Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
CODR3SH
New Member
New Member



Joined: Jun 11, 2005
Posts: 15

PostPosted: Sat Jun 11, 2005 4:31 am Reply with quote

I can login on admin section, I see all the options but when I hit them I recieve the blank page with "Access Denied" message.

dunno what to change...

I had checked the table nuke_authors and this is looking good:
Code:
CREATE TABLE `nuke_authors` (

  `aid` varchar(25) NOT NULL default '',
  `name` varchar(50) default NULL,
  `url` varchar(255) NOT NULL default '',
  `email` varchar(255) NOT NULL default '',
  `pwd` varchar(40) default NULL,
  `counter` int(11) NOT NULL default '0',
  `radminsuper` tinyint(1) NOT NULL default '1',
  `admlanguage` varchar(30) NOT NULL default '',
  PRIMARY KEY  (`aid`),
  KEY `aid` (`aid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `nuke_authors`
--

INSERT INTO `nuke_authors` VALUES ('bsr', 'God', 'http://www.domain.com', 'contact@domain.com', 'md5pass', 35, 1, '');

changed site link, e-mail, and password for not spamming here.

On this pages I recieve the blank page with "Access Denied" message:
[ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] - Access Denied on top of the page but page is loading and its working (now)

Pages that work and don't have the message: [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ]
[ Only registered users can see links on this board! Get registered or login! ] (this with Access Denied message on top of the page but options are working)

I posted this on other forums but I still don't get the answer!

Nuke 7.6 with the last patch from CS

Thank you for the time,
C.
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Sat Jun 11, 2005 5:05 am Reply with quote

well looks to me that you messed up somewhere...
try to go back on the things you did,this doesnt happen sudenly.. Smile
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Sat Jun 11, 2005 5:16 am Reply with quote

What version of nuke? See if this post helps at all:
[ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
CODR3SH







PostPosted: Sat Jun 11, 2005 5:19 am Reply with quote

Maybe,
I made a new user database, made all from the beging testing if is it comming from mysql...but nothing happen.

I uploaded the nuke 7.6 without patch... -> Illegal File Access .... after this I uploaded patch by patch wathing the results and -> "Access Denied" again.

It's something wrong in admin.php/ admin files because the variables don't go in modules (I deleted module Topics and then tried [ Only registered users can see links on this board! Get registered or login! ] and the same message)
 
CODR3SH







PostPosted: Sat Jun 11, 2005 6:12 am Reply with quote

I tried the thing with adding before ?> $_SERVER['SCRIPT_NAME'] = $_SERVER['PHP_SELF']; or $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME']; but nothing happen.

I have a question? Why I can access some admin pages and others no?
 
hitwalker







PostPosted: Sat Jun 11, 2005 6:13 am Reply with quote

"I uploaded the nuke 7.6 without patch... -> Illegal File Access "
sounds like some mixed up files..
 
CODR3SH







PostPosted: Sat Jun 11, 2005 6:25 am Reply with quote

The mixed up files should be admin.php / admin folder / includes and db folder because when I uploaded the 7.6 without patch the rest I left intact with last patch and only them was changed (admin,includes&db).

Running phpinfo() shows /phpinfo.php as being the variable for PHP_SELF
 
hitwalker







PostPosted: Sat Jun 11, 2005 6:28 am Reply with quote

well isnt it better to start clean...?
just upload patched 7.6..
 
CODR3SH







PostPosted: Sat Jun 11, 2005 6:31 am Reply with quote

I allredy done it, actualy now I have only last patch 7.6 on site and
CODR3SH wrote:


On this pages I recieve the blank page with "Access Denied" message:
[ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] - Access Denied on top of the page but page is loading and its working (now)

Pages that work and don't have the message: [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ]
[ Only registered users can see links on this board! Get registered or login! ] (this with Access Denied message on top of the page but options are working)
 
hitwalker







PostPosted: Sat Jun 11, 2005 7:07 am Reply with quote

well that is not possible...
to my opinion your messing things up..
i suggest deleting all and check what version/patched 7.6 you realy are uploading...
 
CODR3SH







PostPosted: Sat Jun 11, 2005 7:29 am Reply with quote

Same problem ... nuke 7.6 with last patch is on the web.

Maybe I'll try install in paralel nuke 7.7 and the patch of it. I want to ask what's the best way to save information from "old" nuke to "the" new nuke? Because I guess 7.7 have some tables changed than 7.6

Thank you, in a few hours I'll start the "process" of intalling new nuke...later
 
hitwalker







PostPosted: Sat Jun 11, 2005 8:14 am Reply with quote

well im sure you have read all the bad security stuff about the 7.7?
so why the 7.7 anyway...
 
CODR3SH







PostPosted: Sat Jun 11, 2005 8:27 am Reply with quote

Sure, but I thought that with CS patch this will go away... isn't true?

I can try 7.8 but dunno if some modules or blocks will work with it.

I'm waiting ideas.

Thank you for the time.
 
hitwalker







PostPosted: Sat Jun 11, 2005 8:52 am Reply with quote

well some point you have to take some advice..
and thats simple,trash the rest and go for the fresh 7.6
 
CODR3SH







PostPosted: Sat Jun 11, 2005 9:16 am Reply with quote

Ok than, I'll install fresh 7.6 and then the patch, now the new question is ... what I'll do with modules that are not from 7.6 (taken from NScripts,NCops or other made better)... leave them how they are and delete only files I'm using from 7.6? and upload them again?

P.S.: if you would like and have a Y! Id or something elese, send it to me on PM so I can send and recieve what is going wrong faster. Thank you.
 
hitwalker







PostPosted: Sat Jun 11, 2005 9:52 am Reply with quote

listen,installing can be as easy as riding a bike..
there arent that many changes with modules...
just upload the new patched 7.6 and change folder after folder by renaming it like blocks to blocks-old
step by step put everything back that you used...
as for stuff of nukescripts....just used the edited core files and if needed upgrade the used versions.
 
CODR3SH







PostPosted: Tue Jun 14, 2005 2:43 pm Reply with quote

All data was restored to a new install nuke 7.6 with last patch...everything seems to work fine but now I have onother problem in Forum Administration ... I have 2.0.15 and when I want to add moderator status to a user I recieve:

Code:
DEBUG MODE


SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND aa.group_id = ug.group_id AND aa.auth_mod = 1 GROUP BY ug.' at line 3

SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod FROM nuke_bbauth_access aa, nuke_bbuser_group ug WHERE ug.user_id IN () AND aa.group_id = ug.group_id AND aa.auth_mod = 1 GROUP BY ug.user_id

Line : 528
File : admin_ug_auth.php


Users and settings are from the "old" database. Not all the users can't be moderator ... tried to some others and worked but for what I want no...

I will look on sql to see the difference betwen those who can be and those who can't...but if someone have a better idea, please post .

Thank You.
 
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Tue Jun 14, 2005 3:24 pm Reply with quote

As a first step place the following into a file and save it as fixgroup.php

Code:
<?php 

//*****  check users and user groups ****//
if (!eregi("modules.php", $PHP_SELF)) {
    die ("You can't access this file directly...");
}
if ($popup != "1"){
    $module_name = basename(dirname(__FILE__));
    require("modules/".$module_name."/nukebb.php");
}
else
{
    $phpbb_root_path = 'modules/Forums/';
}

define('IN_PHPBB', true);
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include('includes/functions_search.'.$phpEx);

// Start session management
$userdata = session_pagestart($user_ip, PAGE_SEARCH, $nukeuser);
init_userprefs($userdata);
// End session management

$sql = "SELECT user_id, username
    FROM " . USERS_TABLE ."
    WHERE user_id > 0";
if ( !($result = $db->sql_query($sql)) )
{
    message_die(GENERAL_ERROR, 'Could not obtain user list', '', __LINE__, __FILE__, $sql);
}

$liste ='';
while ( $row = $db->sql_fetchrow($result) )
{
   $username = $row['username'];
   $user_id = $row['user_id'];
   $usergroup = '';
   
   $sql1 = "SELECT ug.group_id
          FROM " . USER_GROUP_TABLE ." ug, ". GROUPS_TABLE. " g 
          WHERE ug.user_id = $user_id
            AND ug.group_id = g.group_id
            AND g.group_single_user  = 1
            ";
             
   if ( ($result1 = $db->sql_query($sql1)) )
   {
       $row1 = $db->sql_fetchrow($result1);
          $usergroup =( ( $row1['group_id'] != '' ) ? $row1['group_id'] : 'User has no user group'.$row1 );
         
   }

          if (!($row1['group_id'] != ''))
          {
             
         $sql2 = "SELECT MAX(group_id) AS total
            FROM " . GROUPS_TABLE;
         if ( !($result2 = $db->sql_query($sql2)) )
         {
            message_die(GENERAL_ERROR, 'Could not obtain next group_id information', '', __LINE__, __FILE__, $sq2l);
         }

         if ( !($row2 = $db->sql_fetchrow($result2)) )
         {
            message_die(GENERAL_ERROR, 'Could not obtain next group_id information', '', __LINE__, __FILE__, $sql2);
         }
         $group_id = $row2['total'] + 1;
         
         
         $sql3 = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator)
            VALUES ($group_id, '', 'Personal User', 1, 0)";
         if ( !($result3 = $db->sql_query($sql3, BEGIN_TRANSACTION)) )
         {
            message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql3);
         }

         $sql4 = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
            VALUES ($user_id, $group_id, 0)";
         if( !($result4 = $db->sql_query($sql4, END_TRANSACTION)) )
         {
            message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql4);
         }

             
             $usergroup = $usergroup.', adding user group '.$group_id;
          }


   $liste .= ( ( $liste != '' ) ? '<br> ' : '' ) . $username.' <b>'.$usergroup.'</b>';
}

message_die(GENERAL_MESSAGE,'Users:<br>'.$liste);

?>


Place it in the Forum's folder and point your browser to [ Only registered users can see links on this board! Get registered or login! ]


Last edited by chatserv on Tue Oct 04, 2005 6:44 pm; edited 1 time in total 
View user's profile Send private message Visit poster's website
CODR3SH







PostPosted: Wed Jun 15, 2005 2:45 am Reply with quote

Thank You.
 
boardmerlin
Hangin' Around



Joined: Jun 27, 2005
Posts: 40
Location: Badger State

PostPosted: Tue Jun 28, 2005 11:25 pm Reply with quote

I was getting the same error, then patched the whole site and it is working great!
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©