Forbidden-403 Error

padhu

Forbidden-403 Error

Hai,I am new to this.I dont know how to solve this error.My problem is that i am getting this error message

"You don't have permission to access /forum/up.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

My script is chipmunk forum modded script and the problem area is URL upload section of this script.i.e. in reply.php,while giving URL for upload ,the action goes to up.php where i am getting this erroe message.
I am scratching my heads to find solution.
Any help will be greatly appreciated.

A part of reply.php:

<b>Http/Ftp Upload(URL UPLOAD)</b> (Max Filesize: 600 M😎<BR>
<b>Message:</b><br>Restricted to only zip,sis,rar,3gp,avi extensions.
<form method='POST' action='up.php'>
<textarea rows='6' name='post' cols='45' id='7'></textarea><BR><br>

     Enter the url like:'http://CrazyMobi4M.Com/FOLDER/1.zip'
		<br/>
		<input type='text'size=60 name='file' />
		<br/>
		<br/>
		Rename the File name (file.ext)
		<br/>	<input type='text' size=30 name='new' />
        <input type=hidden name='user' value='$user'>
		<input type=hidden name='forumID' value='$forumID'>
		<input type=hidden name='ID' value='$ID'>
		<input type='hidden' name='name' value='$getguest3[userID]'><br>
	    <input type='hidden' name='threadparent' value='$ID'>

		<br/>
		<br/>
		<input name='submit' type='submit' value='Copy File' />
		</form>" ;}

And up.php:

<?php

error_reporting(0);
@set_time_limit(0);
include 'templates/default/title.php';
include 'connect.php';
include 'admin/var.php';
$s=$_SERVER["REMOTE_ADDR"];
print "<link rel='stylesheet' href='templates/default/s.css' type='text/css'>";

$post=$POST['post'];
$user=$POST['user'];
$forumID=$POST['forumID'];
$ID=$POST['ID'];
$threadparent=$_POST['threadparent'];

$defaultDest = "./upload/1/";
$slash = "/";
$submit = $POST['submit'];
$file = $POST['file'];
$newfilename = $_POST['new'];
$newfilename=strtolower($newfilename);
$newfilename=Smiley($newfilename);
$dest = $defaultDest;
$today = date("mdY",time()+(10.50*3600));

$dest=$dest.$today;
if ( is_dir($dest))

{print"";}
else{
mkdir($dest);
chmod($dest,0777);
$update="Update b_users SET tupload='0'";
mysql_query($update);

}
$filename=$newfilename;
$ext = substr($file, strrpos($file, '.') + 1);
$exte= substr($newfilename, strrpos($newfilename, '.') + 1);
if (($ext == 'zip') || ($ext == 'rar')|| ($ext == 'mp3') || ($ext == 'sis')|| ($ext == 'sisx')|| ($ext == '3gp')
||($ext == 'avi') || ($ext == '.flv.avi'))
{
if (($exte == 'zip') || ($exte == 'rar')|| ($exte == 'mp3') || ($exte == 'sis')|| ($exte == 'sisx')|| ($exte == '3gp')
||($exte == 'avi') || ($exte == '.flv.avi'))
{$filelink=time().'-www.xxx.com-uploaded-by-our-'.$user.'-'.$filename;}
else {
die("<table class='maintable'><tr class='headline'><td><center>Reply</center></td></tr><tr class='forumrow'><td><center><b>xxx.com</b><br>you did not enter a correct extension(3gp,avi,zip,rar,mp3,sis only allowed)</center></td></tr></table>");}}

else
{$filelink=time().'-www.xxx.com-uploaded-by-our-'.$user.'-'.$filename.'.zip';}
$day=date("D M d, Y H:i:s",time()+(10.50*3600));
$timegone=date("U") ;
$size=$filesize;

   if(isset($_POST['submit']))
{
    if(strlen($_POST['post'])<1)
   {

   print "<table class='maintable'>";
    print "<tr class='headline'><td><center>Reply</center></td></tr>";
    print "<tr class='forumrow'><td><center>"; print "<b>";
    print "One of the required fields was not filled in, please go back and try again";
    print "</td></tr></table>"; }
    else {
    $user=$_POST['user'];

$getid="SELECT from b_users where username='$user'";
$getid2=mysql_query($getid) or die("could not get user");
$getid3=mysql_fetch_array($getid2);
$name=$getid3[userID];
$post=$_POST['post'];
{if(strlen($post)<=3)
die("<table class='maintable'><tr class='headline'><td><center>Reply</center></td></tr><tr class='forumrow'><td><center>Your Post did not exceed more than four letters,please post more than Four Letters</center></td></tr></table>");}
$getposts="SELECT from b_posts where author='$getid3[userID]' order by ID DESC limit 1";
$getposts2=mysql_query($getposts) or die("Could not get users");
$getposts3=mysql_fetch_array($getposts2);

{if($post==$getposts3[post])
die("<table class='maintable'><tr class='headline'><td><center>Reply</center></td></tr><tr class='forumrow'><td><center>You Are Trying to Post a Duplicate Post.</center></td></tr></table>");}

   $title=$_POST['title'];
    $day=date("D M d, Y H:i:s",time()+(10.50*3600));
   $timegone=date("U") ;
   $threadparent=$_POST['threadparent'];
   $forumID=$_POST['forumID'];
   $user=$_POST['user'];
   $s=$_SERVER["REMOTE_ADDR"];
   $thedate=date("U");
   $date=date("mdY",time()+(10.50*3600));

$posting="INSERT INTO b_posts (author, title, post,timepost, telapsed,
threadparent, postforum,lastpost,ipaddress,time,date)
values ('$name', '$title', '$post', '$day', '$timegone', '$threadparent',
'$forumID','$user','$s','$thedate','$date')";
mysql_query($posting) or die("could not post");
$i="1";
$upposts="Update register set posts=posts+1 where ID='$i'";
mysql_query($upposts);

$update="Update b_posts SET numreplies=numreplies+1, timepost='$day', telapsed='$timegone', lastpost='$user' where ID='$threadparent'";
mysql_query($update);
$upforum="Update b_forums set numposts=numposts+1,lastpost='$day',lastpostuser='$user',lastposttime='$timegone' where ID='$forumID'";
mysql_query($upforum);
$timenow=date("U");
$updateuser="update b_users set Posts=Posts+1,Points=Points+1, lastposttime='$timenow' where username='$user'";
mysql_query($updateuser) or die("COuld not update numposts");

}}

print "<b>";
$postid="select * from b_posts where time='$thedate'";
$postid0=mysql_query($postid);
$postid1=mysql_fetch_array($postid0);

if ($newfilename)
{
if ($file)
{
$ds = array($dest, $slash, $filelink);
$ds = implode("", $ds);

	if (file_exists($ds))
		{

		echo "File already exists";
		echo '</body>
              </html>';
		exit();
		}


	if (!copy($file, $ds)) { echo "Was unable to Upload ur file, <br/>See if your path and destination are correct";

}
else
{

   $threadparent=$_POST['threadparent'];
   $name=$_POST['name'];
   $nosmiley="1";
$link=$ds;
$bytes=filesize($link);
$size = $bytes / 1024;
$size = round($size, 2);
$filesize=$size;





   $post=strip_tags($post,'<p><a><b><i><img><u><font>[url][img][URL][IMG][FONT][font]<sub><sup><span><li><size>[list][o][size][s][mail]');
   $s=$_SERVER["REMOTE_ADDR"];

$vartime=date("mdY",time()+(10.50*3600));

$attaching="INSERT INTO b_attach (attachments,filelink,filesize,attachid,date,userid,ip) values ('$filename','$filelink','$filesize','$postid1[ID]','$vartime','$getid3[userID]','$s')";
mysql_query($attaching) or die("could not attach");
$user=$_POST['user'];
$getid="SELECT * from b_users where username='$user'";
$getid2=mysql_query($getid) or die("could not get user");
$getid3=mysql_fetch_array($getid2);
$update="update b_users set tupload=tupload+1 where userID='$getid3[userID]'";
$update2=mysql_query($update) or die(mysql_error());

    $i1="1";
    $upposts1="Update register set posts=posts+1 where ID='$i1'";
    mysql_query($upposts1);

$checkattach="Update b_attach SET chkattach=1 where attachid='$postid1[ID]' ";
$checkattach1=mysql_query($checkattach);
$upload="update b_users set upload=upload+$size,uploadno=uploadno+1,points=points+5 where username='$user'";
mysql_query($upload);

$upforum="Update b_forums set numposts=numposts+1,lastpost='$day',lastpostuser='$user',lastposttime='$timegone' where ID='$forumID'";
mysql_query($upforum);
$timenow=date("U");

print $size;

$size .= ' KB';

    echo "<b><br>Copied successfully<br/></b>";
    }

	} else echo "File url not entered";
} else echo "File name not entered";

$page1 = mysql_query("SELECT COUNT(ID) FROM b_posts where threadparent='$threadparent' order by ID ASC") or die(mysql_error());
$page = mysql_result($page1, 0);

$nopage=$page/20;

$lpm=substr($nopage, -2, 1); 


$page=round($nopage);

if($lpm<5)
{ $page=$page+1; }
else { $page=$page; }
$last=($page-1)*20;

print "<table class='maintable'>";
print "<tr class='headline'><td><center>Reply</center></td></tr>";
print "<tr class='forumrow'><td><center>";
print "Thanks for posting... Redirecting to last page<META HTTP-EQUIV = 'Refresh' Content = '1; URL =index.php?forumID=$forumID&ID=$threadparent&start=$last'><br>";
print "<a href='index.php?forumID=$forumID&ID=$threadparent'>Back To Thread</a><br>";
print "<a href='index.php?forumID=$forumID'>Back To Forum</a><br>";
print "<a href='index.php'>Back To index</a>";
print "</td></tr></table>";

</body>
</html>