Frontend Users


[#10779] Protected Content always results in 403 forbidden error.

Created By: SlurmMcKenzie (SlurmMcKenzie)
Date Submitted: Wed Dec 09 09:10:52 -0500 2015

Assigned To: Robert Campbell (calguy1000)
Version: 1.30.7
CMSMS Version: 2.1
Severity: Critical
Resolution: Fixed
State: Closed
Protected Content always results in 403 forbidden error.
Detailed Description:
Encountered this error after i updated my CMSMS from to 2.1 and
my FrontendUsers to 1.30.7.
Confirmed with 100% clean and fresh installation of 2.1.

All my pages with the content type "Protected Content" return 403 - forbidden
I changed the allowed user groups, i created a new user group, i tried selecting
all groups and none.
I always get 403 error.

Then i made a 100% clean and fresh installation of CMSMS 2.1 with no content at
I installed FrontendUsers (and its dependencies).
I created 1 normal content page and included the {FrontEndUsers} tag to display
the login form.
I created 1 user group within FEU, and assigned 1 user to it.
I created another content page, this time with the content tag "protected
content", i set the allowed user groups to my only existing group.
I opened the normal site and went to the unprotected content. i successfully
logged in with my only existing user account.
Login is successful, i get the "welcome..." message and i can change my
Now the protected page shows up in my menu, i go to this page and i get the 403


Date: 2015-12-09 09:20
Posted By: SlurmMcKenzie (SlurmMcKenzie)

The tag  {feu_protect groups="..."}  ... {/feu_protect}
works like intended. No authentication problem on this one.
Date: 2015-12-12 06:46
Posted By: Birger Eriksson (bigge)

Same here. After i update CMSMS from to 2.1 and FrontendUsers from
1.30.5 to 1.30.7
(running in MAMP)
Date: 2015-12-14 06:08
Posted By: TannSan (TannSan)

Just got hit by this one with a project I'm currently working on and like a
total rookie I didn't make a backup first so now have to re-install the entire
CMS so I can downgrade it back to, trying to work out the problem and
fix it first though but the downgrade is looking more likely as time passes
Date: 2015-12-16 08:16
Posted By: SlurmMcKenzie (SlurmMcKenzie)

Ok, i think i found a very easy solution.
Problem seems to be not within FEU but within the index.php.

On line 108 it checks the permission of the contentobj.
i traced the call of this function and on my test page it is called 3 times, one
for the menu, one for the content itself and
one time before everything else, i guess on creation ?

However, this returns FALSE the first time it is called because the login
handler has not yet run.
It looks like that happens on line 114 of the index.php  (
setup_session($cachable);  )

if you check the permission after the "  setup_session($cachable);  " it works

so change line 108 to 114 to this

        $cachable = $contentobj->Cachable();
        if( $page == __CMS_PREVIEW_PAGE__ ) $cachable = false;
		if( !$contentobj->IsPermitted() ) {
            throw new CmsError403Exception('Permission denied');

seems to work like intended, no access without login, and with correct login you
get access.
however, i am not a professional cmsms developer, so i don't know about unwanted
side effects
Date: 2015-12-22 04:14
Posted By: Birger Eriksson (bigge)

Upgrade CMSMS from 2.1 to 2.1.1 solved the problem for me.
Date: 2015-12-22 05:50
Posted By: SlurmMcKenzie (SlurmMcKenzie)

i can confirm the fix in 2.1.1

Updated: 2015-12-22 05:50
resolution_id: 10 => 7
state: Open => Closed

Updated: 2015-12-16 08:16
resolution_id: 5 => 10

Updated: 2015-12-09 09:20
resolution_id: => 5