Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Enhancement Requests
Author Message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Mon Dec 27, 2004 10:43 am Reply with quote

NP.
 
View user's profile Send private message
Nerd3D
New Member
New Member



Joined: Jan 08, 2005
Posts: 8
Location: California

PostPosted: Sat Jan 08, 2005 9:15 pm Reply with quote

Did anybody ever figure out what causes this:
Code:
Call to a member function on a non-object blah blah in line 284


It seems it might have something to do with globals, but I don't know how to fix the problem. I grow tired of editing my mainfile.php whenever I need to post something fancy.

I tried turning the sanitization bit into a function so it would be an "object" that made no diffrence. Tried adding the same globals the functions calling is_admin() use. No good.

The line the error points to is in the is_admin function, not the html sanitization bit...

Code:
function is_admin($admin) {

    global $prefix, $db;
    if(!is_array($admin)) {
   $admin = base64_decode($admin);
   $admin = addslashes($admin);
   $admin = explode(":", $admin);
        $aid = "$admin[0]";
   $pwd = "$admin[1]";
    } else {
        $aid = "$admin[0]";
   $pwd = "$admin[1]";
    }
    if ($aid != "" AND $pwd != "") {
        $aid = substr("$aid", 0,25);
LINE 284 IS RIGHT HERE>speedtype        $result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
   $row = $db->sql_fetchrow($result);
   $pass = $row['pwd'];
   if($pass == $pwd && $pass != "") {
       return 1;
   }
    }
    return 0;
}


So is the problem that $db or $prefix are not in the same class as the function that calls them?

I guess what ic comes down to is what the heck is a "non object"? Thanks for any help you can offer

PHPnuke 7.4 with MultiShop osCommerce.
 
View user's profile Send private message Visit poster's website
Raven







PostPosted: Sat Jan 08, 2005 9:27 pm Reply with quote

Try executing this query directly in phpMyAdmin
Code:
SELECT pwd FROM PREFIX_authors WHERE aid='AID'


Substitute your prefix for PREFIX and the aid of the admin for AID.
 
Nerd3D







PostPosted: Sat Jan 08, 2005 9:30 pm Reply with quote

Returns a blob of letters and numbers (----------------this long ---------------)
 
Raven







PostPosted: Sat Jan 08, 2005 9:33 pm Reply with quote

Next, change this
Code:
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");

to
Code:
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";

die($sql);
$result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
to see how/if the query is being constructed correctly in nuke.
 
Nerd3D







PostPosted: Sat Jan 08, 2005 9:40 pm Reply with quote

It said
Code:
SELECT pwd FROM _authors WHERE aid='my admin name'


Weird, it's like $prefix isn't defined... but wouldn't that break like EVERYTHING
 
Raven







PostPosted: Sat Jan 08, 2005 9:47 pm Reply with quote

Yes it would IF the other places aren't defining. If other things are not breaking then it's an isolated bug that will cause you to lose sleep. I would hard code $prefix and then worry about it at a slower pace Wink
 
Nerd3D







PostPosted: Sat Jan 08, 2005 10:43 pm Reply with quote

Well RATS! I wish that was it. But I know more now. the trouble is the pointer to $db. Evidently $db is also undefined... as therefor so is the sql_query function ...

How can any thing work if all this is undefined? HitsFan
 
Nerd3D







PostPosted: Sat Jan 08, 2005 10:56 pm Reply with quote

I just noticed something weird.. This
Code:
      foreach ($_GET as $secvalue) {

         if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
         (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
         (eregi("\"", $secvalue))) {
         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
         }
      }
      
      foreach ($_POST as $secvalue) {
         if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
            die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
         }
      }


Comes before this ...
Code:
if ($forum_admin == 1) {

    require_once("../../../config.php");
    require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
    require_once("../../config.php");
    require_once("../../db/db.php");
} else {
    require_once("config.php");
    require_once("db/db.php");
    /* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
    /* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
    require_once("includes/sql_layer.php");
    $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

$mainfile = 1;
$result = $db->sql_query("SELECT * FROM ".$prefix."_config");
$row = $db->sql_fetchrow($result);
$sitename = $row['sitename'];
$nukeurl = $row['nukeurl'];
$site_logo = $row['site_logo'];
$slogan = $row['slogan'];
$startdate = $row['startdate'];
$adminmail = stripslashes($row['adminmail']);
blah
blah


That seems wrong to me.
 
Nerd3D







PostPosted: Sat Jan 08, 2005 11:17 pm Reply with quote

Hey I think I figured it out! Here's what I did I wrapped the Tag sniffing stuff in a function so it looks like this:
Code:
function security_check_html(){  //Nerd3D Added

   global $admin; //Nerd3D Added
   if (!is_admin($admin)){    //Nerd3D Added
      foreach ($_GET as $secvalue) {
         if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
         (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
         (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
         (eregi("\"", $secvalue))) {
         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
         } // End if
      } // ENd foreach
      
      foreach ($_POST as $secvalue) {
         if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
            die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
         } // end if
      } // end foreach
   }  // End if Nerd3D Added
}  // End Function Nerd3D Added
Then I moved the function to the end of mainfile.php. I stuck it right before the last ?>

Then I placed a call to the new function just below all the includes and variable declarations. That was line 185 after I moved every thing around.

I never would have got this if Raven hadn't put me onto the wiggin out SQL. Dance-Y

I didn't change my mainfile.php, (Well not till today) I wondering if I got a bad version of phpNuke now. The one I'm using is pre-modded to integrate with osCommerce.

So I have one last question, what gaping security holes have I created?
 
biohazzard
New Member
New Member



Joined: Jan 14, 2005
Posts: 1

PostPosted: Mon Jan 17, 2005 11:58 am Reply with quote

Hey Im running nuke 7.2 and I need to use the <scr ipt> tag but It wont let me. Ihave tried these sujestions that are here and can't seem to get it to work. If someone has been able to do this can you please show me how. iether with code or pasting your mainfile.php here

thanks
 
View user's profile Send private message
Nerd3D







PostPosted: Mon Jan 17, 2005 2:18 pm Reply with quote

I got it working on my site. Are you getting an error maybe I can help. I'd post my mainfile, but it's heavily modified and wouldn't work for you.
 
sting
Involved
Involved



Joined: Sep 23, 2003
Posts: 456
Location: Somewhere out there...

PostPosted: Tue Jul 12, 2005 8:31 pm Reply with quote

Ran across this tonight - be sure to change the code for the latest versions of Chat's patches and nuke code to reflect the Admin identification variable changes

Code:


if ( !defined('ADMIN_FILE') )
{

--all that other stuff here ---

}



-sting
 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) Enhancement Requests

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©