Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v1.x Distro
Author Message
manunkind
Client


Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Tue Nov 29, 2005 4:57 pm Reply with quote

Just one thing:

A stable and secure Photo Gallery
 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Tue Nov 29, 2005 5:41 pm Reply with quote

I'm working on a similar custom distribution, but that is much farther off... Here are the modules I'd include (leaving out all the previously mentioned Raven mods, tweaks, enhancements, blocks; forum enhancements; and the NSN modules, security, etc.):
CNB Your Account
Contact Plus
DisError
Fancy Newsletter
FCKeditor
MSAnalysis
mSearch
nukeSEO (coming soon with Google and regular Sitemaps)
NuCalendar (until something better comes along)
NukeStyles Docs
NukeWrap

I'm looking at replacements for Web Links and Downloads...and a photo gallery. I like Coppermine because it has some features the others do not. But I'd prefer something stable, secure and supported...

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Tue Nov 29, 2005 6:31 pm Reply with quote

This is a tuff question to answer because really it depends on what you invision your release to be?

Do you want it to be a good starting point for people?
Do you want it to be for a group of individuals like clans/gammers, or business?
Do you want it to be a swiss army knife of Nuke?
Do you want it to be everything but the kitchen sink?

We went through and still are with Evo. We even broke our types into 4 different categories. But its hard to define where do you draw the line? Why not include this module or that module? Why not this mod or hack?

Its an endless cycle really unless you define what you are going for. Everyone is going to have different wants and needs.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Nov 29, 2005 9:30 pm Reply with quote

My desire is to not replace phpnuke. It's hard to explain, but I want to leave nuke as much as possible, as nuke. Secure it, yes. But, I am trying to leave a distribution in place that if I leave the scene, for whatever reason, the people who are using it will be able to continue upgrading on their own if/when the next stable release comes out. I also want to make the upgrade path as easy as possible. I also am trying to stay away from addons that you can add on your own with little hardship. I am endeavoring to not alter the base nuke tables as this impacts other addons and/or upgrades. I do not want other aurhors to have to code around what I am supplying, other than for the security features.

For right now, that's the scope of my work.
 
View user's profile Send private message
technocrat
PostPosted: Wed Nov 30, 2005 9:10 am Reply with quote

Hmm, well if you want to leave the upgrade path clear then that seems to knock out adding any mods to the package, right?
 
Raven
PostPosted: Wed Nov 30, 2005 9:16 am Reply with quote

technocrat wrote:
Hmm, well if you want to leave the upgrade path clear then that seems to knock out adding any mods to the package, right?

Not necessarily. I assume you're referring to Forum mods? I'm trying to not modify the tables. Any mod that alters as opposed to adds on will be looked at very carefully.
 
technocrat
PostPosted: Wed Nov 30, 2005 9:23 am Reply with quote

Yes forum mods.

Obviously modules and blocks will most likely carry forward in future versions.

Here is something you can include if you want: Only registered users can see links on this board! Get registered or login!
 
Raven
PostPosted: Wed Nov 30, 2005 9:37 am Reply with quote

Thanks for the permission. Curt's handling the Forum stuff so I know he'll read this.
 
technocrat
PostPosted: Wed Nov 30, 2005 10:13 am Reply with quote

Its not a forum mod, its admin ip lock. It will allow users to lock the forum and nuke admin areas by IP. Just one more level of security you can add.

Also feel free to use anything you want from the Evo package.
 
benson
Worker
Worker


Joined: May 15, 2004
Posts: 119
Location: Germany

PostPosted: Fri Dec 02, 2005 10:25 am Reply with quote

Hi,

one thing very important for me is a 'paging' patch for the News Module to be able to offer all News on my site fore easy access. What I mean is, that the user should be able to go forward and backward, page by page to see all the articles.
I do it by my own (simple) code but everytime I update the News module I have to add it again.
Can you add something like this in the News, no additional module?

Regards, Norbert
 
View user's profile Send private message Visit poster's website
FiLiUsEvAe
Hangin' Around


Joined: Nov 24, 2005
Posts: 36
Location: Netherlands

PostPosted: Fri Dec 02, 2005 2:26 pm Reply with quote

I'd love a gallery but my webhosting doesn't open up safe mode on PHP so I can't use Gallery how about maybe Coppermine? A FlashChat feature would be nice too and yes yes yes I love the Site Visitor block with all the colourful icons (sorry dudes I'm a dudette LOL)

Also for the nuke phpBB it would be nice if the languages were already in there.

Something else that would be nice is a split up sql file. The large SQL file always times out with me so I have to manually take out the country inserts so I can add them later bit by bit.
 
View user's profile Send private message Visit poster's website
technocrat
PostPosted: Fri Dec 02, 2005 2:32 pm Reply with quote

Coppermine would be a no no. The current ported modules are < 1.3.5 that I know of. Anything less than that has a pretty bad whole in it. In fact one of the nastier script kiddies sites is telling members how to hack it in a step by step manaul. Plus telling them to use search engines to find sites that have it. Sad
 
FiLiUsEvAe
PostPosted: Fri Dec 02, 2005 2:33 pm Reply with quote

gawd those scriptkiddies make me puke. Are there any other galleries?
 
technocrat
PostPosted: Fri Dec 02, 2005 2:40 pm Reply with quote

I know. Thats why almost every day I go to where they hang out to see what they are up too. You have to keep an eye on what the new hot thing is for them to screw with and try to head it off.

Here is the lengthy talk we had about galleries for Evo: Only registered users can see links on this board! Get registered or login!
In the end Gallery 2.x won out: Only registered users can see links on this board! Get registered or login!
 
FiLiUsEvAe
PostPosted: Fri Dec 02, 2005 2:41 pm Reply with quote

My webhosting offers stuff like one click site ... they give 3 gallery options (all standalone of course)
- Singapore
- TFT Gallery
- JBC Explorer (more like an explorer than a gallery)

I don't know if they're in PHP but if they are maybe they can be ported / embedded whatever you call it into nuke. Well as I write this I just realise such a thing would be one heck of a job and not just an hour work. Still I believe it's time for new and more galleries for nuke. I only know about Gallery (which doesn't work with everyone depending on the webhosting) and Coppermine (which obviously became one huge security hole).
 
FiLiUsEvAe
PostPosted: Fri Dec 02, 2005 3:27 pm Reply with quote

I'm just wondering ... Technorat wrote that it's hard to draw a line since everyone wants something else;

I really like the idea of a basic ... with a few basic modules and blocks. Next to that it would be nice to have extended packs that totally integrate into the basic.
Like an extended pack for the techies, for the media freaks, for the housewife, for the collector. I don't know ... I know most ppl want their own theme and recreate it or change some pictures and colours. They add modules and blocks they'd like themselves. I think the best you can do is to offer packs which are a little "group" related.

Basically every site running nuke all look the same. Same counts for sites running postnuke or xoop, mambo name one .... It's the themes and added modules that make a slight difference.
 
Raven
PostPosted: Sat Dec 03, 2005 10:14 am Reply with quote

I have received permission to include any NSN (free) scripts that I want to include. Support will be handled here.
 
technocrat
PostPosted: Sat Dec 03, 2005 10:21 am Reply with quote

Ok good.

You had me a bit worried when you said Bob Marion does not allow any of his NSN scripts to be bundled with nuke bundles. Because he gave me the same ok. Smile
 
Raven
PostPosted: Sat Dec 03, 2005 10:27 am Reply with quote

It was meant as more of a generalized statement. I knew if I asked him he would allow me. I just wanted to wait until I had his explicit permission.
 
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Mon Dec 05, 2005 2:40 am Reply with quote

Raven wrote:
My desire is to not replace phpnuke. It's hard to explain, but I want to leave nuke as much as possible, as nuke. Secure it, yes. But, I am trying to leave a distribution in place that if I leave the scene, for whatever reason, the people who are using it will be able to continue upgrading on their own...

Heh! I was hoping you would say that... Very Happy

This thread was starting to give me a headache! Maybe it's just me. I basically work 24 hours a day from Oct-Feb, with a few hours of sleep, here n' there. I know! Poor, baby! But, that's the way it is... This is the first time I've had a chance to cruise around the web since Thursday night, and as I 'speak', this is Sunday night... I think... ROTFL

In this state of chaos, I've been putting together a 'Secure Feedback DSL' module, if you will, in the back of my mind. I've started hacking the 'Feedback' code, and it's coming along well enough, all things considered. Once, I get it nailed down, securing the 'Recommend Us' module will be a piece of cake.

If you don't know what I'm talking about, 'Email Injection' is all the rage right now, with the 'script kiddy' crowd. The 'play' is for them to use your 'Feedback' and 'Recommend Us' mail() forms to launch Spam from your site. Many, many, proggies, including PHP-Nuke are susceptible to these attacks, since everyone basically uses the same generic PHP mail scripts, blah, blah, blah...

So, in view of your statement(s) above, I think 'we' should come up with secure 'Feedback' and 'Recommend Us' modules. I'm 90% done with the 'Feedback' module, and was thinking about:
  1. Rounding out the hacks and releasing them, or...
  2. Starting a thread to discuss these matters and letting everyone participate, e.g. a community thing, you know?
However, as I said, I'm a little short on time right now, so I'm basically working on 'this' alone, as time allows, in the shadows...

Here's a snippet, to whet your appetite, if anyone's interested... Smile

Code:
<?php


/************************************************************************/
/* PHP-NUKE: Web Portal System       
/* ===========================
/*                                                         
/* Copyright (c) 2002 by Francisco Burzi             
/* http://phpnuke.org                                       
/*                                                             
/************************************************************************/
/* Based on php Addon Feedback 1.0                       
/* Copyright (c) 2001 by Jack Kozbial                           
/* http://www.InternetIntl.com                                 
/* Only registered users can see links on this board! Get registered or login!                                         
/************************************************************************/
/* This program is free software. You can redistribute it and/or modify
/* it under the terms of the GNU General Public License as published by
/* the Free Software Foundation; either version 2 of the License.   
/************************************************************************/
/*         Additional security & Abstraction layer conversion         
/*                           2003 chatserv                           
/*      http://www.nukefixes.com -- http://www.nukeresources.com     
/************************************************************************/
/* Secure Feedback DSL 0.2 beta - A VinDSL Hack                       
/* Copyright (c) 2005 by VinDSL                   
/* http://www.Lenon.com                                             
/* Only registered users can see links on this board! Get registered or login!                                 
/*                                                     
/*Validation code/concept: http://www.ilovejackdaniels.com
/************************************************************************/

if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
    die ("You can't access this file directly...");
}

require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);

define("_SUBJECT","Subject");
define("_FBENTERSUBJECT","ERROR: Please enter a subject!");
define("_FBRENTEREMAIL","ERROR: Please enter a valid Email!");

/**********************************/
/* Configuration     
/*                           
/* You can change this:         
/* $index = 0; (right side off)
/**********************************/
$index = 1;
/**********************************/

include("header.php");

function check_email_address($sender_email) {
    // <<MOVE THIS OUT OF THE VALIDATION SECTION>>>
    // Check for bad input, such as linefeed and carriage return characters et cetera
    if (eregi("(Content-Type)|(MIME-Version)|(Content-Disposition)|(\n)|(%0A)|(0x0A)|(\r)|(0x0D)|(%0D)|(to:)|(cc:)|(bcc:)", $sender_email)) {
    // Email invalid because of bad input
    die("bad address");
    // return false;
    }
    // First, we check that there's only one @ symbol, and that the lengths are right
    if (!ereg("[^@]{1,64}@[^@]{1,255}", $sender_email)) {
    // Email invalid because of wrong number of characters in one section, or wrong number of @ symbols
    return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $sender_email);
    $local_array = explode(".", $email_array[0]);
    // Check for allowed characters and lengths for parts before the @ symbol
    for ($i = 0; $i < sizeof($local_array); $i++) {
    if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
    return false;
    }
    }
    // Check if domain is IP. If not, it should be valid domain name
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
    // Email invalid because there are not enough parts to domain
    return false;
    }
    // Check for allowed characters and lengths for parts after the @ symbol
    for ($i = 0; $i < sizeof($domain_array); $i++) {
    if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
    return false;
    }
    }
    }
    return true;
}

$cookie[0] = intval($cookie[0]);
if ($cookie[1] != "") {
    $row = $db->sql_fetchrow($db->sql_query("SELECT name, username, user_email FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'"));
    if ($row['name'] != "") {
    $sender_name = $row['name'];
    } else {
    $sender_name = $row['username'];
    }
    $sender_email = $row['user_email'];
}

I guess I don't fit the mold. If I see something I like, I'll take the bull by the horns and turn it into a PHP-Nuke module or block myself. It's more fun that way, but since you asked, I think you ought to add secure 'Feedback' and 'Recommend Us' modules. That's what I plan on doing...

Anyway, just an idea... Cool

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
technocrat
PostPosted: Mon Dec 05, 2005 9:04 am Reply with quote

Might find this helpful, as it should remove your loops. You can use it in a preg_match.

Code:
    //Email defines from bobocop at bobocop dot cz at http://us3.php.net/REGEXPi

    define('REGEXP_EMAIL_ATOM','/[-a-z0-9!#$%&\'*+\/=?^_`{|}~]/i');
    define('REGEXP_EMAIL_DOMAIN','/([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)/i');
    define('REGEXP_EMAIL','/^'.REGEXP_EMAIL_ATOM.'+(\.'.REGEXP_EMAIL_ATOM.'+)*@('.REGEXP_EMAIL_DOMAIN.'{1,63}\.)+'.REGEXP_EMAIL_DOMAIN.'{2,63}$/i');
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Mon Dec 05, 2005 1:57 pm Reply with quote

To VinDSL: Wouldn't using SMTP with authentification be a better approach ie using phpmailer so that several options were available. Rather then reinventing the mail() ?

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
VinDSL
PostPosted: Mon Dec 05, 2005 2:50 pm Reply with quote

sixonetonoffun wrote:
To VinDSL: Wouldn't using SMTP with authentification be a better approach ie using phpmailer so that several options were available. Rather then reinventing the mail() ?

Absolutely!

There's no reason to 'reinvent' the Feedback/Recommend Us modules, IMHO. It's simply a matter of validating the data to make sure the email address(es) conform to RFC 2822. The trick is to 'reinvent' the validator itself, so it recognizes new domains such as '.museum', et cetera.

The only *new* feature I added to the Feedback module was the ability to add info to the 'Subject' line. This, of course, requires that the data be checked for 'bad words', such as "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:", and so forth.

Anyway, like Raven said, the idea should be to take existing code, make it secure from header injections, and be easily updateable in the future, independent of whether or not any of us are still around to support these changes... Wink
 
wraith
Client


Joined: Sep 13, 2003
Posts: 6

PostPosted: Tue Dec 06, 2005 4:04 pm Reply with quote

Ok heres my list, kinda late maybe.

1. NSN Groups
2. NSN Your Account
3. Calender
4. Sommaire Parametable Menu
5. Photo Gallery
6. SPAW
7. Shoutbox
8. IRC chat ( Only registered users can see links on this board! Get registered or login! )
9. HTML Newsletter ( Only registered users can see links on this board! Get registered or login! )
10. Autotheme light

atm those 2 at the top, nsn groups and your account are the most important/urgent ones for me, the 3rd and 4th are kinda important too, and the rest would be really nice to have.

//wraith

EDIT: added sommaire parametable menu Very Happy
EDIT2: removed jpilot.com for pjirc.com which is free (if I'm wrong again I will delete no 8 Very Happy )


Last edited by wraith on Fri Dec 09, 2005 6:17 am; edited 1 time in total 
View user's profile Send private message
Raven
PostPosted: Tue Dec 06, 2005 4:23 pm Reply with quote

#8 isn't open source if I remember right. I have installed it for a few clients and they have always had to purchase it. Or am I zoning again?
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v1.x Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©