Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
shawn_himself
Hangin' Around


Joined: May 28, 2006
Posts: 40

PostPosted: Wed Jul 05, 2006 4:50 pm Reply with quote

im lookin for a way to "fix" my link to my admin panel from my admin block ( when i log into my site as admin )

first just to clarify what i have done

i have renamed my admin.php in my root

to

for ex. test.php

so if i go to Only registered users can see links on this board! Get registered or login! i get a page cannot be displayed. ( just like i should get )

i have now have to go to Only registered users can see links on this board! Get registered or login! to access my admin panel.

now , my question is how can i edit my admin block ( where you access admin panel , shortcut to post new storys etc ) to reflect this change ? so when i click on "admin." it takes me to
Only registered users can see links on this board! Get registered or login!

and not
Only registered users can see links on this board! Get registered or login!


i have searched a few threads on this topic but didnt really find an answer. thank you
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Wed Jul 05, 2006 4:54 pm Reply with quote

Depending on your Nuke version, the admin block is defined in the mainfile or as a standalone block file.

If you're using HTTP admin authentication, there's really no need to rename your admin file, though, since that quite effectively blocks XSS attacks (which is the main reason you want / need to rename your admin file).

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Wed Jul 05, 2006 4:57 pm Reply with quote

This would only be an issue if admin.php is hard coded. All references should actually be to the variable '$admin_file'
The file in question, should be blocks/block-Modules.php

If you have any hard coded references to admin.php in there post it along with a couple of lines either side and I'll post the correction.
 
View user's profile Send private message Send e-mail
shawn_himself
PostPosted: Wed Jul 05, 2006 5:13 pm Reply with quote

well i started thinking on this a lil bit more after reading gaudian's post. you gave me an idea to fix this quick. i kind of cant belive i didnt think of this before lol. i knew their was a reason this forum community rocks lol

i just created a new html block and added the url to my admin panel to reflect the change. i guess this will work as good as anything else.

and yes , the viewing permission for this block is admins only lol. but i wanted to ask you buke gods if this would be safe/ you recommend this ?

thanx guys
 
Guardian2003
PostPosted: Wed Jul 05, 2006 5:19 pm Reply with quote

It seems I took too long typing and kguske reponded before me. For the record, kguske is perfectly correct and indeed, his is the better response because renaming the admin file can actually cause you problems with some older modules/blocks as the reference to admin.php may well still be hard coded, so it is worth keeping that in mind if you install something that falls over when accessing its admin area.
 
shawn_himself
PostPosted: Wed Jul 05, 2006 5:39 pm Reply with quote

i see , well i guell ill change it back lol .


thanks again
 
krubach
New Member
New Member


Joined: Jun 15, 2006
Posts: 19

PostPosted: Wed Jul 26, 2006 5:24 am Reply with quote

I have just installed a fresh new RavenNuke76 2.02.02 .
I renamed the admin.php files to something else and set the $admin_file var to match it.

The Admin block's "administration" link is still pointing to the default "admin.php".

Well, i'm not arguing if renaming is needed or not, but at least the default modules that come with the package should respect the $admin_file var, shouldn't they?

Wink
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Wed Jul 26, 2006 11:23 am Reply with quote

I am not where I can test this, but I believe the admin "block" is in the nuke_blocks table. You may have to use phpMyAdmin to modify the particular record if it is not displayed in the blocks admin for updating. AGain, sorry, just not where I can check if you can modify it in the blocks admin.

It is the only piece that even RavenNuke is not looking at the $admin_file in config because it is SQL data.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
PostPosted: Wed Jul 26, 2006 1:13 pm Reply with quote

I'm not really sure I understand this correctly.
As far as I am aware, there is no 'admin block' file as such (not in the blocks folder any way).
The admin links which appear under the main menu as though they are in a left block are actually coded in mainfile.php within the function admin_block()

The 'block' that forms the main menu links is blocks/blocks-Modules.php
I do not have to hand a copy of your version, would you mind doing a search for admin.php in both of those files to see if there is any instances?
I have not found any in the copy we use for development so it may have been fixed already for the next release.
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Wed Jul 26, 2006 2:57 pm Reply with quote

I checked some of the older versions and its $admin_file.

<a href=\"".$admin_file.".php?op=submissions\">

Youll find this to be the case in the mainfile but this has me baffled right now. He's right, Somewhere the $admin_file is getting redefined where it shouldnt and being constantly set to admin
I'll continue to investigate this.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
gregexp
PostPosted: Wed Jul 26, 2006 4:18 pm Reply with quote

Now that I finally saw what was going on.

I added some code to the mainfile.

Add this before function adminblock()

Code:
function update_admin_block(){

        global $prefix, $db, $admin_file, $display_errors;
        $sqlx = "UPDATE `".$prefix."_blocks` SET `content` = '<strong><big>·</big></strong>
         <a href=\"".$admin_file.".php\">Administration</a><br> <strong><big>·</big></strong>
         <a href=\"".$admin_file.".php?op=adminStory\">NEW Story</a><br> <strong><big>·</big>
         </strong> <a href=\"".$admin_file.".php?op=create\">Change Survey</a><br> <strong>
         <big>·</big></strong> <a href=\"".$admin_file.".php?op=content\">Content</a><br>
         <strong><big>·</big></strong> <a href=\"".$admin_file.".php?op=logout\">Logout</a>'
          WHERE `bid` =2 LIMIT 1 ;";
           stripslashes($sqlx);
          $test=$db->sql_query($sqlx);
          if (!$test AND $display_errors == true){
                  echo mysql_error();
                  }
                    }



Then in function adminblock
Add this to the line right below the globals


Code:
update_admin_block();


This will automatically update the administration block for you.

BTW there are 2 blocks for administration, one is set in mainfile, the other is set in blocks table.

I hope this helps your delema.
 
montego
PostPosted: Wed Jul 26, 2006 7:23 pm Reply with quote

darklord, thanks for this. I was eluding to the record in the nuke_blocks table and you have posted the other "missing link". Smile

Just so everyone knows this has already been corrected in mainfile.php for the next release of RavenNuke. Problem is now for the SQL installer. It currently does not do this $admin_file replacement. And, to be honest, many people will not even be thinking of changing their admin file name up-front in their database installation process, so not sure a chance to the installer will benefit us much. I am thinking a code change needs to be made to where this block is being rendered to replace the admin.php with its appropriate substibute.

I'll add that to our bug tracker as a to do for future release consideration.
 
gregexp
PostPosted: Wed Jul 26, 2006 8:07 pm Reply with quote

This was fixed? Previously I mean

I just made that to update in the event they change it at anytime.

If it wasnt, Glad to help.
 
montego
PostPosted: Wed Jul 26, 2006 8:09 pm Reply with quote

Quote:

This was fixed? Previously I mean


It is fixed only in our code repository for the next release which is 2.10.00... at least for mainfile.php. But, I am going to look into getting the other block rendered properly!
 
gregexp
PostPosted: Wed Jul 26, 2006 8:15 pm Reply with quote

Ahh that one does, already update properly.

The only one that didnt update was the one stored in the database.

Thats why I wrote that function.
 
montego
PostPosted: Wed Jul 26, 2006 10:10 pm Reply with quote

Quote:

Thats why I wrote that function.


I will take a look at this a bit closer. If it gets into RavenNuke you can bet I'll be crediting you for the approach! Wink

Thanks again!
 
gregexp
PostPosted: Wed Jul 26, 2006 10:21 pm Reply with quote

Would be awesome. But to be honest, I wouldnt need credit, Its a very simple code and anyone who knows anything bout php-nuke would have been able to make that code work.

Probably a problem that was never addressed before.

I'm glad to help in the community where I can.
 
montego
PostPosted: Wed Jul 26, 2006 10:32 pm Reply with quote

Quote:

Its a very simple code and anyone who knows anything bout php-nuke would have been able to make that code work.


All of nuke is built on little snipets of simple code... Wink
 
gregexp
PostPosted: Wed Jul 26, 2006 10:42 pm Reply with quote

We are officially off topic so to close this, Montego I'd be honored to have credit given to me for this but absolutley by no means is it necessary.

I'm glad I could help and thats all I need.
 
montego
PostPosted: Sat Jul 29, 2006 1:56 pm Reply with quote

Ok, I have nothing against given you credit Darklord, but I decided to fix this a different way. ROTFL

=== OPEN FILE ===

mainfile.php

=== FIND CODE ===

Code:


function adminblock() {
   global $admin, $prefix, $db, $admin_file;
   if (is_admin($admin)) {
      $sql = 'SELECT title, content FROM '.$prefix.'_blocks WHERE bkey=\'admin\'';
      $result = $db->sql_query($sql);
      while (list($title, $content) = $db->sql_fetchrow($result)) {
         $content = '<span class="content">'.$content.'</span>';
         themesidebox($title, $content);
      }


=== REPLACE WITH ===

Code:


function adminblock() {
   global $admin, $prefix, $db, $admin_file;
   if (is_admin($admin)) {
      $sql = 'SELECT title, content FROM '.$prefix.'_blocks WHERE bkey=\'admin\'';
      $result = $db->sql_query($sql);
      while (list($title, $content) = $db->sql_fetchrow($result)) {
         $content = str_replace('admin.php',$admin_file.'.php',$content); //RN0000274
         $content = '<span class="content">'.$content.'</span>';
         themesidebox($title, $content);
      }


The only reason I did this is that I hate making additional DB calls, especially updates, if it is not absolutely necessary. The str_replace function is very fast and the data it is operating on is minimal.

Now, I will admit that this bit of code is not 100% full-proof, but folks rarely change that HTML in the nuke_blocks table and even if they did, they would most likely copy the pattern of a previous line.

NOTE: The code listed here might be slightly different than 2.02.02 as we fixed indentation and replaced most string definitions from using double-quotes to single-quotes (quite a bit faster in the long run). The replacement code will NOT hurt a 2.02.02 installation.

Regards,
montego

P.S. This is in the code tree now for RN 2.10.00.
 
gregexp
PostPosted: Sat Jul 29, 2006 8:53 pm Reply with quote

I like that Laughing

buffer the contents, change certain words then put it on display, NICE.

didnt think of that


But shouldn't it be
$content = str_replace('admin.php',$admin_file'.php',$content);

There was a period at the end of $admin_file,
I could be wrong.
 
montego
PostPosted: Sun Jul 30, 2006 8:03 am Reply with quote

No, what I have posted is correct. If you look at the core nuke distro, $admin_file = "admin". No period. Removing that in my code will also break the string concatenation.
 
gregexp
PostPosted: Sun Jul 30, 2006 9:55 am Reply with quote

Ahh, that part I thought was covered by the .php.

Have you tested this, I'm trying it and its not working. weird.
 
montego
PostPosted: Sun Jul 30, 2006 10:02 am Reply with quote

Yes I have tested and it works. Are you 100% certain you are using my code (edited: with single quotes - i.e., exactly as posted). The code you posted will not work.
 
gregexp
PostPosted: Sun Jul 30, 2006 10:10 am Reply with quote

You are absolutley right and I'm sorry if I came accross kinda rude, My goal wasnt to point something at you, but to figure out why mine wasn't working.

I finally got it, Kept trying to run str_replace with a variable assigned to it.

like this

<?php

$ab='tom has a bike' ;
$bite = 'home';
str_replace( 'bike', $bite.'.php', $ab);
echo $ab;

?>

Then I saw the errors of my ways and did this

<?php

$ab='tom has a bike' ;
$bite = 'home';
$ab = str_replace( 'bike', $bite.'.php', $ab);
echo $ab;

?>

I always test code stand alone before I apply it to nuke or anything big like that.

montego thank you, This helped me to learn how to use this function more properly then I had been.

You RULE RavensScripts
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©