Irrational Forbidden 403 Error Message

Question

I have a blog with a add-post.php page which contains a simple form with the action:

<form id="form" action="add-post-php.php" method="POST" enctype="multipart/form-data">

I then have the file, add-post-php.php in the same folder as add-form.php . So I enter the details of my blog into the form and press submit and get:

Forbidden

You don't have permission to access /add-post-php.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I've tested this on my localhost and it works correctly, the permission of the file is set at 0644, but I've also tried it at 0755, with no improvement. There is nothing wrong with my .htaccess file and there are no other .htaccess files in the directory.

My add-post-php.php script in full is:

<?php
include("php/settings.php"); // Contains DB Connections
?>
<?php
$id= time();
$month = date("m");
$year = date("Y");
$path = "images/posts/$year/$month/";

$section = $_POST["section"];
$category = $_POST["category"];
$credit = $_POST["credit"];
$title = ucwords($_POST["title"]);
$text = $_POST["text"];
$exclusive = $_POST["exclusive"];

$added = date("Y-m-d H:i:s");

$photo = $_FILES["photo"]["name"];
$ext = substr(strrchr($photo, '.'), 1);
?>
<?php
$insert_sql = "INSERT INTO posts (id, section, category, credit, title, article, exclusive, added) VALUES('$id', '$section', '$category', '$credit', '$title', '$text', '$exclusive', '$added')";
$insert_res = mysqli_query($con, $insert_sql);
if(mysqli_affected_rows($con)>0){
move_uploaded_file($_FILES["photo"]["tmp_name"],"$path" . $id . "." . $ext);
}
else{
echo "0";
exit();
};
?>
<?php
header("Location: post.php?id=$id");
exit();
?>

Does anyone have any idea why I'm getting the Forbidden Error when the file clearly exists and it's permissions are correct?

Here is my .htaccess:

Options -MultiViews

DirectoryIndex posts.php

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d    

RewriteRule ^posts/([0-9]+)/?$              posts.php?currentpage=$1 [NC,L,QSA]

RewriteRule ^section/([\w-]+)/?$            section.php?section=$1 [NC,L,QSA]
RewriteRule ^section/([\w-]+)/([0-9]+)/?$   section.php?section=$1&currentpage=$2 [NC,L,QSA]

RewriteRule ^posts/([\w-]+)/?$              posts.php?category=$1 [NC,L,QSA]
RewriteRule ^posts/([\w-]+)/([0-9]+)/?$     posts.php?category=$1&currentpage=$2 [NC,L,QSA]

RewriteRule ^post/([0-9]+)/([\w-]+)/?$      post.php?id=$1&title=$2 [NC,L,QSA]

RewriteRule ^sites/([0-9]+)/?$              sites.php?currentpage=$1 [NC,L,QSA]

RewriteRule ^posts posts.php
RewriteRule ^section section.php
RewriteRule ^sites sites.php

RewriteRule ^about about.php
RewriteRule ^advertise advertise.php
RewriteRule ^subscribe subscribe.php

Folder structure:

I've just checked the php error log again and I'm seeing these messages:

[Thu Oct 22 13:04:14.575567 2015] [:error] [pid 1041578] [client 74.125.76.51:56087] File does not exist: /home/fulldist/public_html/***.com/feed.php,

[Thu Oct 22 09:53:14.646744 2015] [:error] [pid 944286] [client 31.13.113.90:59997] File does not exist: /home/fulldist/public_html/***.com/blog.php.

It's true that feed.php and blog.php don't exist, but why is it trying to look them up?

Answer 1

Is this not wrong

header("Location: post.php?id=$id");

Dont you need this as a header

header("Location: posts/$id");

based on this rule

RewriteRule ^posts/([0-9]+)/?$              posts.php?currentpage=$1 [NC,L,QSA]