Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
scorpious
Worker
Worker


Joined: Dec 03, 2005
Posts: 150
Location: West Midlands. United Kingdom

PostPosted: Mon Jul 24, 2006 3:15 pm Reply with quote

Hi all

We have followed how to setup the CGIAuth setup, we have created the God Username and Password for the Admin and for the NukeSentinel Core Functionlity we have set up a separate username and password.

When we click on the CGIAuth Setup it gives us the following information that we copied and pasted into the .htaccess file

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/www/ourwebsitename/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# ------------------------------------------

The login box (restricted by nukesentinel) appears asking for the username and password, we enter the username and password and after 3 attempts we are taken to a page with the following on

This server could not verify that you are authorized to access the URL "/admin.php". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

We have checked the user name and password and they are correct.

Any help on this would be appreciated.

We cannot get httpauth thats why we are using the CGIAuth.

Many thanks

Scorp
 
View user's profile Send private message Yahoo Messenger
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Jul 24, 2006 8:28 pm Reply with quote

Maybe it's a dumb question, but did you create the .staccess file?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
scorpious
PostPosted: Tue Jul 25, 2006 1:58 am Reply with quote

Hi Kguske

No its not a dumb question, We have a .staccess file in side is the following information:

Username:<<hash was removed by admin>>.

I have replaced the login name with username, or was that dumb to say, lol you have to laugh about it or you be jumping out the window, its like Bang Head with this at the moment.

Many thanks

Scorp
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Jul 25, 2006 6:17 am Reply with quote

Guys, I removed the hash from your post. It looked valid, kguske, just so you know.

I am just paranoid when it comes to anything remotely related to passwords, paths, etc. Depending on the password you gave it, this hash could be more easily cracked than you might think. Sorry, just paranoid... been reading too much lately... Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
scorpious
PostPosted: Tue Jul 25, 2006 7:03 am Reply with quote

Hi montego

The hash was the old one, since then we have tried 3 other passwords, lol

Any help would be great

Many thanks

Scorp
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Tue Jul 25, 2006 10:34 am Reply with quote

Have you verified that the path is valid to the .staccess?

save this to a text file and run it

<?php

$test= realpath('.staccess');
echo "$test";


?>

That will show you the exact path to the .stacess but be sure to upload it to the SAME directory that your .staccess is in.

Its recomended that the .staccess also be in the same directory as index.php of your site so if you run Only registered users can see links on this board! Get registered or login! The .staccess should be in path/to/your/domain/nuke. But it does not need to be. Replace /home/www/ourwebsitename/.staccess with whatever that script outputs.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
scorpious
PostPosted: Tue Jul 25, 2006 11:45 am Reply with quote

Hi

Yes the path is valid, we checked it a few times.

However, it will not recognise either the username or password that we have given for Nuke Sentinel in the setup/Configuration for NukeSentinel Core Functionality of Raven76.


Scorpious
 
gregexp
PostPosted: Tue Jul 25, 2006 12:38 pm Reply with quote

Weird, Your positive its written in the correct place? and it all seems valid. Can you do me a favor and contact me via yahoo or msn?
 
scorpious
PostPosted: Tue Jul 25, 2006 2:55 pm Reply with quote

Hi Darklord

PMed you on Yahoo but u never got back to me, scorpious_m was my user name


Scorp
 
gregexp
PostPosted: Tue Jul 25, 2006 3:00 pm Reply with quote

My apologies but dealing with a server that I am feeling more or less left hangin in the wind with and this problem will not go away.
 
gregexp
PostPosted: Tue Jul 25, 2006 3:55 pm Reply with quote

Ok just to fill everyone in here whats going on, I tried to remake.staccess, didnt help.
I verified pathname, didnt help.

I wrote in a working username and pass manually with encryption of course, didnt help.

I did more variations of the same thing, Only thing that has me curious if this could be a problem. In the path, there is his sites name like /home/www/mysite.com/.staccess

Could the .com make any problems like to verify its not a url sentinel strips it?
 
kguske
PostPosted: Tue Jul 25, 2006 4:07 pm Reply with quote

Depends on whether .com is in the root path. Usually, it's not, but is on some servers. Typically, that is the account name, rather than the domain, e.g.

/home/www/account/.staccess
 
scorpious
PostPosted: Tue Jul 25, 2006 4:45 pm Reply with quote

Many thanks to all that has helped with this problem. Darklord, Thank you for your time and help Cheers

Its 23.46 umm time for bed


Scorp
 
gregexp
PostPosted: Tue Jul 25, 2006 5:06 pm Reply with quote

kguske normally is correct, But I have never seen this and according to the function realpath, it displays a domain.com instead of username unless that is his username.

Any ideas on if it tests it?
 
scorpious
PostPosted: Thu Jul 27, 2006 3:40 am Reply with quote

Hi All

Has we cannot get CGIAuth towork could this be a problem with the website Hoster??. Our website is for a little Clan and a module I wish to use is called SQuery, the new version has been patched due to a security hole in the code, however the new version requires the following:
php_flag register_globals Off

We was told in the SQuery forum the following:
the new files will read a 4.5c and it takes care of the secruity hole in php 5, also it locks down phpnuke and turns off globals

Could this affect the CGIAUth login? once installed.

Scorp
 
montego
PostPosted: Thu Jul 27, 2006 8:22 am Reply with quote

It was either one of the later 2.4.2 plX patches or the latest 2.5.0 of NukeSentinel where I thought that I had saw notes about it fixed an issue for sites where register globals is turned off. However, CGIAuth, if your host allows it, should have worked just fine.

Yes, I would check if your host allows CGIAuth.

Also, had you by chance changed the NukeSentinel crypt salt field? One should be allowed to change this and re-generated the .staccess file, but I had problems with this in a previous release of NukeSentinel. (However, not 100% if it was MY issue vs. NS.) If you did, you might want to change it back to N$, regenerate and see if you can get it to work then (just a "shot in the dark").
 
scorpious
PostPosted: Thu Jul 27, 2006 12:25 pm Reply with quote

Hi Montego

No, the NukeSentinel crypt salt field is set at N$ and has not been changed, I have asked my provider about this and is awaiting a reply.

Update:

I have been in touch with my provider: this is what was said by ticket.

Me:
I am trying to activate CGIAuth in phpnuke, its another securty layer for the admin. We are unable to get this too work. Do you allow CGIAuth?

Reply:
For your first question could you please provide us with some more information and explain if you get any particular error while trying to use the module or while installing it?

'Module, lol' <<< thats me when reading it.

Reply from Me:
Please find attached a txt file explaining CGIAuth setup, I copied and pasted the instructions into a text file and sent it too them.

Reply:
I reasd that instruction but I could not quite understand your concern - can you please provide me with some more details about what exctly do you need in order for the NukeSentinel to run properly.

By the way - ther is something that you need to correct in the provided lines that go in the .htaccess:

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>

<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/www/xxxxxxxxxxxx/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------

Best Regards,
Boby

The lines above are exact as me and darkload had got.

my last reply was:
Do you allow this on the server as we can not get it to work, when we try to login to the admin section using the CGIAuth it does not allow us and stops us after 3 attempts, so, do you allow this, is there something stopping it from working on the serverside.

Phew!! lets see what they say

Update2:

Reply from provider:
I have checked with our administrators and they reported that there should be no problem with using these functions in your .htaccess file.

Raven has e-mailed me, he is now having a look for us. Finger crossed.


Scorp
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu Jul 27, 2006 9:24 pm Reply with quote

Just got involved with this and it is resolved. John, I also updated your NukeSentinel(tm) version to 2.5

For everyone's edification, you need to be aware that many hosts use alias' for the paths. realpath() will show the alias but for real access you have to know the real path (not the alias). The simplest way to verify what the host system uses/needs is to use their own control panel to password protedt a folder. Then just look at the .htaccess file to get the REAL path Smile

In this case it was
/home/users/USERNAME/www/USER_DOMAIN/.staccess
and not
/home/www/USER_DOMAIN/.staccess


Last edited by Raven on Fri Jul 28, 2006 8:18 am; edited 1 time in total 
View user's profile Send private message
gregexp
PostPosted: Thu Jul 27, 2006 9:54 pm Reply with quote

Glad to see this resolved and thank you for the lesson RAVEN.

RavensScripts
 
scorpious
PostPosted: Fri Jul 28, 2006 1:01 am Reply with quote

Morning All

Its a lovely Morning here (UK) sun is out, blue sky, what a great start to the day. I am going to stick my head out the window and shout "MORNING ALL, RAVEN DID IT AGAIN", Umm better not just incase they come and take me away.

Many thanks to all that have helped and given advise over the past few days.
Raven we will be making a donation within the week.

NUMBER 1 Help and support RavensScripts
Right better have a shower then get too work.

Many thanks

Scorp
 
montego
PostPosted: Fri Jul 28, 2006 7:17 am Reply with quote

Ditto that Raven! You Da Man!

worship
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Fri Jul 28, 2006 11:47 am Reply with quote

OK who was the smart Alec that woke me up this morning shouting out his bedroom window?
Sheesh, as if it isn't hard enough to sleep in this heat. Am I glad I'm moving to Germany!
 
View user's profile Send private message Send e-mail
Raven
PostPosted: Fri Jul 28, 2006 7:07 pm Reply with quote

Guardian2003 wrote:
OK who was the smart Alec that woke me up this morning shouting out his bedroom window?
Sheesh, as if it isn't hard enough to sleep in this heat. Am I glad I'm moving to Germany!
So how much more of a time zone difference will we now have?
 
Guardian2003
PostPosted: Sat Jul 29, 2006 1:29 am Reply with quote

That will take me to about GMT +1 hour instead of GMT -1 hour (if my calculation is correct, it essentially brings me 2 hours closer to 'your' time).
 
scorpious
PostPosted: Sat Jul 29, 2006 12:04 pm Reply with quote

I know your 1 hour ahead of the uk in Germany, just thought I pop that in, lol

West Midlands here Guardian, You ?

Scorp
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©