Access denied error linking to dashboard from web page

I have a web page containing a link to the admin page of phpList. The login page opens fine in IE11, but in Chrome Version 43.0.2357.81 m (64-bit), only the header renders; the body contains an “access denied” message. If I reload, the page remains blank, but if I put the cursor at the end of the address in the browser and hit enter, the login page loads normally. Anyone have any ideas? Nothing I have tried has any effect.

Hi, can you share the link? Not sure what you mean exactly.

Anna,

Click on the “login” link at the bottom of the page. I have this same link to the PHPlist login page on another website, and it works just fine, the first time and every time. On this page, it refuses to display the full page when using the Chrome browser, as I explained in my previous message.
http://deblasiis-chamber-music.org/signup.html

Jeff

The problem seems to be caused by your page not having a ‘www’ prefix
http://deblasiis-chamber-music.org/signup.html

If you use
http://www.deblasiis-chamber-music.org/signup.html

then the link to phplist seems to work. But I don’t know why that is significant.

ooops… I see what you mean! That is strange, but at least it solves my immediate problem.

Thanks!

thanks @duncanc @jeffduncan is this a bug report you think? https://www.phplist.org/development/#bugreport

The problem seems to be caused by enabling CHECK_REFERRER in config.php and having a link to the phplist login page within a page that is on a different domain. In this case the different domain didn’t have the “www” prefix.

If you enable CHECK_REFERRER then you also need to add the other domain to the list of allowed domains

$allowed_referrers = array();

otherwise phplist will allow access only from its own domain.

1 Like

Thank you so much for the excellent detailed response… you’re a gem! That solves my issue completely.

Jeff

I was in the midst of sending a list and after a while it logged me out and prompted for the login, I inevitably entered the wrong password and now it is showing me the “Access Denied”. There wasn’t anywhere which prompted for me to re-enter the login credentials.

As I was unable to log in, I’ve made changes to the config.php to

define(‘CHECK_REFERRER’,false);

But no matter how I refresh the admin login page at http://www.batchimage.com/maillist/admin , I cannot get in. It still shows the “Access Denied” and nothing else.

I’m really at a lost. Is it possible that because of the wrong password, I’m banned from the system ?

Thanks.