Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Specks
New Member
New Member


Joined: Jan 24, 2005
Posts: 12

PostPosted: Mon Jan 24, 2005 3:40 pm Reply with quote

Hi, I've installed NukeSentinel before and I've had it work on all the sites I've used it on. However I've recompiled PHP on the server and now it seems that HTTP Auth has stopped working. I can't seem to figure out why it has. I've tried reinstalling PHP Nuke and then reinstalling Sentinel and that didn't seem to work. It also seems to have stopped working on a server I have no control over. What seems to have happened? Is it something I did? Does the fact that I'm using Netscape have anything to do with it?

Thanks for the help.
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Mon Jan 24, 2005 4:34 pm Reply with quote

Find out what version of Apache, PHP and how PHP is installed (as a CGI or as an Apache module).

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
Specks
PostPosted: Mon Jan 24, 2005 6:22 pm Reply with quote

This is my server. Its configured as an Apache module.

Quote:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-mysql=/usr' '--with-xml' '--with-dom' '--with-curl' '--with-pear' '--with-zlib' '--enable-track-vars' '--enable-magic-quotes' '--enable-versioning' '--enable-calendar' '--enable-ftp' '--enable-bcmath' '--enable-sockets' '--enable-discard-path' '--with-xpm-dir=/usr/X11R6' '--with-gd' '--with-jpeg-dir=/usr' '--with-freetype-dir=/usr' '--with-png-dir=/usr'


The other server pretty much has the same thing.

Quote:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-xml' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--enable-magic-quotes' '--with-mysql' '--enable-discard-path' '--with-pear' '--enable-sockets' '--enable-track-vars' '--enable-versioning' '--with-zlib'


Both are Apache version 1.3.33.[/quote]
 
sixonetonoffun
PostPosted: Mon Jan 24, 2005 6:59 pm Reply with quote

Not PHP5 by chance?
 
Specks
PostPosted: Mon Jan 24, 2005 9:27 pm Reply with quote

No its 4.3.10
 
sixonetonoffun
PostPosted: Mon Jan 24, 2005 9:51 pm Reply with quote

Then I'm as out of ideas as you are I'm using 4.3.10 myself on a couple of servers. Maybe Bob or Raven will have heard of something simular but everything "Sounds right" from what you have said I can't think of anything that should prevent it from working unless something went very wrong with the php update.
 
sixonetonoffun
PostPosted: Mon Jan 24, 2005 9:53 pm Reply with quote

Didn't accidently get the wrong Nuke-Sentinel version?
760 for phpnuke 7.6
UNI for all previous versions
 
Specks
PostPosted: Mon Jan 24, 2005 10:16 pm Reply with quote

No I'm using 7.5 and the proper Sentinel versions for those. For some reason I set the whole ting up as instructed and then after I put the user name and password in. The uner name and password doesn't work at all.
 
sixonetonoffun
PostPosted: Mon Jan 24, 2005 10:34 pm Reply with quote

Ok maybe we're on to something here this came up in another thread where 7.5 was being used. No solution but at least we know this isn't an isolated incident.
 
Specks
PostPosted: Tue Jan 25, 2005 2:24 am Reply with quote

Another thing of note here. If I use 2.1.2 then it works fine. If I go to 2.1.3 it breaks. Weird.

update: I tried a fresh install and I followed the instructions to the T. It didn't help. This is very frustrating. I can't see any reason why HTTP Authentication is failing and I can't seem to trace what its doing. If I knew where Sentinel did the authentication I could probably figure this out.

1. downloaded fresh copy of 7.5
2. downloaded fresh copy of 7.5 patched
3. download fresh copy of NukeSentinel 2.1.3 UNI

unzipped 7.5 and unzipped patched, applied patched version to originalversion
unzipped NukeSentinel and applied that to patched PHPNuke, went through the install instructions and made the adjustments as instructed then uploaded the whole thing.

Set up the admin account and then ran nsnst.php to install NukeSentinel. Set up HTTPAuth and bang. Same problem.

Should I set up PHPNuke before uploading NukeSentinel and setting that up?
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Jan 25, 2005 4:39 am Reply with quote

There is nothing at all that is tied to the php version. When you say HTTPAuth has stopped working, do you mean it errors out or it just doesn't come up anymore?
 
View user's profile Send private message
CodyG
Life Cycles Becoming CPU Cycles


Joined: Jan 02, 2003
Posts: 712
Location: Vancouver Island

PostPosted: Tue Jan 25, 2005 11:03 am Reply with quote

Do you mean that you can't log into any nuke website? Because if you do then I had this same problem after upgrading my Win2K a few months back. It took me forever to figure out that the problem was with my browser. I hadn't changed any settings, but the Windows upgrade had changed them. Internet Explorer/Tools/Internet Options/Security Tab/Choose Zone/ then Custom Level Button ... then scroll all the way to the bottom of the page and make sure Authentication is set to "Prompt for User Name and Password."

Silly Windows.

_________________
"We want to see if life is ubiquitous." D.Goldin 
View user's profile Send private message
Specks
PostPosted: Tue Jan 25, 2005 1:29 pm Reply with quote

I don't use Internet Explorer though. Not if I can help it. I'm using Netscape. For what its worth though I did try with IE. It did ask for the user name and password just like netscape did, however the password didn't go through. HTTPAuth will not take the password I set. If I turn off HTTPAuth I can get in fine with the password I set. It just doesn't take the password. I go in and change the password, both of them, and set it to be the same and it still doesn't work. Seems like the program isn't matching the passwords up correctly.

Sorry if I misled or confused anyone by saying HTTP Auth didn't work meaning I get errors. I don't. What happens is the password doesn't work. Not even if I turn it off through the DB and then reset the password again, and then turn HTTPAuth back on. There's only one user and password at this time in the system and thats the God user.
 
sixonetonoffun
PostPosted: Tue Jan 25, 2005 3:10 pm Reply with quote

I hate to even bring it up but you are aware that the Username and Pass are case sensitive?
 
Specks
PostPosted: Tue Jan 25, 2005 3:43 pm Reply with quote

I'm very aware that it is and no I don't have the caps lock on. Smile
 
Specks
PostPosted: Tue Jan 25, 2005 4:23 pm Reply with quote

I solved the problem and this could apply to others who are having this problem as well. As a security measure I turned off register_globals as cPanel seems to like (for convenience, they say) to turn it on by default. Once I re-enabled register_globals HTTPAuth magicaly worked again. How did I find this out? I poured through the sentinel code and saw that HTTPAuth REQUIRES register_globals to be on in order for it to work. So for those who are having the same problems as I did you need to turn it on either in your php.ini or by using ini_set("register_globals", "On"); at the begining of the program. For now I'll keep it on untill I figure out where to put the ini_set so I can turn it off again. I'm not to happy that it didn't register in my head that it broke when I turned register_globals off, but then again it wasn't obvious untill I delved in to the code.

I'd like to thank everyone who posted for helping.
 
Raven
PostPosted: Tue Jan 25, 2005 4:30 pm Reply with quote

You have solved one of the mysteries of the universe!!! I never even thought to look at that. Thank you SO much for posting back.
 
sixonetonoffun
PostPosted: Tue Jan 25, 2005 4:30 pm Reply with quote

Sorry Specks I should have guessed that might be the underlying issue.
 
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Wed Jan 26, 2005 2:03 am Reply with quote

You can do a simple check in includes/sentinel.php for this setting. Open includes/sentinel.php and at the end find:
Code:
$sapi_name = strtolower(php_sapi_name());

$apass = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_nsnst_admins WHERE password_md5='' OR password=''"));
if($apass > 0 AND $ab_config['http_auth'] > 0) {
  require_once("admin/modules/sentinel/functions.php");
  absave_config("http_auth",'0');
}
if($ab_config['http_auth'] == 1 AND strpos($sapi_name,"cgi")===FALSE) {
  if (basename($_SERVER['PHP_SELF'], '.php')==$admin_file) {
    $allowPassageToAdmin = FALSE;
    $authresult = $db->sql_query("SELECT login, password_md5 FROM ".$prefix."_nsnst_admins");
    while ($getauth = $db->sql_fetchrow($authresult)) {
      if ($PHP_AUTH_USER==$getauth['login'] AND md5($PHP_AUTH_PW)==trim($getauth['password_md5'])) {
        $allowPassageToAdmin = TRUE;
        break;
      }
    }
    if (!$allowPassageToAdmin) {
      header("WWW-Authenticate: Basic realm=Protected");
      header("HTTP/1.0 401 Unauthorized");
      die(_AB_GETOUT);
    }
  }
}


Replace it with:
Code:
if(ini_get("register_globals")) {

  $sapi_name = strtolower(php_sapi_name());
  $apass = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_nsnst_admins WHERE password_md5='' OR password=''"));
  if($apass > 0 AND $ab_config['http_auth'] > 0) {
    require_once("admin/modules/sentinel/functions.php");
    absave_config("http_auth",'0');
  }
  if($ab_config['http_auth'] == 1 AND strpos($sapi_name,"cgi")===FALSE) {
    if (basename($_SERVER['PHP_SELF'], '.php')==$admin_file) {
      $allowPassageToAdmin = FALSE;
      $authresult = $db->sql_query("SELECT login, password_md5 FROM ".$prefix."_nsnst_admins");
      while ($getauth = $db->sql_fetchrow($authresult)) {
        if ($PHP_AUTH_USER==$getauth['login'] AND md5($PHP_AUTH_PW)==trim($getauth['password_md5'])) {
          $allowPassageToAdmin = TRUE;
          break;
        }
      }
      if (!$allowPassageToAdmin) {
        header("WWW-Authenticate: Basic realm=Protected");
        header("HTTP/1.0 401 Unauthorized");
        die(_AB_GETOUT);
      }
    }
  }
}

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
Specks
PostPosted: Fri Feb 04, 2005 2:05 pm Reply with quote

The only problem with that is it still breaks the HTTPAuth when register globals is turned off. Why not just place:

Code:


if (!ini_get("register_globals")) {
       ini_set("register_globals", "On");
}
if (ini_get("register_globals")) {
        $sapi_name = strtolower(php_sapi_name());
        $apass = $db->sql_numrows($db->sql_query("SELECT * FROM                       ".$prefix."_nsnst_admins WHERE password_md5='' OR password=''"));
        if($apass > 0 AND $ab_config['http_auth'] > 0) {
            require_once("admin/modules/sentinel/functions.php");
            absave_config("http_auth",'0');
        }
        if($ab_config['http_auth'] == 1 AND strpos($sapi_name,"cgi")===FALSE) {
        if (basename($_SERVER['PHP_SELF'], '.php')==$admin_file) {
            $allowPassageToAdmin = FALSE;
            $authresult = $db->sql_query("SELECT login, password_md5 FROM ".$prefix."_nsnst_admins");
            while ($getauth = $db->sql_fetchrow($authresult)) {
                if ($PHP_AUTH_USER==$getauth['login'] AND                   md5($PHP_AUTH_PW)==trim($getauth['password_md5'])) {
          $allowPassageToAdmin = TRUE;
          break;
        }
      }
      if (!$allowPassageToAdmin) {
        header("WWW-Authenticate: Basic realm=Protected");
        header("HTTP/1.0 401 Unauthorized");
        die(_AB_GETOUT);
      }
    }
  }
}



That way sentinel tries to turn on register globals and if it doesn't then it breaks.

Update: I just realised how Mickey Moused that was so I redid it. I still think its Klugy. There's got to be a better way.
 
Raven
PostPosted: Fri Feb 04, 2005 4:02 pm Reply with quote

register_globals will not work this way. By the time your script is called, it is too late to change the setting. The only place that register_globals can be changed (and work) is php.ini or .htaccess.
 
BobMarion
PostPosted: Mon Feb 07, 2005 2:53 am Reply with quote

For a site with register_globals turned off use CGIAuth instead. That way it is called from the .htaccess file and provides server level protection for your admin.php file Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©