CGIAuth setup

scorpious · Posted: Mon Jul 24, 2006 3:15 pm

Hi all

We have followed how to setup the CGIAuth setup, we have created the God Username and Password for the Admin and for the NukeSentinel Core Functionlity we have set up a separate username and password.

When we click on the CGIAuth Setup it gives us the following information that we copied and pasted into the .htaccess file

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/www/ourwebsitename/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# ------------------------------------------

The login box (restricted by nukesentinel) appears asking for the username and password, we enter the username and password and after 3 attempts we are taken to a page with the following on

This server could not verify that you are authorized to access the URL "/admin.php". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

We have checked the user name and password and they are correct.

Any help on this would be appreciated.

We cannot get httpauth thats why we are using the CGIAuth.

Many thanks

Scorp

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Maybe it's a dumb question, but did you create the .staccess file?

scorpious · Posted: Tue Jul 25, 2006 1:58 am

Hi Kguske

No its not a dumb question, We have a .staccess file in side is the following information:

Username:<<hash was removed by admin>>.

I have replaced the login name with username, or was that dumb to say, lol you have to laugh about it or you be jumping out the window, its like Bang Head

with this at the moment.

Many thanks

Scorp

montego · Posted: Tue Jul 25, 2006 6:17 am

Guys, I removed the hash from your post. It looked valid, kguske, just so you know.

I am just paranoid when it comes to anything remotely related to passwords, paths, etc. Depending on the password you gave it, this hash could be more easily cracked than you might think. Sorry, just paranoid... been reading too much lately... Wink

scorpious · Posted: Tue Jul 25, 2006 7:03 am

Hi montego

The hash was the old one, since then we have tried 3 other passwords, lol

Any help would be great

Many thanks

Scorp

gregexp · Posted: Tue Jul 25, 2006 10:34 am

Have you verified that the path is valid to the .staccess?

save this to a text file and run it

<?php

$test= realpath('.staccess');
echo "$test";

?>

That will show you the exact path to the .stacess but be sure to upload it to the SAME directory that your .staccess is in.

Its recomended that the .staccess also be in the same directory as index.php of your site so if you run

Only registered users can see links on this board!
Get registered or login to the forums!

The .staccess should be in path/to/your/domain/nuke. But it does not need to be. Replace /home/www/ourwebsitename/.staccess with whatever that script outputs.

scorpious · Posted: Tue Jul 25, 2006 11:45 am

Hi

Yes the path is valid, we checked it a few times.

However, it will not recognise either the username or password that we have given for Nuke Sentinel in the setup/Configuration for NukeSentinel Core Functionality of Raven76.

Scorpious

gregexp · Posted: Tue Jul 25, 2006 12:38 pm

Weird, Your positive its written in the correct place? and it all seems valid. Can you do me a favor and contact me via yahoo or msn?

scorpious · Posted: Tue Jul 25, 2006 2:55 pm

Hi Darklord

PMed you on Yahoo but u never got back to me, scorpious_m was my user name

Scorp

gregexp · Posted: Tue Jul 25, 2006 3:00 pm

My apologies but dealing with a server that I am feeling more or less left hangin in the wind with and this problem will not go away.

gregexp · Posted: Tue Jul 25, 2006 3:55 pm

Ok just to fill everyone in here whats going on, I tried to remake.staccess, didnt help.
I verified pathname, didnt help.

I wrote in a working username and pass manually with encryption of course, didnt help.

I did more variations of the same thing, Only thing that has me curious if this could be a problem. In the path, there is his sites name like /home/www/mysite.com/.staccess

Could the .com make any problems like to verify its not a url sentinel strips it?

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Depends on whether .com is in the root path. Usually, it's not, but is on some servers. Typically, that is the account name, rather than the domain, e.g.

/home/www/account/.staccess

scorpious · Posted: Tue Jul 25, 2006 4:45 pm

Many thanks to all that has helped with this problem. Darklord, Thank you for your time and help Cheers

Its 23.46 umm time for bed

Scorp

gregexp · Posted: Tue Jul 25, 2006 5:06 pm

kguske normally is correct, But I have never seen this and according to the function realpath, it displays a domain.com instead of username unless that is his username.

Any ideas on if it tests it?

scorpious · Posted: Thu Jul 27, 2006 3:40 am

Hi All

Has we cannot get CGIAuth towork could this be a problem with the website Hoster??. Our website is for a little Clan and a module I wish to use is called SQuery, the new version has been patched due to a security hole in the code, however the new version requires the following:
php_flag register_globals Off

We was told in the SQuery forum the following:
the new files will read a 4.5c and it takes care of the secruity hole in php 5, also it locks down phpnuke and turns off globals

Could this affect the CGIAUth login? once installed.

Scorp

montego · Posted: Thu Jul 27, 2006 8:22 am

It was either one of the later 2.4.2 plX patches or the latest 2.5.0 of NukeSentinel where I thought that I had saw notes about it fixed an issue for sites where register globals is turned off. However, CGIAuth, if your host allows it, should have worked just fine.

Yes, I would check if your host allows CGIAuth.

Also, had you by chance changed the NukeSentinel crypt salt field? One should be allowed to change this and re-generated the .staccess file, but I had problems with this in a previous release of NukeSentinel. (However, not 100% if it was MY issue vs. NS.) If you did, you might want to change it back to N$, regenerate and see if you can get it to work then (just a "shot in the dark").

scorpious · Posted: Thu Jul 27, 2006 12:25 pm

Hi Montego

No, the NukeSentinel crypt salt field is set at N$ and has not been changed, I have asked my provider about this and is awaiting a reply.

Update:

I have been in touch with my provider: this is what was said by ticket.

Me:
I am trying to activate CGIAuth in phpnuke, its another securty layer for the admin. We are unable to get this too work. Do you allow CGIAuth?

Reply:
For your first question could you please provide us with some more information and explain if you get any particular error while trying to use the module or while installing it?

'Module, lol' <<< thats me when reading it.

Reply from Me:
Please find attached a txt file explaining CGIAuth setup, I copied and pasted the instructions into a text file and sent it too them.

Reply:
I reasd that instruction but I could not quite understand your concern - can you please provide me with some more details about what exctly do you need in order for the NukeSentinel to run properly.

By the way - ther is something that you need to correct in the provided lines that go in the .htaccess:

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>

<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/www/xxxxxxxxxxxx/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------

Best Regards,
Boby

The lines above are exact as me and darkload had got.

my last reply was:
Do you allow this on the server as we can not get it to work, when we try to login to the admin section using the CGIAuth it does not allow us and stops us after 3 attempts, so, do you allow this, is there something stopping it from working on the serverside.

Phew!! lets see what they say

Update2:

Reply from provider:
I have checked with our administrators and they reported that there should be no problem with using these functions in your .htaccess file.

Raven has e-mailed me, he is now having a look for us. Finger crossed.

Scorp

Raven · Posted: Thu Jul 27, 2006 9:24 pm

Just got involved with this and it is resolved. John, I also updated your NukeSentinel(tm) version to 2.5

For everyone's edification, you need to be aware that many hosts use alias' for the paths. realpath() will show the alias but for real access you have to know the real path (not the alias). The simplest way to verify what the host system uses/needs is to use their own control panel to password protedt a folder. Then just look at the .htaccess file to get the REAL path Smile

In this case it was
/home/users/USERNAME/www/USER_DOMAIN/.staccess
and not
/home/www/USER_DOMAIN/.staccess

gregexp · Posted: Thu Jul 27, 2006 9:54 pm

Glad to see this resolved and thank you for the lesson RAVEN.

RavensScripts

scorpious · Posted: Fri Jul 28, 2006 1:01 am

Morning All

Its a lovely Morning here (UK) sun is out, blue sky, what a great start to the day. I am going to stick my head out the window and shout "MORNING ALL, RAVEN DID IT AGAIN", Umm better not just incase they come and take me away.

Many thanks to all that have helped and given advise over the past few days.
Raven we will be making a donation within the week.

NUMBER 1 Help and support RavensScripts

Right better have a shower then get too work.

Many thanks

Scorp

montego · Posted: Fri Jul 28, 2006 7:17 am

Ditto that Raven! You Da Man!

worship

Guardian2003 · Posted: Fri Jul 28, 2006 11:47 am

OK who was the smart Alec that woke me up this morning shouting out his bedroom window?
Sheesh, as if it isn't hard enough to sleep in this heat. Am I glad I'm moving to Germany!

Raven · Posted: Fri Jul 28, 2006 7:07 pm

Guardian2003 wrote:

OK who was the smart Alec that woke me up this morning shouting out his bedroom window?
Sheesh, as if it isn't hard enough to sleep in this heat. Am I glad I'm moving to Germany!

So how much more of a time zone difference will we now have?

Guardian2003 · Posted: Sat Jul 29, 2006 1:29 am

That will take me to about GMT +1 hour instead of GMT -1 hour (if my calculation is correct, it essentially brings me 2 hours closer to 'your' time).

scorpious · Posted: Sat Jul 29, 2006 12:04 pm

I know your 1 hour ahead of the uk in Germany, just thought I pop that in, lol

West Midlands here Guardian, You ?

Scorp