Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
dad7732
RavenNuke(tm) Development Team


Joined: Mar 18, 2007
Posts: 1242

PostPosted: Wed Apr 30, 2008 10:03 pm Reply with quote

Upgraded to .17 and for some reason Admin/Auth is OFF and no way to turn it ON. The only choices are OFF and Admin CGI/Auth.

What happened to ON ?? I don't remember doing anything to change anything. My .staccess file is "good" and contains the user/pass previously used.

Cheers, Jay
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Apr 30, 2008 10:47 pm Reply with quote

If Admin CGI/Auth is the only option then that means that your host is not running PHP as an Apache module and is instead running PHP as a CGI script. This is explained in the Installation guide. Verify with your host how PHP is being loaded.
 
View user's profile Send private message
dad7732
PostPosted: Thu May 01, 2008 6:11 am Reply with quote

It was working with previous versions of Sentinel - .16 and so forth and nothing has changed at my host. The only thing that I've done is to change:

register_globals to OFF

Which I should have done a long time ago but nonetheless I just now did it. I'll try turning it back on to see if that somehow affects it. I doubt it but worth a try anyway.

Cheers, Jay
 
dad7732
PostPosted: Thu May 01, 2008 6:21 am Reply with quote

Well, guess what, that was it. Turning "register_globals" back to ON and then doing an apache restart caused the HTTP ADMIN/AUTH to appear once again and work as intended.

So now what? I turned it back OFF. Better protection with it OFF rather than ON and using ADMIN/AUTH ? Interesting to say the least.

Cheers, Jay
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu May 01, 2008 6:29 am Reply with quote

Just be aware that mainfile does this:

Code:


if (!ini_get('register_globals')) {
    @import_request_variables('GPC', '');
}


So you are effectively going to have register globals on whenever you are running Nuke. And you need it cause a lot of the code relies on it. The RN team is explicitly posting variables as we go through the code but it is far from all done.
 
View user's profile Send private message Visit poster's website
dad7732
PostPosted: Thu May 01, 2008 6:37 am Reply with quote

Ok, I'm sure you know what my next question is. Smile

If the mainfile effectively turns it back on then why doesn't HTTP ADMIN/AUTH work when I have "register_globals OFF" in PHP.INI ?

Cheers, Jay
 
fkelly
PostPosted: Thu May 01, 2008 6:44 am Reply with quote

I suspect that http admin/auth doesn't know anything about mainfile. It is only effectively on within the scope of a page load within RN. If you wrote a stand alone program that didn't access mainfile it would not be on.
 
dad7732
PostPosted: Thu May 01, 2008 6:49 am Reply with quote

Quote:
I suspect that http admin/auth doesn't know anything about mainfile.
I would assume so since turning register_globals to OFF affects admin/auth regardless of mainfile.

I guess if I wanted the added securiy of admin/auth I can accomplish it using the .htaccess file authentication instead.

Cheers, Jay
 
dad7732
PostPosted: Thu May 01, 2008 7:37 am Reply with quote

Uncommenting the authentication section in .htaccess and using that works just fine. Now I can keep register_globals off and still rely on the advantages of the mainfile. Enough brain-cell usage for one day. Smile

Cheers, Jay
 
Raven
PostPosted: Thu May 01, 2008 2:16 pm Reply with quote

This has been documented in the forums just as an fyi Wink .

HTTP Authentication, which is a function of the browser, is not available when register_globals is off. You can't turn register_globals on in a script (mainfile.php) because by the time the PHP interpreter has started the script processing the setting is already activated and can't be changed via script settings.

For security, you really should leave it off, especially with older *nuke scripts, and just use CGI Authentication. The piece of code that Frank mentions is not the same as register_globals. The purpose of import_request_variables has a more limited scope. Here is the intended usage/purpose taken from the PHP manual:

Only registered users can see links on this board! Get registered or login!: imports GET/POST/Cookie variables into the global scope. It is useful if you disabled register_globals, but would like to see some variables in the global scope.
 
dad7732
PostPosted: Thu May 01, 2008 6:22 pm Reply with quote

I only run RN (latest) on my three and soon to be fourth sites and up to date with Sentinel. I am quite happy where I am and really appreciate the continuing education. Hmmm, sounds like another donation coming soon. Smile

Cheers, Jay
 
Raven
PostPosted: Thu May 01, 2008 6:36 pm Reply with quote

Got it - Thanks!

Also, the warning I gave about older *nuke scripts applies to all 3rd party addons Wink
 
dad7732
PostPosted: Sat May 03, 2008 8:36 am Reply with quote

Followup to turning "register_globals" OFF as applies to older scripts.

I came across an addtion to the .htaccess file that will modify the behavior of "register_globals":

php_value register_globals 1

Where 1 = ON 0 = OFF

I have it turned off in my PHP.INI file and adding the above line to .htaccess in my one and only old PHP site turns it back ON for just that site.

Now that the value is OFF in the PHP.INI file, I simply uncommented the lines in .htaccess to use HTTP ADMIN/AUTH even tho not visible in Sentinel.

Now I can have the best of both worlds. All tested and works as intended.

Cheers, Jay
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©