Formify Permission Error On Submission By Guest

Permalink Browser Info Environment
Hello,
There is an error with Formify that is making it unable for us to submit forms that are created within Formify v3.1

We have a form created using Formify, and enabled the "Add" permission to the Guest but, when a person is not logged in he is not able to submit the form and getting the permission error "You do not have access to submit this form."

We have tested multiple ways, and find that this is a Formify Error, and seems to happen in the latest Concrete5 version of 8.4.0. We did compare the files for the Users in 8.4.0 and 8.3.2 and found differences in the CORE file - maybe that is what is causing this issue.

Please provide us with a way to fix this as soon as you can, as it is causing timeline issues with a project we are working on,

Thank you so much, very much appreciated!

Type: Ticket
Status: Archived
CoeConcrete5
View Replies:
PhilYoung replied on at Permalink Reply
PhilYoung
Hi,

I have just tested formify 3.1 on C5 8.4.0 and have no issues on a test form submission regardless if the user is logged in or not. Do you have the correct permissions set on your folders?
Best
Phil
jerryscott replied on at Permalink Reply
jerryscott
Hey Phil,

I am facing the similar issue with the Formify, Can you guide me what level of permissions I need to check for this.

Thank you very much in advance.
PhilYoung replied on at Permalink Reply
PhilYoung
Hi,
Make sure that the form permissions under settings for the formify form are set correctly. On your web host check that your folder permissions are 755.
Best
Phil
jerryscott replied on at Permalink Reply
jerryscott
Still facing the same issue, Steps to replicate is :
1. Create a form using formify.
2. Make sure the Guest User has permission to ADD entry.
3. Open the incognito window with the URL you have the form on.
4. Try to submit the form. It will give the error that you do not have the permission to submit the form.

I was able to check why it is happening. This is happening because of in the FormifyForm.php you have these lines of code.
$u = new User();

foreach($u->uGroups as $gID) { //Loop through the groups
   if($this->groupCanAdd($gID)) { //If user is part of a group that can add, they can add
      return true;
   }
}


And when I go to the constructor of the User controller to check the code I find that the line of code which assigns the users groups which is this line:
$this->uGroups = $this->_getUserGroups();

is enclosed within an If condition:
if ($validator->hasActiveSession() || $this->uID)


The uID is obviously null as the user is not logged in but when I check the hasActiveSession function I see this:
public function hasActiveSession()
{
        $cookie = $this->app['cookie'];
        return $cookie->has($this->config->get('concrete.session.name'));
}


Which seems to be the reason that the userCanAdd function of formify must be getting an empty array of user groups hence it is blocking the user on incognito mode.

Please advise what can be done to resolve this. And apologies for the long reply. :)
PhilYoung replied on at Permalink Reply
PhilYoung
Hi,
Firstly, I am not the developer. I just happen to do a lot of support here. I cant replicate this issue in my 8.4.0 install so I cannot see this as a formify issue. It is something about your setup. As you did not start this support request I don't have your environment information to see if there is anything obvious.

Please check your personal messages.

Best
Phil
tracyb replied on at Permalink Reply
tracyb
I was having the same issue but I found this on slack and tried it. Worked for me.

Remove the below from the Records.php file
located in - controllers/api/records.php

if(!$f->userCanAdd()) {
                    $e = array();
                    $e['type'] = 'permissions';
                    $e['message'] = $f->errorPermission;
                    $response['errors'][] = $e;
                }
jerryscott replied on at Permalink Reply
jerryscott
Hey tracyb,

Thanks for your reply. Although changing the check for the permission in the module is not the best solution.

I did find another piece working for me which is including these lines of code on start
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}
jerryscott replied on at Permalink Reply
jerryscott
The above solution did work for me for the development server however I am still facing issues on the live site the only difference from live to dev is live has 7.0 PHP version and the dev has 7.1 PHP version. Trying to find a solution for the same.
ConcreteCMS replied on at Permalink Reply
ConcreteCMS
Attention: Since there has been no activity on this issue for two weeks, this issue has been automatically archived.

To re-open this issue, reply to this message.
ConcreteCMS replied on at Permalink Reply
ConcreteCMS
Attention: Since there has been no activity on this issue for two weeks, this issue has been automatically archived.

To re-open this issue, reply to this message.
ConcreteCMS replied on at Permalink Reply
ConcreteCMS
Attention: Since there has been no activity on this issue for two weeks, this issue has been automatically archived.

To re-open this issue, reply to this message.
ConcreteCMS replied on at Permalink Reply
ConcreteCMS
Attention: Since there has been no activity on this issue for two weeks, this issue has been automatically archived.

To re-open this issue, reply to this message.

concrete5 Environment Information

# concrete5 Version
Core Version - 8.4.0
Version Installed - 8.4.0
Database Version - 20180524000000

# concrete5 Packages
Block Designer (3.1.2), Block Designer Pro (3.0.0), Custom Calendar Package (0.0.7), ExchangeCore LDAP Authentication (1.2.3), Formify (3.1), Geo Content (0.9.7), Google reCAPTCHA (0.1), Informatics Blog (1.0.1), Informatics Social Media Tags (0.0.1), Staff Directory (1.0.3), Whale Grid Gallery (2.4.5), Whale Grid Gallery Extention (0.0.1)

# concrete5 Overrides
blocks/alert_block/add.php, blocks/alert_block/auto.css, blocks/alert_block/auto.js, blocks/alert_block/composer.php, blocks/alert_block/config.json, blocks/alert_block/controller.php, blocks/alert_block/db.xml, blocks/alert_block/edit.php, blocks/alert_block/form.php, blocks/alert_block/icon.png, blocks/alert_block/view.php, blocks/alert_block, blocks/autonav/templates/breadcrumb.php, blocks/autonav/templates/main_menu/view.php, blocks/autonav/templates/main_menu/view_bck.php, blocks/autonav/templates/main_menu, blocks/autonav/templates/secondary.php, blocks/autonav/templates/secondary_bck.php, blocks/autonav/templates, blocks/autonav/view.php, blocks/autonav, blocks/cta_full/add.php, blocks/cta_full/composer.php, blocks/cta_full/config.json, blocks/cta_full/controller.php, blocks/cta_full/db.xml, blocks/cta_full/edit.php, blocks/cta_full/form.php, blocks/cta_full/icon.png, blocks/cta_full/view.php, blocks/cta_full, blocks/cta_list/add.php, blocks/cta_list/auto.css, blocks/cta_list/auto.js, blocks/cta_list/composer.php, blocks/cta_list/config.json, blocks/cta_list/controller.php, blocks/cta_list/db.xml, blocks/cta_list/edit.php, blocks/cta_list/form.php, blocks/cta_list/icon.png, blocks/cta_list/view.php, blocks/cta_list, blocks/full_feature/add.php, blocks/full_feature/composer.php, blocks/full_feature/config.json, blocks/full_feature/controller.php, blocks/full_feature/db.xml, blocks/full_feature/edit.php, blocks/full_feature/form.php, blocks/full_feature/icon.png, blocks/full_feature/templates/left_block.php, blocks/full_feature/templates, blocks/full_feature/view.php, blocks/full_feature, blocks/img_hover_link/add.php, blocks/img_hover_link/composer.php, blocks/img_hover_link/config.json, blocks/img_hover_link/controller.php, blocks/img_hover_link/db.xml, blocks/img_hover_link/edit.php, blocks/img_hover_link/form.php, blocks/img_hover_link/icon.png, blocks/img_hover_link/view.php, blocks/img_hover_link, blocks/mini_nav_link/add.php, blocks/mini_nav_link/auto.js, blocks/mini_nav_link/composer.php, blocks/mini_nav_link/config.json, blocks/mini_nav_link/controller.php, blocks/mini_nav_link/css_form/repeatable-ft.form.css, blocks/mini_nav_link/css_form, blocks/mini_nav_link/db.xml, blocks/mini_nav_link/edit.php, blocks/mini_nav_link/form.php, blocks/mini_nav_link/icon.png, blocks/mini_nav_link/js_form/handlebars-helpers.js, blocks/mini_nav_link/js_form/handlebars-v4.0.4.js, blocks/mini_nav_link/js_form, blocks/mini_nav_link/view.php, blocks/mini_nav_link, blocks/page_anchor_hdr/add.php, blocks/page_anchor_hdr/composer.php, blocks/page_anchor_hdr/config.json, blocks/page_anchor_hdr/controller.php, blocks/page_anchor_hdr/db.xml, blocks/page_anchor_hdr/edit.php, blocks/page_anchor_hdr/form.php, blocks/page_anchor_hdr/icon.png, blocks/page_anchor_hdr/view.php, blocks/page_anchor_hdr, blocks/page_list/controller.php, blocks/page_list/templates/blog_list.php, blocks/page_list/templates/majors.php, blocks/page_list/templates/mini_nav.php, blocks/page_list/templates, blocks/page_list, blocks/page_title/templates/custom.php, blocks/page_title/templates, blocks/page_title, blocks/search/controller.php, blocks/search/templates/pagesearch/view.css, blocks/search/templates/pagesearch/view.js, blocks/search/templates/pagesearch/view.php, blocks/search/templates/pagesearch, blocks/search/templates, blocks/search, blocks/social_media_block/add.php, blocks/social_media_block/composer.php, blocks/social_media_block/config.json, blocks/social_media_block/controller.php, blocks/social_media_block/db.xml, blocks/social_media_block/edit.php, blocks/social_media_block/form.php, blocks/social_media_block/icon.png, blocks/social_media_block/view.php, blocks/social_media_block, blocks/stat/add.php, blocks/stat/composer.php, blocks/stat/config.json, blocks/stat/controller.php, blocks/stat/db.xml, blocks/stat/edit.php, blocks/stat/form.php, blocks/stat/icon.png, blocks/stat/templates/large_number.php, blocks/stat/templates, blocks/stat/view.php, blocks/stat, blocks/success_story/add.php, blocks/success_story/composer.php, blocks/success_story/config.json, blocks/success_story/controller.php, blocks/success_story/db.xml, blocks/success_story/edit.php, blocks/success_story/form.php, blocks/success_story/icon.png, blocks/success_story/templates/light_photo.php, blocks/success_story/templates/small_photo.php, blocks/success_story/templates, blocks/success_story/view.php, blocks/success_story, blocks/tags/controller.php, blocks/tags/templates/custom/view.php, blocks/tags/templates/custom, blocks/tags/templates, blocks/tags, blocks/tags_key_search/add.php, blocks/tags_key_search/composer.php, blocks/tags_key_search/config.json, blocks/tags_key_search/controller.php, blocks/tags_key_search/db.xml, blocks/tags_key_search/edit.php, blocks/tags_key_search/form.php, blocks/tags_key_search/icon.png, blocks/tags_key_search/view.php, blocks/tags_key_search, blocks/topic_list/templates/custom/view.php, blocks/topic_list/templates/custom, blocks/topic_list/templates, blocks/topic_list, blocks/video/templates/coe_hero.php, blocks/video/templates, blocks/video, blocks/vimeo_video/add.php, blocks/vimeo_video/composer.php, blocks/vimeo_video/config.json, blocks/vimeo_video/controller.php, blocks/vimeo_video/db.xml, blocks/vimeo_video/edit.php, blocks/vimeo_video/form.php, blocks/vimeo_video/icon.png, blocks/vimeo_video/view.php, blocks/vimeo_video, blocks/vimeo_video_embed/add.php, blocks/vimeo_video_embed/composer.php, blocks/vimeo_video_embed/config.json, blocks/vimeo_video_embed/controller.php, blocks/vimeo_video_embed/db.xml, blocks/vimeo_video_embed/edit.php, blocks/vimeo_video_embed/form.php, blocks/vimeo_video_embed/icon.png, blocks/vimeo_video_embed/view.php, blocks/vimeo_video_embed, themes/coecollege/css/animation.css, themes/coecollege/css/bootstrap.min.css, themes/coecollege/css/custom.css, themes/coecollege/css/font-awesome.min.css, themes/coecollege/css/ie-fix.css, themes/coecollege/css/slick.css, themes/coecollege/css/wysiwyg.css, themes/coecollege/css, themes/coecollege/default.php, themes/coecollege/department.php, themes/coecollege/description.txt, themes/coecollege/fonts/3647C9_0_0.eot, themes/coecollege/fonts/3647C9_0_0.ttf, themes/coecollege/fonts/3647C9_0_0.woff, themes/coecollege/fonts/3647C9_0_0.woff2, themes/coecollege/fonts/fontawesome-webfont.eot, themes/coecollege/fonts/fontawesome-webfont.svg, themes/coecollege/fonts/fontawesome-webfont.ttf, themes/coecollege/fonts/fontawesome-webfont.woff, themes/coecollege/fonts/fontawesome-webfont.woff2, themes/coecollege/fonts/FontAwesome.otf, themes/coecollege/fonts/glyphicons-halflings-regular.eot, themes/coecollege/fonts/glyphicons-halflings-regular.svg, themes/coecollege/fonts/glyphicons-halflings-regular.ttf, themes/coecollege/fonts/glyphicons-halflings-regular.woff, themes/coecollege/fonts/glyphicons-halflings-regular.woff2, themes/coecollege/fonts, themes/coecollege/full.php, themes/coecollege/home.php, themes/coecollege/img/bkg-bell.png, themes/coecollege/img/bkg-ftr-btn.png, themes/coecollege/img/bkg-ftr.jpg, themes/coecollege/img/bkg-nav-item.png, themes/coecollege/img/bkg-pattern.jpg, themes/coecollege/img/bkg-stripes.png, themes/coecollege/img/hdr-bell.jpg, themes/coecollege/img/hr-logo.png, themes/coecollege/img/logo-inverse.png, themes/coecollege/img/logo.png, themes/coecollege/img/majors-list.jpg, themes/coecollege/img/no-photo.jpg, themes/coecollege/img, themes/coecollege/inc/footer.php, themes/coecollege/inc/header.php, themes/coecollege/inc, themes/coecollege/js/bootstrap.min.js, themes/coecollege/js/coe.js, themes/coecollege/js/ie-fix.js, themes/coecollege/js/numscroller.js, themes/coecollege/js/slick.min.js, themes/coecollege/js/ui.js, themes/coecollege/js, themes/coecollege/landing.php, themes/coecollege/page_theme.php, themes/coecollege/secondary.php, themes/coecollege/secondary_less_nav.php, themes/coecollege/thumbnail.png, themes/coecollege/view.php, themes/coecollege

# concrete5 Cache Settings
Block Cache - Off
Overrides Cache - Off
Full Page Caching - Off
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software
Apache

# Server API
cgi-fcgi

# PHP Version
7.1.10

# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dom, fileinfo, filter, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mcrypt, mysqli, mysqlnd, openssl, pcre, PDO, pdo_mysql, Phar, readline, Reflection, session, SimpleXML, soap, SPL, sqlsrv, standard, tidy, tokenizer, wddx, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib

# PHP Settings
max_execution_time - 360
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 10000
memory_limit - 3000M
post_max_size - 20M
sql.safe_mode - Off
upload_max_filesize - 25M
ldap.max_links - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - <i>no value</i>
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5
opcache.max_accelerated_files - 100000
opcache.max_file_size - 0
opcache.max_wasted_percentage - 5

Browser User-Agent String

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You may not request a refund that is not currently owned by you.