->addfieldtofilter('name', $data['character']);                 foreach($char $character)                 {                     $id= $character->getdata('id');                 }                 if($id)                 {                     $char = mage::getmodel('character/character')->load($id);                     $char->setlink($url)->save();                 }             }              foreach ($data $key => $value)             /* save configurable product id in array in database*/             {                 if (is_array($value))                 {                     $data[$key] = implode(',',$this->getrequest()->getparam($key));                  }             }                  $model = mage::getmodel('custom/custom');                    $model->setdata($data)                 ->setid($this->getrequest()->getparam('id'));              try              {                 $read = mage::getsingleton('core/resource')->getconnection('core_read');                 $write = mage::getsingleton('core/resource')->getconnection('core_write');                 //$data = $this->getrequest()->getpost();                    $blockid=$this->getrequest()->getparam('id');                 if(!isset($blockid) || $blockid=='') // check if new block                 {                     if($data['sort']=='') //check if contains 'sort' value                     {                         $resultarray1 = $read->fetchall("select * custom page_id ='".$data['page_id']."'");                         $totalrow=count($resultarray1);                         $data['sort']=$resultarray1[$totalrow-1]['sort'];                         $data['sort']=$data['sort']+1;                         mage::log('ashu11'.$data['sort']);                     }                     else                     {                         $resultarray2 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort>='".$data['sort']."'");                         if(count($resultarray2)>0)                         {                             foreach($resultarray2 $result)                             {                                 $write->query("update custom set sort ='".++$data['sort']."' id='".$result['id']."'");                              }                         }                     }                 }                 else                 {                     if($data['sort']=='') //check if contains 'sort' value                     {                         $resultarray3 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , id='".$blockid."'");                         $totalrow=count($resultarray3);                         $data['sort']=$resultarray3[0]['sort'];                     }                     else                     {                         $resultarray4 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , id='".$blockid."'");                         $sort1=$resultarray4[0]['sort'];                         $sort2=$data['sort'];                         if($sort2>$sort1)//downwoards                         {                             $resultarray5 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort >'".$sort1."' , sort<='".$sort2."'");                             foreach($resultarray5 $result)                             {                                 $write->query("update custom set sort ='".--$result['sort']."' id='".$result['id']."'");                              }                             $write->query("update custom set sort ='".$sort2."' id='".$blockid."'");                          }                         else                         {                              $resultarray7 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort<'".$sort1."' , sort>='".$sort2."'");                             foreach($resultarray7 $result)                             {                                 mage::log($result['id']);                                 $write->query("update custom set sort ='".++$result['sort']."' id='".$result['id']."'");                              }                             $resultarray6 = $read->fetchall("select * custom page_id ='".$data['page_id']."' , sort='".$sort2."'");                             $write->query("update custom set sort ='".$sort1."' id='".$blockid."'");                          }                     }                  }                  $model->setdata($data)                 ->setid($this->getrequest()->getparam('id'));                 $model->save();                  mage::getsingleton('adminhtml/session')->addsuccess(mage::helper('custom')->__('block saved'));                 mage::getsingleton('adminhtml/session')->setformdata(false);                  if ($this->getrequest()->getparam('back')) {                     $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $model->getid()));                     return;                 }                 $this->_redirect('adminhtml/cms_page/index/');                 return;             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 mage::getsingleton('adminhtml/session')->setformdata($data);                 $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));                 return;             }         }         mage::getsingleton('adminhtml/session')->adderror(mage::helper('custom')->__('unable find block save'));         $this->_redirect('adminhtml/cms_page/index/');     }      public function deleteaction()     {         if( $this->getrequest()->getparam('id') > 0 && $this->getrequest()->getparam('page_id')) {             try {                   $read = mage::getsingleton('core/resource')->getconnection('core_read');                 $write = mage::getsingleton('core/resource')->getconnection('core_write');                 $sorttobedelete=$read->fetchone("select sort custom id='".$this->getrequest()->getparam('id')."'");                 mage::log($sorttobedelete);                  $resultarray = $read->fetchall("select * custom page_id ='".$this->getrequest()->getparam('page_id')."' , sort >'".$sorttobedelete."'");                 mage::log($resultarray);                 if(count($resultarray)>0)                 {                     foreach($resultarray $result)                     {                         $write->query("update custom set sort ='".--$result['sort']."' id='".$result['id']."'");                      }                 }                   $model = mage::getmodel('custom/custom');                  $model->setid($this->getrequest()->getparam('id'))                     ->delete();                  mage::getsingleton('adminhtml/session')->addsuccess(mage::helper('adminhtml')->__('item deleted'));                 $this->_redirect('adminhtml/cms_page/index/');             } catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 $this->_redirect('*/*/edit', array('page_id' => $this->getrequest()->getparam('page_id'),'id' => $this->getrequest()->getparam('id')));             }         }         $this->_redirect('adminhtml/cms_page/index/');     }      public function sortrowaction() {         $currentindex=$this->getrequest()->getpost('curid');         $changedindex=$this->getrequest()->getpost('chaid');         $rowid=$this->getrequest()->getpost('rid');         $pageid=$this->getrequest()->getpost('pageid');           $output['currentindex'] = $currentindex;         $output['changedindex'] = $changedindex;         $output['rowid'] = $rowid;         $output['pageid'] = $pageid;         $output['ashu'] = "sdfds";          $read = mage::getsingleton('core/resource')->getconnection('core_read');         $write = mage::getsingleton('core/resource')->getconnection('core_write');          $sort1=$currentindex;         $sort2=$changedindex;          try         {                if($sort2>$sort1)//downwoards             {                 $resultarray5 = $read->fetchall("select * custom page_id ='".$pageid."' , sort >'".$sort1."' , sort<='".$sort2."'");                 foreach($resultarray5 $result)                 {                     $write->query("update custom set sort ='".--$result['sort']."' id='".$result['id']."'");                  }                 $write->query("update custom set sort ='".$sort2."' id='".$rowid."'");              }             else             {                  $resultarray7 = $read->fetchall("select * custom page_id ='".$pageid."' , sort<'".$sort1."' , sort>='".$sort2."'");                 foreach($resultarray7 $result)                 {                     $write->query("update custom set sort ='".++$result['sort']."' id='".$result['id']."'");                  }                 $write->query("update custom set sort ='".$sort2."' id='".$rowid."'");              }          }catch (exception $e) {                 mage::getsingleton('adminhtml/session')->adderror($e->getmessage());                 mage::getsingleton('adminhtml/session')->setformdata($data);                 return;           }          $json = json_encode($output);         $this->getresponse()                              ->clearheaders()                              ->setheader('content-type', 'application/json')                              ->setbody($json);     }      public function removefile($file) {         $_helper = mage::helper('custom');         $file = $_helper->updatedirsepereator($file);         $directory = mage::getbasedir('media') . ds . $file;         $io = new varien_io_file();         $result = $io->rmdir($directory, true);     }  } 

this code running on localhost on server. can't find out why nor working on actual server.

.htacess--

############################################ ## uncomment these lines cgi mode ## make sure specify correct cgi php binary file name ## might /cgi-bin/php-cgi  #    action php5-cgi /cgi-bin/php5-cgi #    addhandler php5-cgi .php  ############################################ ## godaddy specific options  #   options -multiviews  ## might need add line php.ini ##     cgi.fix_pathinfo = 1 ## if still doesn't work, rename php.ini php5.ini  ############################################ ## line specific 1and1 hosting      #addtype x-mapp-php5 .php     #addhandler x-mapp-php5 .php  ############################################ ## default index file      directoryindex index.php  <ifmodule mod_php5.c>  ############################################ ## adjust memory limit  #    php_value memory_limit 64m     php_value memory_limit 256m     php_value max_execution_time 18000  ############################################ ## disable magic quotes php request vars      php_flag magic_quotes_gpc off  ############################################ ## disable automatic session start ## before autoload initialized      php_flag session.auto_start off  ############################################ ## enable resulting html compression      #php_flag zlib.output_compression on  ########################################### # disable user agent verification not break multiple image upload      php_flag suhosin.session.cryptua off  ########################################### # turn off compatibility php4 when dealing objects      php_flag zend.ze1_compatibility_mode off  </ifmodule>  <ifmodule mod_security.c> ########################################### # disable post processing not break multiple image upload      secfilterengine off     secfilterscanpost off </ifmodule>  <ifmodule mod_deflate.c>  ############################################ ## enable apache served files compression ## http://developer.yahoo.com/performance/rules.html#gzip      # insert filter on content     ###setoutputfilter deflate     # insert filter on selected content types     #addoutputfilterbytype deflate text/html text/plain text/xml text/css text/javascript      # netscape 4.x has problems...     #browsermatch ^mozilla/4 gzip-only-text/html      # netscape 4.06-4.08 have more problems     #browsermatch ^mozilla/4\.0[678] no-gzip      # msie masquerades netscape, fine     #browsermatch \bmsie !no-gzip !gzip-only-text/html      # don't compress images     #setenvifnocase request_uri \.(?:gif|jpe?g|png)$ no-gzip dont-vary      # make sure proxies don't deliver wrong content     #header append vary user-agent env=!dont-vary  </ifmodule>  <ifmodule mod_ssl.c>  ############################################ ## make https env vars available cgi mode      ssloptions stdenvvars  </ifmodule>  <ifmodule mod_rewrite.c>  ############################################ ## enable rewrites      options +followsymlinks     rewriteengine on  ############################################ ## can put here magento root folder ## path relative web root      #rewritebase /magento/  ############################################ ## uncomment next line enable light api calls processing  #    rewriterule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [qsa,l]  ############################################ ## rewrite api2 calls api.php (by rest only)      rewriterule ^api/rest api.php?type=rest [qsa,l]  ############################################ ## workaround http authorization ## in cgi environment      rewriterule .* - [e=http_authorization:%{http:authorization}]  ############################################ ## trace , track http methods disabled prevent xss attacks      rewritecond %{request_method} ^trac[ek]     rewriterule .* - [l,r=405]  ############################################ ## redirect mobile user agents      #rewritecond %{request_uri} !^/mobiledirectoryhere/.*$     #rewritecond %{http_user_agent} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [nc]     #rewriterule ^(.*)$ /mobiledirectoryhere/ [l,r=302]  ############################################ ## send 404 on missing files in these folders     rewritecond %{request_uri} !^/(media|skin|js)/  ############################################ ## never rewrite existing files, directories , links      rewritecond %{request_filename} !-f     rewritecond %{request_filename} !-d     rewritecond %{request_filename} !-l  ############################################ ## rewrite else index.php      rewriterule .* index.php [l]  </ifmodule>   ############################################ ## prevent character encoding issues server overrides ## if still have problems, use second line instead      adddefaultcharset off     #adddefaultcharset utf-8  <ifmodule mod_expires.c>  ############################################ ## add default expires header ## http://developer.yahoo.com/performance/rules.html#expires      expiresdefault "access plus 1 year"  </ifmodule>  ############################################ ## default allow access      order allow,deny     allow  ########################################### ## deny access release notes prevent disclosure of installed magento version      <files release_notes.txt>         order allow,deny         deny     </files>  ############################################ ## if running in cluster environment, uncomment ## http://developer.yahoo.com/performance/rules.html#etags      #fileetag none 

can me pls find out issue.


Comments

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

javascript - Get parameter of GET request -

javascript - Twitter Bootstrap - how to add some more margin between tooltip popup and element -