Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon Jun 04, 2007 3:43 pm Reply with quote

ok..got a mail from a client saying that members that buy a subscription weren't added to the database.
it grabs the money but doesnt add the member to the db.

the guy uses WS Subscription and when the author checked it all out to debug the problem.

it was fixed by commenting out the following :

// Invalid user agent
if($nsnst_const['user_agent']=="none" AND !stristr($_SERVER['PHP_SELF'], "backend.php") AND ($nsnst_const['remote_ip'] != $nsnst_const['server_ip'])) {
echo abget_template("abuse_invalid2.tpl");
die();
}


question now is...
how and why is this suddenly happening..
and would this be ok.
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Thu Jun 07, 2007 7:07 am Reply with quote

<bump>

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Thu Jun 07, 2007 7:19 am Reply with quote

thanks for the bump monty....
i hoped for some feedback on this as sentinel was altered by the ws subscription author.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu Jun 07, 2007 7:50 am Reply with quote

It is hard for anyone to figure this out for you since we don't know what the ws subscription does or how that software works. I'm working on a paypal application that's based off the blocks from the nukescripts network. The general way the "thing" works is that your application sends data (a request) to Paypal with an item to purchase (or subscribe to) and Paypal lets the user charge it to a credit card or bank account, then it sends data back to your site and to a specific application on your site (something like ps_ipn.php which then has the option to process it. This "IPN" program is probably where the database update is failing but you'd need to look at the code to know why. I have Sentinel installed on my site and the IPN program still works successfully.

In terms of the code change, it would be better if the exception could be limited to the specific Paypal item that Sentinel is "objecting" to. Without putting some echoes in, it's hard to tell. It looks like backend.php is given an exemption from the filter and perhaps the paypal program could be given an exemption too rather than commenting the whole block of code out.
 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Thu Jun 07, 2007 7:57 am Reply with quote

agree fkelly, i only know ws subscription by name and thats it..
but im just the advising party in this..
personaly i dont see any harm in excluding the mentioned code but question is..whats next..
 
kevinkap
Involved
Involved


Joined: Apr 22, 2006
Posts: 356

PostPosted: Thu Oct 11, 2007 7:31 pm Reply with quote

What file did he edit that in? I use the same script and it works sometimes and not sometimes.

_________________
Kevin Kappes 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Thu Oct 11, 2007 7:42 pm Reply with quote

No need to modify the file anymore. If you use RN(tm) then set this setting to true in rn_config.php. If you don't use RN(tm) then add this line to config.php.

$bypassNukeSentinelInvalidIPCheck = true;
 
View user's profile Send private message
kevinkap
PostPosted: Thu Oct 11, 2007 7:59 pm Reply with quote

THANKS Raven
 
Raven
PostPosted: Thu Oct 11, 2007 8:57 pm Reply with quote

RavensScripts
 
thewitt
New Member
New Member


Joined: Dec 16, 2007
Posts: 3

PostPosted: Sun Dec 16, 2007 1:31 pm Reply with quote

The rn_config change didn't work for me.

I had to disable the Invalid User Agent check, not the Invalid IP Check.

Once I commented out hte Invalid User Agent check, WS Subscription worked just fine.

Just thought you might like to know.

-t
 
View user's profile Send private message
Raven
PostPosted: Sun Dec 16, 2007 1:41 pm Reply with quote

thewitt1,

Thanks for letting us know of another anomaly. I think you should investigate this further as you are the first one that we know of that has had this issue with a different resolution. Invalid IP checks are more the norm and expected as new IPs are added by the minute/hour/etc. I would not really want people visiting me with an invalid User Agent. That very often means someone is snooping and could be looking for trouble.
 
gotcha
Regular
Regular


Joined: Mar 14, 2005
Posts: 91

PostPosted: Sun Dec 16, 2007 7:36 pm Reply with quote

The problem is, paypal doesn't send a user agent at all, so it is always seen as invalid. Any call to a paypal ipn file will be blocked if mainfile is called(which in turn calls sentinel). My digital shop script runs into this same problem so I have the users make edits to sentinel. Every time sentinel gets updated, the edits have to be made again, which is kind of a pain in the.... I vote for a constant that developers can use to shut it off for paypal IPN's so users aren't tempted to comment it out completely Smile
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Sun Dec 16, 2007 7:48 pm Reply with quote

I use various customized Paypal IPN scripts and I don't have and never have had any problem. So, it is a dependent on how the IPN script is coded. That having been said, I see no reason not to have a configurable setting of some kind. Rather than tailor it specifically to IPN or any specific script/application it should probably be like the $bypassNukeSentinelInvalidIPCheck setting in RavenNuke(tm).
 
thewitt
PostPosted: Sun Dec 16, 2007 8:02 pm Reply with quote

If this were a "switch" configuration variable, then wouldn't it be easy enough for the IPN script file to define the variable and turn off the invalid user test just while it's running? Would that compromise anything else?

-t
 
Raven
PostPosted: Sun Dec 16, 2007 8:17 pm Reply with quote

If you do that then every user would have to know that IPN scripts need that switch. That's going about it in the wrong order imo. You don't want to code scripts around NS. NS needs to be the controller. Also, to avoid code injection we not only set the switches in the config files, we also initialize them in mainfile.php.

Some of this is philosophical and can be coded different ways. You can do whatever you want as a user but for the masses we need to take a broader approach.
 
thewitt
PostPosted: Mon Dec 17, 2007 11:01 am Reply with quote

So when your working IPN scripts come back, what is the value of user agent? How is it you get past this check? Does your IPN script include mainfile.php?

-t
 
Raven
PostPosted: Mon Dec 17, 2007 11:40 am Reply with quote

T,

As soon as I have a spare minute or to I will look them over and get back to you. I'm kind of tied up at the moment.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©