Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
m2fnuke
New Member
New Member



Joined: Apr 14, 2004
Posts: 14

PostPosted: Wed Apr 14, 2004 9:47 am Reply with quote

Hello Good Folks,

I have been experimenting with Raven's 7.1 distro(2.0.8 bb patch etc)..so far I like it..
thanx for the good work..

recently I came across m2f (mail to forum) mod for PHBB and started playing with it..after some hickups, I was able to get it working with some quirks for PHPNuke..
please note, m2f is still in beta..

I was wondering if any of the security gurus here can take a look at that mod and see what
could be hardened or improved for PHPNuke??

please visit this thread, my efforts to get the
m2f mod working for PHPNuke.. [ Only registered users can see links on this board! Get registered or login! ]
It seems to be working, but I am a bit worried about any glaring security issues..I feel this is another killer app/mod for PHPNuke/phbb..

TIA
 
View user's profile Send private message
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Wed Apr 14, 2004 11:24 am Reply with quote

I registered at that site but used a email address that is down at the moment by mistake, anyway can you provide a link to the mod in its current state?
 
View user's profile Send private message Visit poster's website
m2fnuke







PostPosted: Wed Apr 14, 2004 11:51 am Reply with quote

chatserv wrote:
I registered at that site but used a email address that is down at the moment by mistake, anyway can you provide a link to the mod in its current state?


are you looking for the current version developed by m2f folks? if so CVS is [ Only registered users can see links on this board! Get registered or login! ]

reading the forums on m2f, use CVS version and not beta1..

am excited, that I could interest one of "the gurus" to review the security of this mod..thanx

HTH
 
chatserv







PostPosted: Wed Apr 14, 2004 12:17 pm Reply with quote

Ok, question though, i take it you are porting this for Nuke, is the one at the link already ported? else i prefer to view the ported one.
 
m2fnuke







PostPosted: Wed Apr 14, 2004 3:26 pm Reply with quote

I tared/gz my working files..am not sure where to upload or send this to..
will be glad to email or upload somewhere..(file size 250k)
please note, I am not a PHP programmer:-)
I did try to comment where ever possible but not my finest work:(
 
m2fnuke







PostPosted: Wed Apr 14, 2004 3:45 pm Reply with quote

scratch the above mesg..

I uploaded the working files on m2f forums..follow the link
[ Only registered users can see links on this board! Get registered or login! ]
 
dean
Worker
Worker



Joined: Apr 14, 2004
Posts: 193

PostPosted: Sat Apr 17, 2004 4:31 pm Reply with quote

Any chance chatserv has finished reviewing the modded files?
 
View user's profile Send private message
chatserv







PostPosted: Sun Apr 18, 2004 6:53 pm Reply with quote

I was away from home for a few days, i will try to finish checking the files as soon as possible, so far i have edited a few mistakes.
 
m2fnuke







PostPosted: Sun Apr 18, 2004 10:46 pm Reply with quote

thanx for taking a look, a quick note Chatserv,

if u haven't already could u check and see these 2 files
m2f_import_msgs.sh and m2f_import_msgs.php under modules/Forums/m2f/
they(m2f_import_msgs.php) run properly when called from the
phpbb admin menu/interface but doesn't get executed or gives errors
when tried via cron or standalone (to automate the mail import instead of
manual import)

TIA
 
m2fnuke







PostPosted: Thu Apr 22, 2004 2:16 pm Reply with quote

chatserv wrote:
I was away from home for a few days, i will try to finish checking the files as soon as possible, so far i have edited a few mistakes.


hello chatserv,
any updates on your review of this mod??
TIA
 
chatserv







PostPosted: Thu Apr 22, 2004 2:21 pm Reply with quote

I will compress and post a link to what i have later today.
 
chatserv







PostPosted: Thu Apr 22, 2004 2:35 pm Reply with quote

Ok, here it is, no major changes were required, i do have my doubts with the files outside of the root dir so i will wait for your feedback.
 
m2fnuke







PostPosted: Thu Apr 22, 2004 3:39 pm Reply with quote

chatserv wrote:
Ok, here it is, no major changes were required, i do have my doubts with the files outside of the root dir so i will wait for your feedback.


can't download the ZIP from above link..
am not sure if it's on my end or nukeresources.com is unreachable?? please advise..thanx..
 
chatserv







PostPosted: Thu Apr 22, 2004 4:47 pm Reply with quote

[ Only registered users can see links on this board! Get registered or login! ]
 
HauntedWebby
Involved
Involved



Joined: May 19, 2004
Posts: 363
Location: Ogden, UT

PostPosted: Tue Sep 21, 2004 11:26 am Reply with quote

Hey Chat you ever get this to work? I'd really like to be able to do this. And I'll pay for the script!!!

_________________
--Webby-- 
View user's profile Send private message Send e-mail
eak
New Member
New Member



Joined: Nov 11, 2004
Posts: 16

PostPosted: Mon Dec 06, 2004 10:27 pm Reply with quote

HauntedWebby wrote:
Hey Chat you ever get this to work? I'd really like to be able to do this. And I'll pay for the script!!!


If someone can package m2f beta 3 for phpNuke Ill donate $20.00 immediately.

Thanks!

_________________
EAK specs (OS / Apache / MySQL / PHP / PHPNuke)
FedoraCore2 2.6.5-1.358smp/httpd-2.0.50-2.1/mysql-3.23.58-9/PHP 4.3.8/PHPNuke7.5 
View user's profile Send private message Send e-mail Visit poster's website
eak







PostPosted: Tue Jan 04, 2005 3:20 pm Reply with quote

chatserv wrote:
http://66.186.76.252:81/%7Edante/files/m2f-phpnuke.zip


Howdy!

In the gzip the README-FOR-PHPNuke.txt says:
1. These contain modified files for m2f to work with
PHPNuke 7.1/phbb2.0.8 patched version(Raven's Distro)
2. follow instructions under docs/install.txt and docs/m2f_phpbb20x.txt

try checking this following link for any additional info.. [ Only registered users can see links on this board! Get registered or login! ]

The install.txt starts by saying:
Code:


HOW TO INSTALL
--------------

* Copy the whole M2F directory to the root of your phpBB installation. For example, if your phpBB
 is installed in a directory named phpBB2/, copy the M2F directory to phpBB2/m2f.

* Copy the files in the m2f/root/ directory to the corresponding places in your phpBB directory.
For example, if phpBB is installed in phpBB2/, copy the file phpBB2/m2f/root/admin/admin_m2f.php
to phpBB2/admin/admin_m2f.php, and so on.

NB: If you use PNphpBB2, you have to copy the template files to:  m2f/root/templates/PNTheme/

* Copy the file <phpBB_root_dir>/m2f/m2f_config.php.dist to <phpBB_root_dir>/m2f/m2f_config.php,
and optionally edit it to your liking. The default configuration should work OK.

* Follow the relevant installation instructions for your forum software version:
   - For phpBB version 2.0.x, follow instructions in the file m2f_phpbb20x.txt


1) I am assuming we extract it to /docroot/modules/Forums/m2f
2) Do we put m2f/root in /doroot or in /docroot/modules/Forums?
3) I believe we have to copy the templates also to /docroot/themes/(themename)/ as well as to /docroot/modules/Forums/templates ??
4) I Followed the steps in m2f_phpbb20x.txt (I still think I also need to make the overall_header.tpl changes in themes/TEMPLATE/forums/overall_header.tpl too (which I have - if I don't Forrum Subscriptions doesn't appear)

Then I go back to the install.txt

Code:


* Go to your phpBB administration panel.
* Click the 'Mailing Lists' tab. Create a new list, with a name of your choice and the list's main email address.

Done
Code:


* At this stage, you can subscribe any number of email addresses to the list. Users can also subscribe and unsubscribe individually at a later date by clickingthe "forum subscriptions" link at the top of the forum pages. (NB: m2f does notyet fully support the use of an external mailing list server. Only the internalmailing list via the subscription page is currently supported.)

this confuses me. The only thing you can subscribe through this panel is valid user ids. I created a new phpNuke account with an email address which I have added as a member to an external mailman mailing list.

Code:


* Click the 'Distribution Lists' tab. Create a new distribution list, binding on
e forum with your newly created mailing list. (NB: At present, m2f can't bind the same channel to more than one distribution list.)

Done

Code:


* Configure the distribution list. Here you can set up the mail transport to beused for incoming mail (i.e. how M2F will access the emails which are sent to the list) and outgoing mail (see below). There are also a number of other configuration options.


I selected Pop. I created a local userid on the server which matches the userid I created in phpNuke. I configured that userid and password in the m2f GUI.

I go to Tools / and click Force Import - it completes without error

I then go to Tools/View Complete Log
Code:


02:43:28 PM 01/03/2005 [M2F] [warning] [/www/kimminau/html/modules/Forums/m2f/m2f_common.php : 194] M2F config table not found (first run?), attempting to build M2F tables
02:43:28 PM 01/03/2005 [M2F] [notice] [/www/kimminau/html/modules/Forums/m2f/m2f_common.php : 199] M2F tables created
03:01:30 PM 01/03/2005 [M2F] [notice] [/www/kimminau/html/modules/Forums/m2f/m2f_handler.php : 1051] Imported 0 messages
04:13:56 PM 01/03/2005 [M2F] [notice] [/www/kimminau/html/modules/Forums/m2f/m2f_handler.php : 1051] Imported 0 messages
04:22:25 PM 01/03/2005 [M2F] [notice] [/www/kimminau/html/modules/Forums/m2f/m2f_handler.php : 1051] Imported 0 messages


I then go to a shell as root and try to manually execute the command defined for the cron job:
Code:


[root@webalias m2f]# pwd
/www/kimminau/html/modules/Forums/m2f
[root@webalias m2f]# ls
db              m2f_config.php       m2f_import_msgs.php  m2f_phpbb20x.txt
docs            m2f_config.php.dist  m2f_import_msgs.sh   root
includes        m2f_forum.php        m2f_mailinglist.php
m2f_common.php  m2f_handler.php      m2f_phpbb204.php
[root@webalias m2f]# ./m2f_import_msgs.sh
PHP Warning:  main(includes/constants.php): failed to open stream: No such file or directory in /www/kimminau/html/modules/Forums/common.php on line 222
PHP Warning:  main(): Failed opening 'includes/constants.php' for inclusion (include_path='../m2f/includes/pear/:.:/php/includes:/www/kimminau/html/includes:/www/oakhurstmi/html/includes:') in /www/kimminau/html/modules/Forums/common.php on line 222
PHP Warning:  main(includes/template.php): failed to open stream: No such file or directory in /www/kimminau/html/modules/Forums/common.php on line 223
PHP Warning:  main(): Failed opening 'includes/template.php' for inclusion (include_path='../m2f/includes/pear/:.:/php/includes:/www/kimminau/html/includes:/www/oakhurstmi/html/includes:') in /www/kimminau/html/modules/Forums/common.php on line 223
PHP Warning:  main(includes/sessions.php): failed to open stream: No such file or directory in /www/kimminau/html/modules/Forums/common.php on line 224
PHP Warning:  main(): Failed opening 'includes/sessions.php' for inclusion (include_path='../m2f/includes/pear/:.:/php/includes:/www/kimminau/html/includes:/www/oakhurstmi/html/includes:') in /www/kimminau/html/modules/Forums/common.php on line 224
PHP Warning:  main(includes/auth.php): failed to open stream: No such file or directory in /www/kimminau/html/modules/Forums/common.php on line 225
PHP Warning:  main(): Failed opening 'includes/auth.php' for inclusion (include_path='../m2f/includes/pear/:.:/php/includes:/www/kimminau/html/includes:/www/oakhurstmi/html/includes:') in /www/kimminau/html/modules/Forums/common.php on line 225
PHP Warning:  main(includes/functions.php): failed to open stream: No such file or directory in /www/kimminau/html/modules/Forums/common.php on line 226
PHP Warning:  main(): Failed opening 'includes/functions.php' for inclusion (include_path='../m2f/includes/pear/:.:/php/includes:/www/kimminau/html/includes:/www/oakhurstmi/html/includes:') in /www/kimminau/html/modules/Forums/common.php on line 226
PHP Warning:  main(db/db.php): failed to open stream: No such file or directory in /www/kimminau/html/modules/Forums/common.php on line 227
PHP Warning:  main(): Failed opening 'db/db.php' for inclusion (include_path='../m2f/includes/pear/:.:/php/includes:/www/kimminau/html/includes:/www/oakhurstmi/html/includes:') in /www/kimminau/html/modules/Forums/common.php on line 227
PHP Fatal error:  Call to undefined function:  encode_ip() in /www/kimminau/html/modules/Forums/common.php on line 239
Content-type: text/html
X-Powered-By: PHP/4.3.10


I "think" this is because of something incorrectly defined in common.php:
Code:


// Begin M2F ----------------------------------------------
if(isset($ModName))
{
  $phpbb_root_path = './modules/' . $ModName . '/';
}
$m2f_root_path = $phpbb_root_path.'m2f/';
require_once($m2f_root_path. 'm2f_phpbb204.php');
// End M2F ----------------------------------------------


I saw a post somewhere that said to make the line for phpbb_root_path read:
Code:


 $phpbb_root_path = '../../../modules/' . $ModName . '/';


but this didn't affect operational status.

Anyone have any ideas?

Thanks!
 
HauntedWebby







PostPosted: Sat Jan 08, 2005 10:24 am Reply with quote

I'm clueless when it comes to to making this work.

But who ever get's it to work I'll throw in $50 for the final product!
 
m2fnuke







PostPosted: Sat Jan 08, 2005 2:16 pm Reply with quote

Progress with m2f beta3
[ Only registered users can see links on this board! Get registered or login! ]

if would be nice if more folks try with nuke and report issues/fixes..
 
chatserv







PostPosted: Sat Feb 05, 2005 11:51 pm Reply with quote

Is your copy saving and reading from the db tables? i was sent a copy (not sure which version) and have had to edit most all files just to get it to display in the subscription page and the admin section but settings and such are still not saved to the db.
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Tue Feb 22, 2005 1:44 am Reply with quote

I have the 'other' version (cm2f) fully working on my test site now with nuke 7.5 without any known execution errors.
Their homepage is at [ Only registered users can see links on this board! Get registered or login! ]

I'm just going through the code again to rectify some urls to graphics which are not displaying but this will be later on in the week due to other work pressures then I can repackage everything with a new installer (just for nuke to alleviate misconfiguration of the install script).

I'm not sure how long this will take me to complete being a relative php virgin but I'm going to try my best to get it out within the next 10 days.

Thanks to digitalgraal for installing and configuring his software on the test site.


Last edited by Guardian2003 on Wed Feb 23, 2005 7:32 am; edited 2 times in total 
View user's profile Send private message Send e-mail
maurice
New Member
New Member



Joined: Feb 11, 2005
Posts: 14

PostPosted: Wed Feb 23, 2005 4:07 am Reply with quote

Hello,

if you are going to use CM2F, then maybe the topic title should be changed to CM2F phpnuke no? Wink

At least it would give credit to the application used and that Danyblue installed and configured on your website Guardian2003.


Salut,

Maurice
 
View user's profile Send private message
Guardian2003







PostPosted: Wed Feb 23, 2005 7:45 am Reply with quote

The original topic title was M2F, I was merely posting this information as there are two very similar pieces of software and thought it might be beneficial information for those have yet to get either working on the ported phpBB for nuke.

I have edited my post to clarify which piece of software I was reffering to and provided a link to the site.
The installation site is a test site and not a live site which I provided at the request of the software author so he could install and test his software on an independant server environment in order to enable collaboration of those interested parties who were trying to get this working with phpnuke.

I hope this clarifies the situation and offers due credit to digitalgraal
 
maurice







PostPosted: Wed Feb 23, 2005 9:47 am Reply with quote

Yes it does:)

From what i have been reading, you are trying to build a new PHPNUKE distribution with a lot of functionalities already built-in, isn't it?
If you need help just tell me. I have been envolved with Danyblue for the last year, so i have some understanding of the code and how it is built.

Salut,
Maurice
 
Guardian2003







PostPosted: Wed Feb 23, 2005 11:11 am Reply with quote

Hi Maurice, no my intention was nothing like at all.
My personal objective is to try to get this software 100% working with phpnuke and as there seems to be some problem with the install script (at the moment), I was thinking that rather than the user editing certain files to prepare the install for phpnuke rather than the other available options (phpBB stand alone, Xoops, PNnuke etc) it might make the installation process easier, at least for those that want to try this software on their nuke site and provide feedback.

From my limited knowledge of php it seems logical to me that if the installation process errors can be eliminated by having a pre-configured install script dedicated for nuke, we could concentrate more on the core functionality/compatibilty of the software and then perhaps revisit the install process at a later date.
As always, I appreciate your feedback, guidance and willingness to help in this area.

I have asked Raven for a dedicated forum to allow those who want to contribute to share their knowledge and idea's as I think this software has huge potential for a lot of people.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©