Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Audioslaved
Regular
Regular


Joined: Nov 15, 2003
Posts: 53
Location: Hawaii and the Fan Forum

PostPosted: Sat Jun 19, 2004 12:22 am Reply with quote

Per my SESSIONS thread and mainfile tweak suggestion thread I have come up with the following spped hack for the mainfile.php. Since my site is being DOS'd, I have been unable to test all of it, but a majority has already been tested prior to my site going down.

I will put up the 7.0 one which can be used for 7.0 - 7-3. (No change in the coding at all)

I just need a few to test this, I plan on releasing for versions from 6.0 - 7.3, the hacks are packaged, just awaiting testing.

Please create a backup of your existing prior to doing this, you have been warned Wink

A little background on this for those interested: While implementing a home-brewed sessions solution on gt.audioslaved.com for admin and user authentication and authorization, i noticed that the mainfile was a fat hog that needed to be trimmed. While looking at my phpbb source code one evening trying to find the missing piece to integrate my home-brewed session with phpbb, I noticed the use of constants as defining authorization variables (i.e ADMIN stuff like that), this is perfect I thought to myself, no way to define outside of script, at scripts end, they are gone. Cracker's cannot define constants with register globals, and the most important factor being it wasn't associated with register globals.

Previously my limited nuke/php experience only thought of constants associated with language files (define("_blah", "Blah!") is creating a constant _blah. The use of constants proved to work great for me and I thought with other things I recently discussed I would offer a speed hack for all of you. Here it is, feel free to debug and test out and let me know how it works, you will see an increase in speed, guarantee'd

Code:


NExtGEn Nuke Speed Hack by Bill Murrin Audioslaved http://gt.audioslaved.com)
Open Mainfile.php

#
#---------[ FIND ]-------------------------------
#

foreach ($_GET as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
   (eregi("\"", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}

foreach ($HTTP_GET_VARS as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\"", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}

foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}

if (eregi("mainfile.php",$_SERVER['PHP_SELF'])) {
    Header("Location: index.php");
    die();
}

if ($forum_admin == 1) {
    require_once("../../../config.php");
    require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
    require_once("../../config.php");
    require_once("../../db/db.php");
} else {
    require_once("config.php");
    require_once("db/db.php");
    /* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
    /* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
    require_once("includes/sql_layer.php");
    $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

#
#---------[ REPLACE WITH ]------------------------
#

if (eregi("mainfile.php", $_SERVER['PHP_SELF'])) {
    Header("Location: index.php");
    die();
}

     if ($forum_admin == 1) {
     require_once("../../../config.php");
     require_once("../../../db/db.php");
     } elseif ($inside_mod == 1) {
     require_once("../../config.php");
     require_once("../../db/db.php");
     } else {
     require_once("config.php");
     require_once("db/db.php");
     /* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
     /* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
     require_once("includes/sql_layer.php");
     $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
     }

     $speedHackAdminBypass = 1; //Set to 1, will say that admins don't have to do this, You Can Add HTML-Based Blocks Freely Again! :)
     if ($speedHackAdminBypass == 1) {
          if (! is_admin($admin)) {
               if (isset($_REQUEST)) {
                    foreach ($_REQUEST as $secvalue) {
                         if (eregi("(<\s*(object|onmouseover|script|iframe|applet|meta|style|form|img|([^>]*)javascript)[^>]*>)", $secvalue)) {
                         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not
allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
                         }
                    }
               } else {
                    foreach ($_GET as $secvalue) {
                         if (eregi("(<\s*(object|onmouseover|script|iframe|applet|meta|style|form|img|([^>]*)javascript)[^>]*>)", $secvalue)) {
                         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not
allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
                         }
                    }
                    foreach ($_POST as $secvalue) {
                         if (eregi("(<\s*(object|onmouseover|script|iframe|applet|meta|style|form|img|([^>]*)javascript)[^>]*>)", $secvalue)) {
                         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not
allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
                         } 
                    }
               }
          }
     } else {
          if (isset($_REQUEST)) {
               foreach ($_REQUEST as $secvalue) {
                    if (eregi("(<\s*(object|onmouseover|script|iframe|applet|meta|style|form|img|([^>]*)javascript)[^>]*>)", $secvalue)) {
                    die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not
allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
                    }
               }
          } else {
               foreach ($_GET as $secvalue) {
                    if (eregi("(<\s*(object|onmouseover|script|iframe|applet|meta|style|form|img|([^>]*)javascript)[^>]*>)", $secvalue)) {
                    die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not
allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
                    }
               }
               foreach ($_POST as $secvalue) {
                    if (eregi("(<\s*(object|onmouseover|script|iframe|applet|meta|style|form|img|([^>]*)javascript)[^>]*>)", $secvalue)) {
                    die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not
allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
                    } 
               }
          }
     }


#
#---------[ FIND ]-------------------------------
#

function is_admin($admin) {
    global $prefix, $db;
    if(!is_array($admin)) {
   $admin = addslashes($admin);
   $admin = base64_decode($admin);
   $admin = explode(":", $admin);
        $aid = "$admin[0]";
   $pwd = "$admin[1]";
    } else {
        $aid = "$admin[0]";
   $pwd = "$admin[1]";
    }
    if ($aid != "" AND $pwd != "") {
        $aid = substr("$aid", 0,25);
        $result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
   $row = $db->sql_fetchrow($result);
   $pass = $row['pwd'];
   if($pass == $pwd && $pass != "") {
       return 1;
   }
    }
    return 0;
}

#
#---------[ REPLACE WITH ]------------------------
#

function is_admin($admin) {
    global $prefix, $db;
   
     if (! defined('ADMIN_NOT_SET')) {
          if (! defined('ADMIN_SET')) {
          $admin = $_COOKIE['admin'];
       $admin = addslashes($admin);
     $admin = base64_decode($admin);
     $admin = explode(":", $admin);
          $aid = "$admin[0]";
          $pwd = "$admin[1]";
   
               if ($aid != "" AND $pwd != "") {
               $aid = substr("$aid", 0,25);
          $row = $db->sql_fetchrow($db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'"));
          $pass = $row['pwd'];
               if($pass == $pwd && $pass != "") {
                    define('ADMIN_SET', '1');
               return 1;
               }
               }
               define('ADMIN_NOT_SET', '1');
               return 0;
          } else {
          return 1;
          }
     }
     return 0;
}

#
#---------[ FIND ]-------------------------------
#

function is_user($user) {
    global $prefix, $db, $user_prefix;
    if(!is_array($user)) {
   $user = addslashes($user);
   $user = base64_decode($user);
   $user = explode(":", $user);
        $uid = "$user[0]";
   $pwd = "$user[2]";
    } else {
        $uid = "$user[0]";
   $pwd = "$user[2]";
    }
    $uid = addslashes($uid);
        $uid = intval($uid);
    if ($uid != "" AND $pwd != "") {
        $result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
   $row = $db->sql_fetchrow($result);
   $pass = $row['user_password'];
   if($pass == $pwd && $pass != "") {
       return 1;
   }
    }
    return 0;
}

#
#---------[ REPLACE WITH ]------------------------
#

function is_user($user) {
    global $db, $user_prefix;

     if (! defined('USER_NOT_SET')) {
          if (! defined('USER_SET')) {
          $user = $_COOKIE['user'];
     $user = addslashes($user);
     $user = base64_decode($user);
     $user = explode(":", $user);
          $uid =  addslashes(intval($user[0]));
     $pwd = "$user[2]";   
               if ($uid != "" AND $pwd != "") {
          $row = $db->sql_fetchrow($db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'"));
          $pass = $row['user_password'];
               if($pass == $pwd && $pass != "") {
                    define('USER_SET', '1');
               return 1;
               }
               }
               define('USER_NOT_SET', '1');
               return 0;
          } else {
          return 1;
          }
     }
     return 0;
}


#
#---------[ FIND ]-------------------------------
#

function is_group($user, $name) {
    global $prefix, $db, $user_prefix;
    if(!is_array($user)) {
   $user = addslashes($user);
   $user = base64_decode($user);
   $user = explode(":", $user);
        $uid = "$user[0]";
   $pwd = "$user[2]";
    } else {
        $uid = "$user[0]";
        $uid = intval($uid);
   $pwd = "$user[2]";
    }
    if ($uid != "" AND $pwd != "") {
        $result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
   $row = $db->sql_fetchrow($result);
   $pass = $row['user_password'];
   if($pass == $pwd && $pass != "") {
            $result2 = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
       $row2 = $db->sql_fetchrow($result2);
       $points = $row2['points'];
            $result3 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
       $row3 = $db->sql_fetchrow($result3);
       $mod_group = $row3['mod_group'];
            $result4 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
       $row4 = $db->sql_fetchrow($result4);
       $grp = intval($row4['points']);
        if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
      return 1;
       }
   }
    }
    return 0;
}

#
#---------[ REPLACE WITH ]------------------------
#

function is_group($user, $name) {
     global $prefix, $db, $user_prefix;
   
     if (is_user($user)) {
     $cookie = cookiedecode($user);
     $uid = intval($cookie[0]);
     $result2 = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
     $row2 = $db->sql_fetchrow($result2);
     $points = $row2['points'];
     $result3 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
     $row3 = $db->sql_fetchrow($result3);
     $mod_group = $row3['mod_group'];
     $result4 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
     $row4 = $db->sql_fetchrow($result4);
     $grp = intval($row4['points']);
          if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
          return 1;
          }
     }
     return 0;
}

#
#---------[ FIND ]-------------------------------
#

function update_points($id) {
    global $user_prefix, $prefix, $db, $user;
    if (is_user($user)) {
   if(!is_array($user)) {
       $user = addslashes($user);
       $user1 = base64_decode($user);
       $user1 = explode(":", $user1);
           $username = "$user1[1]";
   } else {
           $username = "$user1[1]";
   }
   if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') {
       $id = intval($id);
            $result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
       $row = $db->sql_fetchrow($result);
       $rpoints = intval($row['points']);
       $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE username='$username'");
   }
    }
}


#
#---------[ REPLACE WITH ]------------------------
#

function update_points($id) {
     global $user_prefix, $prefix, $db;

     if (is_user($user)) {
     $cookie = cookiedecode($user);
     $username = trim($cookie[1]);
          if ($db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_groups")) > '0') {
          $id = intval($id);
          $result = $db->sql_query("SELECT points FROM ".$prefix."_groups_points WHERE id='$id'");
          $row = $db->sql_fetchrow($result);
          $rpoints = intval($row['points']);
          $db->sql_query("UPDATE ".$user_prefix."_users SET points=points+" . $rpoints . " WHERE username='$username'");
          }
     }
}

#
#---------[ FIND ]-------------------------------
#

function cookiedecode($user) {
    global $cookie, $prefix, $db, $user_prefix;
    $user = addslashes($user);
    $user = base64_decode($user);
    $cookie = explode(":", $user);
    $result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE username='$cookie[1]'");
    $row = $db->sql_fetchrow($result);
    $pass = $row['user_password'];
    if ($cookie[2] == $pass && $pass != "") {
   return $cookie;
    } else {
   unset($user);
   unset($cookie);
    }
}

#
#---------[ REPLACE WITH ]------------------------
#

function cookiedecode($user) {
     global $cookie;

     if (is_user($user)) {
     $user = $_COOKIE['user'];
     $user = addslashes($user);
     $user = base64_decode($user);
     $cookie = explode(":", $user);
     return $cookie;
     } else {
     unset($user);
     unset($cookie);
     }
}

#
#---------[ FIND ]-------------------------------
#

function getusrinfo($user) {
    global $userinfo, $user_prefix, $db;
    $user = addslashes($user);
    $user2 = base64_decode($user);
    $user3 = explode(":", $user2);
    $result = $db->sql_query("SELECT * FROM ".$user_prefix."_users WHERE username='$user3[1]' AND user_password='$user3[2]'");
    if ($db->sql_numrows($result) == 1) {
       $userinfo = $db->sql_fetchrow($result);
    }
    return $userinfo;
}

#
#---------[ REPLACE WITH ]------------------------
#

function getusrinfo($user) {
     global $userinfo, $user_prefix, $db;

     $cookie = cookiedecode($user);
     $result = $db->sql_query("SELECT * FROM ".$user_prefix."_users WHERE username='$cookie[1]' AND user_password='$cookie[2]'");
     if ($db->sql_numrows($result) == 1) {
     $userinfo = $db->sql_fetchrow($result);
     }
     return $userinfo;
}

_________________
The Audioslave Fan Forum
For the Fans, By the Fans Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Audioslaved
PostPosted: Sat Jun 19, 2004 8:23 am Reply with quote

Glad to see so many Guinea Pigs, Ahem,...... I mean volunteers, grab a number y'all, there are too many trying this, I need you all to stay in a straight line, stop cutting, no stop cutting, it will not get you to the hack any faster Wink

Thats it, I am pulling this hack over unless you guys keep it under control! Wink
 
stephen2417
Worker
Worker


Joined: Jan 18, 2004
Posts: 244
Location: Bristolville, OH

PostPosted: Sat Jun 19, 2004 12:41 pm Reply with quote

Alright I put up a test site for you and it works great so far..

Heres some results..
With it.. 0.046 0.042 0.054 Avg. 0.047
W/o it.. 0.051 0.052 0.061 Avg. 0.055
*Logged in as admin on the home page

Theres are on a fresh install. You can view it here if you like... Only registered users can see links on this board! Get registered or login!

EDIT: If memory serves me right, didnt Paul code that html checking?
If he did then thats one less bit of code we have from him :Jumps for Joy: Very Happy
 
View user's profile Send private message Visit poster's website
Audioslaved
PostPosted: Sat Jun 19, 2004 8:04 pm Reply with quote

I have some idea's on that html checking, I can do much better than that! Mr. Green Testing still commences, I will let you know how that portion of the code turns out, stay tuned!

Glad you were my guinea pig Stephen, appreciate your help Wink
 
stephen2417
PostPosted: Sat Jun 19, 2004 8:18 pm Reply with quote

Audioslaved wrote:
Glad you were my guinea pig Stephen, appreciate your help Wink


Im waiting for your new tap version to come out, ill gladly test it for you if you like.. If I wanted i could make 40 of them test sites, apparently my host tells me i have alot of space Rolling Eyes Rolling Eyes

But glad to help anyways
 
Audioslaved
PostPosted: Mon Jun 21, 2004 8:16 pm Reply with quote

That top part of the code, the first find and replace, take that out and replace it will the original, I have redone the html code and I can tell you that what I had there will leave holes in your site, the admin, user, group stuff is fine, but put the old html checking back in for now! Once I get a few to test the new code out, I will put that in the package instead! Smile

If you want to test it, let me know stephen! Thx

-Bill (Audioslaved)
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Tue Jun 22, 2004 8:28 am Reply with quote

Hiyas Audio was wondering if you have updated NextGen recently and how i can find out which version i have.
 
View user's profile Send private message Visit poster's website
Audioslaved
PostPosted: Tue Jun 22, 2004 1:55 pm Reply with quote

I have just recently released 0.4a, To find out which version you have, if your header.php has this than you are using the version as indicated below:

GT-NExtGEn 0.4 (First few lines of GT-NExtGEn code)
Code:


#Start of Google Tap Header
global $nextgen_name, $prefix, $db;


GT-NExtGEn 0.1 - 0.3 (First few lines of GT-NExtGEn code)
Code:


#Start of Google Tap Header
global $module_name;


If you are using the latter, you are missing out my friend. I would upgrade to 0.4 (Updgrade file(s) included with Manual update or Overwritable update)

Then I would upgrade to 0.4a, this is the same framework which will be used in 0.5. This is kind of like a service release because there hasn't been a release in so long, I wanted to give the NExtGEn users something and 0.4a fixes the problems with some modules not converting (i.e. EDL 2.1, Gallery, etc), let me know if I can be any assistance. See ya CS.

-Bill (Audioslaved)
 
chatserv
PostPosted: Tue Jun 22, 2004 2:22 pm Reply with quote

Seems i have 0.4, i'll grab 0.4a, thanks my friend.
 
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Wed Sep 08, 2004 3:22 pm Reply with quote

Hi

Couple of questions. Is this speed hack still good for 0.4a (as listed above) with Nuke 7.4 patched 2.5?

Next, has anyone noticed that as of today, gt.audioslaved.com won't resolve anymore?

It was working yesterday, but appears to now be offline.

Anyone know what's going on?

Thanks!

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Sep 08, 2004 3:28 pm Reply with quote

I don't know what's up with Bill, but he has been unreachable for several weeks/months. It doesn't sound too good though.
 
View user's profile Send private message
dean
Worker
Worker


Joined: Apr 14, 2004
Posts: 193

PostPosted: Wed Sep 08, 2004 11:30 pm Reply with quote

In Bill's absence several of us ran into problems with GT NEt GEn .4a, nuke 7.3 (2.5 patch) with phbb upgraded to 2.0.10 and audioslaveds speedhack. It was reported that Telli's (Codezwiz) speedhack was preferable, so I tried it and it works fine. Now I hazard to say that nuke 7.3 with patch 2.5 and forum upgrade t0 2.0.10 is essentially nuke 7.4?

BTW, GT NeXTGen Site still resolves but its kinda scarey bumping around guys who are more clueless than me regarding GT. Earth to Bill, we miss ya buddy, come back soon.............
 
View user's profile Send private message
64bitguy
PostPosted: Thu Sep 09, 2004 10:36 pm Reply with quote

dean wrote:
It was reported that Telli's (Codezwiz) speedhack was preferable, so I tried it and it works fine.

BTW, GT NeXTGen Site still resolves but its kinda scarey bumping around guys who are more clueless than me regarding GT. Earth to Bill, we miss ya buddy, come back soon.............


Yeah, I see it started resolving again.. whichi is nice.

I went ahead and tried Bill's speed hack and you are correct, it's fast, but for some reason, my specific forum links are not tapped, I'm looking into the problem.

My question is regarding Telli's (CodezWiz.com) speedhack. I've done extensive searching over there, but can't find this hack. Can you give me a link to that 7.3/Patched 2.5 Speed hack that will work with GT-NextGen 0.4a? I'm running 7.4 with phpbb 2.0.10, but I'm assuming that if it will work with 7.3, it will work with 7.4.

I spotted the one at PortedMods, but that one just caused my whole site to go into the dumper. Any help here would be great!


Thanks!
 
64bitguy
PostPosted: Thu Sep 09, 2004 11:16 pm Reply with quote

UPDATE: Upon investigation, I learned that my modification to the forums/search.php file was causing my forum links to be untapped. I took out my temporary fix (which was related to a problem using the word "Profile" in searching forums, discovered a while back... for information, please see: Only registered users can see links on this board! Get registered or login! ) and repaired this section using Chatserv's latest bug fix and the forum topics now are tapped again.

Now, this led me to tray again to run the gt.audioslaved.com mainfile speedup solution. Unfortunately, for some reason, when you login and are taken to Your_Account, you really aren't logged in (shows you as Anonymous in login box).... I've been forced to once again revert back to being un-sped-up.

The only other problem that I am still having is with Raven's collapsing Forum block. My individual posts that appear there, show up as untapped.

Any help you guys may have on a speed up solution would be great, as without it, my site is like a bad dream (performance wise).

Thanks!
 
dean
PostPosted: Fri Sep 10, 2004 8:33 am Reply with quote

This is where I found Telli's script: Only registered users can see links on this board! Get registered or login!.

I think I ran the collapsing forums block thru the block converter at the GT NextGen site to get it tapped. Let me know if you have any problems with that and I'll post the code I used.


Last edited by dean on Fri Sep 10, 2004 8:39 am; edited 1 time in total 
Raven
PostPosted: Fri Sep 10, 2004 8:36 am Reply with quote

64bitguy wrote:
The only other problem that I am still having is with Raven's collapsing Forum block. My individual posts that appear there, show up as untapped.
Is that happening here also? Give me an example if it is.
 
64bitguy
PostPosted: Fri Sep 10, 2004 9:56 am Reply with quote

It was the block code raven, I changed it and it's fine.

See: Only registered users can see links on this board! Get registered or login!


Last edited by 64bitguy on Fri Sep 10, 2004 10:41 am; edited 1 time in total 
64bitguy
PostPosted: Fri Sep 10, 2004 10:38 am Reply with quote

I ran the above speed hack and I started having a meltdown again.

It seems the first thing to go after applying it is my Your_Account module with the following error being generated at login:

Quote:
Call to undefined function: nav() on line 263


Which as it turns out, is simply nav(1): in my Your_Accounts module.
I cleared my cache and cookies to no avail as the next problem I discovered is that Nuke no longer recognized me from page to page as me, but as anonymous. I could login all I wanted, but the next thing I'd have to do is login again, and again, and always I would immediately become anonymous.

My Site-Info block also saw me as anonymous through the entire process.

I'm assuming that the changes have something against keeping user information and/or the navbar functions.

Next, with or without the change, I have the following problems with GT 0.4a with 7.4 Patched 2.5:

For some reason my GT process of saving the memberlist section of the module to reflect the GT code of "members.html" in the forums menu bar won't stick. I can hit save in admin/modules all day long and it keeps reverting back to the 0 value in the box. This of course is annoying. What is more strange is the database shows the correct value of members.html.

Next, what is extremely bizzare is that when visiting forums.html for the first time in a session, I have SIDs for every page in the forums section beyond forum.html; however, if I do a refresh on the forums page, the SID's go away.
UPDATE: I think the SID problem has been fixed by re-applying this old fix (which is what I was looking for recently but couldn't find: Only registered users can see links on this board! Get registered or login! )

Last but not least, is the fact that I can't have ANY announcements in my forums. If I do, they will be untapped. If I change an announcement to a sticky, it's fine. Figure that one out.

The last thing I'm working on is converting my own "Syndicated News" module to be tapped.

In the meantime, these speed hacks are getting the better or me. It seems they all mess up my ability for nuke to know who I am and to stay logged in.

Any help is appreciated!
Thanks!
 
cprompt
Regular
Regular


Joined: Jun 08, 2004
Posts: 64

PostPosted: Fri Sep 10, 2004 12:48 pm Reply with quote

Tried to Speed hack and noticed no difference on my site Rolling Eyes
 
View user's profile Send private message
Raven
PostPosted: Fri Sep 10, 2004 1:00 pm Reply with quote

First of all, I use the speed hack described at Telli's site. I was one of the contributors and I have no prolems with GT although I am not using NextGEN.

I have tried both speed hacks and I get slightly better results with mine than with Bill's. That in no way means anything, really. There are too many contributing factors to get specific, especially as they are close. Programatically, the one I use should be technically faster as it is using a builtin methodolgy with the static attribute and that approach.
 
64bitguy
PostPosted: Fri Sep 10, 2004 1:15 pm Reply with quote

Okay, I'm game... Can you give me the link to yours Raven?... Err.. nevermind, I just caught the "at telli's site"... I'll go back and try it again.

Thanks
Steph
 
Raven
PostPosted: Fri Sep 10, 2004 1:18 pm Reply with quote

??? It's the same one from Telli's site.
 
64bitguy
PostPosted: Fri Sep 10, 2004 1:44 pm Reply with quote

Okay, it seems the only code I'm having trouble with is:
Code:
function is_user($user) { 

    global $db, $user_prefix;
    static $userSave;
    if (isset($userSave)) return ($userSave);
    if (!is_array($user)) {
        $user = base64_decode($user);
        $user = explode(":", $user);
    }
    $uid = $user[0];
    $pwd = $user[2];
    $uid = intval($uid);
    if ($uid != "" AND $pwd != "") {
        $sql = "SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'";
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $pass = $row['user_password'];
        if ($pass == $pwd && $pass != "") {
            return $userSave = 1;
        }
    }
    return $userSave = 0;
}


For some reason, this section of telli's code is what causes my nuke to lose logged in users. It always sees you as anonymous.

Here's my current code that works without the problem:
Code:
function is_user($user) {

    global $prefix, $db, $user_prefix;
    if(!is_array($user)) {
   $user = base64_decode($user);
   $user = addslashes($user);
   $user = explode(":", $user);
        $uid = "$user[0]";
   $pwd = "$user[2]";
    } else {
        $uid = "$user[0]";
   $pwd = "$user[2]";
    }
    $uid = addslashes($uid);
        $uid = intval($uid);
    if ($uid != "" AND $pwd != "") {
        $result = $db->sql_query("SELECT user_password FROM ".$user_prefix."_users WHERE user_id='$uid'");
   $row = $db->sql_fetchrow($result);
   $pass = $row['user_password'];
   if($pass == $pwd && $pass != "") {
       return 1;
   }
    }
    return 0;
}


Next, After doing all of the updates, (except the one noted above) I noticed that when in forums, I'm still getting a java applet message (about a function from my main page) still loading. If I hit refresh, this problem goes away. I'm still trying to nail down what is causing that from doing these updates.

Thanks
 
Raven
PostPosted: Fri Sep 10, 2004 1:57 pm Reply with quote

Just for grins and giggles, modify
Code:
global $db, $user_prefix;
to
Code:
global $prefix, $db, $user_prefix;
 
64bitguy
PostPosted: Fri Sep 10, 2004 2:06 pm Reply with quote

Yeah, I noticed that one too, and was trying it, but unfortunately, that wasn't it.

Nice catch though.

I'm thinking it's got to have something to do with the:
static $userSave
return $userSave = 1;
But I could be wrong I guess.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©