Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Nomad
Client


Joined: Jan 21, 2006
Posts: 87
Location: Arizona

PostPosted: Sat Jul 08, 2006 1:44 pm Reply with quote

Ok, guys. First of all thanks for all the help....

I'm trying to add scripts to my site that are not php-nuke scripts.

So if its not a module file, nuke file,or block file then how do i prevent direct access.

I want the only access to the file to come from a link from inside my nuke site. This way I can use the nuke registration process to filter access.

_________________
Nomad!~! 
View user's profile Send private message Visit poster's website AIM Address
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Jul 08, 2006 2:17 pm Reply with quote

try .htaccess

inside should be:
deny from all

This should stop DIRECT browser access but your site will be able to run the script.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Nomad
PostPosted: Sat Jul 08, 2006 3:50 pm Reply with quote

ok, I tried that, but then I get a 404 error - You don't have permission to access index.php on this server.

This happens when I run a link out of phpnuke.

maybe I'm tackling this situation wrong.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Sat Jul 08, 2006 3:52 pm Reply with quote

The htaccess directive needs to be placed in a htaccess inside the same directory as the file you are trying to protect.
Is this what you did?
 
View user's profile Send private message Send e-mail
Nomad
PostPosted: Sat Jul 08, 2006 3:59 pm Reply with quote

yes......
the htaccess file is located at: Only registered users can see links on this board! Get registered or login!

try this...
Link from the site Only registered users can see links on this board! Get registered or login!

This is the direct link Only registered users can see links on this board! Get registered or login!
 
gregexp
PostPosted: Sat Jul 08, 2006 8:48 pm Reply with quote

I think this is because of the use of an iframe, in iframes its still direct access from the users browser.

sorry I did not think of this earlier. I will look further into this.


Update: because of it being the same as opening 2 browsers to display one page, we have that problem. To answer your question, why not include the is_user function in nuke?

I believe including the mainfile.php may just give you what you need'

Then code this in there after the include

if is_user($user){
code
}else{
die("This module is not active for none members");
}

This will stop them from accessing it directly, If they are not a user but it will not stop a user from acessing it directly, perhaps and include is in order, if possible, Imma test a theory and get back to you.

If this is a FULL script(with more then on file) then include wont work either, but if not, include should work just fine.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©