Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
SKU-RANGER
New Member
New Member


Joined: Nov 24, 2005
Posts: 10

PostPosted: Thu Dec 01, 2005 12:40 am Reply with quote

this is the mainfile i ahve for php 7.6 patched

Code:
<?php


/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/
/* Additional Security and Code Cleanup for Patched 3.1                 */
/* Commited by the Nuke Patched Development Team 2005                   */
/* chatserv, Evaders99, Quake                                           */
/* http://www.nukeresources.com - Download location                     */
/* http://www.nukefixes.com - Development location                      */
/* http://sourceforge.net/projects/nukepatched/ - CVS                   */
/* Last file update: 30/07/05                                           */
/************************************************************************/

// End the transaction
if(!defined('END_TRANSACTION')) {
  define('END_TRANSACTION', 2);
}

// Get php version
$phpver = phpversion();

// convert superglobals if php is lower then 4.1.0
if ($phpver < '4.1.0') {
  $_GET = $HTTP_GET_VARS;
  $_POST = $HTTP_POST_VARS;
  $_SERVER = $HTTP_SERVER_VARS;
  $_FILES = $HTTP_POST_FILES;
  $_ENV = $HTTP_ENV_VARS;
  if($_SERVER['REQUEST_METHOD'] == "POST") {
    $_REQUEST = $_POST;
  } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
    $_REQUEST = $_GET;
  }
  if(isset($HTTP_COOKIE_VARS)) {
    $_COOKIE = $HTTP_COOKIE_VARS;
  }
  if(isset($HTTP_SESSION_VARS)) {
    $_SESSION = $HTTP_SESSION_VARS;
  }
}

// override old superglobals if php is higher then 4.1.0
if($phpver >= '4.1.0') {
  $HTTP_GET_VARS = $_GET;
  $HTTP_POST_VARS = $_POST;
  $HTTP_SERVER_VARS = $_SERVER;
  $HTTP_POST_FILES = $_FILES;
  $HTTP_ENV_VARS = $_ENV;
  $PHP_SELF = $_SERVER['PHP_SELF'];
  if(isset($_SESSION)) {
    $HTTP_SESSION_VARS = $_SESSION;
  }
  if(isset($_COOKIE)) {
    $HTTP_COOKIE_VARS= $_COOKIE;
  }
}

// After doing those superglobals we can now use one
// and check if this file isnt being accessed directly
if (stristr(htmlentities($_SERVER['PHP_SELF']), "mainfile.php")) {
    header("Location: index.php");
    exit();
}

if (!function_exists("floatval")) {
    function floatval($inputval) {
        return (float)$inputval;
    }
}

if ($phpver >= '4.0.4pl1' && isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'],'compatible')) {
  if (extension_loaded('zlib')) {
    @ob_end_clean();
    ob_start('ob_gzhandler');
  }
} elseif ($phpver > '4.0' && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])) {
  if (strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
    if (extension_loaded('zlib')) {
      $do_gzip_compress = true;
      ob_start(array('ob_gzhandler',5));
      ob_implicit_flush(0);
      if (ereg("MSIE", $_SERVER['HTTP_USER_AGENT'])) {
      header('Content-Encoding: gzip');
      }
    }
  }
}

if (!ini_get('register_globals')) {
  @import_request_variables("GPC", "");
}

//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
  if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
    die('Illegal Operation');
  }
}

// This block of code makes sure $admin and $user are COOKIES
if((isset($admin) && $admin != $_COOKIE['admin']) OR (isset($user) && $user != $_COOKIE['user'])) {
  die("Illegal Operation");
}

// We want to use the function stripos,
// but thats only available since PHP5.
// So we cloned the function...
if(!function_exists('stripos')) {
  function stripos_clone($haystack, $needle, $offset=0) {
    return strpos(strtoupper($haystack), strtoupper($needle), $offset);
  }
} else {
// But when this is PHP5, we use the original function   
  function stripos_clone($haystack, $needle, $offset=0) {
    return stripos($haystack, $needle, $offset=0);
  }
}

// Additional security (Union, CLike, XSS)
if(!file_exists('includes/nukesentinel.php')) {
  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
    $queryString = $_SERVER['QUERY_STRING'];
    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
      die('Illegal Operation');
    }
  }
}

if(isset($admin) && $admin == $_COOKIE['admin'])
{
   $admin = base64_decode($admin);
   $admin = addslashes($admin);
   $admin = base64_encode($admin);
}

if(isset($user) && $user == $_COOKIE['user'])
{
   $user = base64_decode($user);
   $user = addslashes($user);
   $user = base64_encode($user);
}

// Die message for not allowed HTML tags
$htmltags = "<center><img src=\"images/logo.gif\"><br><br><b>";
$htmltags .= "The html tags you attempted to use are not allowed</b><br><br>";
$htmltags .= "[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]";

// Die message for empty HTTP_REFERER
$posttags = "<b>Warning:</b> your browser doesn't send the HTTP_REFERER header to the website.<br>";
$posttags .= "This can be caused due to your browser, using a proxy server or your firewall.<br>";
$posttags .= "Please change browser or turn off the use of a proxy<br>";
$posttags .= "or turn off the 'Deny servers to trace web browsing' in your firewall<br>";
$posttags .= "and you shouldn't have problems when sending a POST on this website.";

if (!defined('ADMIN_FILE') && !file_exists('includes/nukesentinel.php')) {
  foreach ($_GET as $sec_key => $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
   (eregi("\"", $secvalue)) ||
   (eregi("forum_admin", $sec_key)) ||
   (eregi("inside_mod", $sec_key))) {
        die ($htmltags);
     }
  }

  foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
      die ($htmltags);
    }
  }
}

// Posting from other servers in not allowed
// Fix by Quake
// Bug found by PeNdEjO
if ($_SERVER['REQUEST_METHOD'] == "POST") {
  if (isset($_SERVER['HTTP_REFERER'])) {
    if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
        die('Posting from another server not allowed!');
    }
  } else {
    die($posttags);
  }
}

if(defined('FORUM_ADMIN')) {
  define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
  define('INCLUDE_PATH', '../../');
} else {
  define('INCLUDE_PATH', './');
}

@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
@require_once(INCLUDE_PATH."includes/ipban.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
  @include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}


Admin note: Edited for brevity
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Dec 13, 2005 3:04 pm Reply with quote

So what's your question?
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu Mar 02, 2006 9:47 pm Reply with quote

ok im sorry for this....i have only been workin with php nuke for 2 months
im farely decent at it...but this problem eludes me
i have searched all your forums and found many possible fixes...problem is i cant seem to get it to work for me. im using nuke 7.6...i just applied the 3.2 patch...in order to install the newest patch plus the newest sentinel
if u can please help...this is how i seem to understand this. my mainfile seems to be included in every aspect of my site. so after goin through the nuke and workin with specific files...i came to the conclusion that my mainfile was the cause....with the original the forums admin works just fine...with the edited version...forums show up blank page
Code:
if(defined('FORUM_ADMIN')) {

  define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
  define('INCLUDE_PATH', '../../');
} else {
  define('INCLUDE_PATH', './');
}

@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/sql_layer.php");
@require_once(INCLUDE_PATH."includes/ipban.php");
@include_once(INCLUDE_PATH."includes/nukesentinel.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
  @include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
}

this is what i see...i have sentinel up and runnin on my admin page...but forums page goes blank...ive done all i can think of....im sure its somethin simple..hope u can help....believe me ive done it all
i used the edit it told me to ...the ("/../../" something) i really did...just late and copyin the code is a bit of work my head says no Laughing i also moved it throughout that entire code...between different lines...changed it from require to include....ive done all i can think of...now i may be in the wrong section of mainfile all together....this is the closest i could find to what the edits for core files tells me to change....ok im done now...if u cant help please do Bang Head
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
gregexp
PostPosted: Thu Mar 02, 2006 9:58 pm Reply with quote

sorry i also figure u want to know this.....im using forums phpBB 2.0.17
 
Raven
PostPosted: Thu Mar 02, 2006 10:41 pm Reply with quote

Have you set $display_errors=TRUE; in config.php to see if that writes any errors either to the screen or to your server error_log?
 
gregexp
PostPosted: Thu Mar 02, 2006 10:44 pm Reply with quote

yes i have...very first thing i tried.
 
gregexp
PostPosted: Thu Mar 02, 2006 10:46 pm Reply with quote

btw if this makes it easier...i see ur here so u might be watching this..u can contact me through yahoo or msn...ill make em available on my profile
 
gregexp
PostPosted: Thu Mar 02, 2006 10:51 pm Reply with quote

i also tried setting it true in the forums config.php..this file didnt have that option so i just wrote it in
 
gregexp
PostPosted: Fri Mar 03, 2006 1:31 am Reply with quote

thanx a ton raven for responding but i fixed it....if some1 could let me know i am not hurtin nething by doin this would be great
in the includes/nuksentinel.php....after reading bob marions post on if i was using a lower version patch....i reversed the thinkin and looked for the code if ($forum_admin == 1) { in that file and changed it to if (defined('FORUM_ADMIN')) { ...now i did not make nuke sentinel and frankly by far do not have the expertise to say it will or will not work after this edit...properly i mean so i ask if this will not work...plzz disable this post so no1 else gets the idea from me and respond to me letting me know it will or will not work....thank u for the quick responses....i managed to get it workin in 1 night thanx to this forum....instead of 3 days...Laughing RavensScripts
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©