Nuke Sentinel = Your Account blank page.

Posted: Thu Nov 16, 2006 6:54 pm

Hello, I take two weeks modifying my webpage to let undergo attacks and I have a problem with Sentinel 2503. I have installed Nuke 7,9 with Patch 3dot3. All the installation of sentinel goes correct but when edit Your Account/index.php when acceding to "Your Account" it appears blank page. With index original in Your Account, having all sentinel installed, it works. Can to help me?

Posted: Thu Nov 16, 2006 7:15 pm

Blank page usually indicates an error. Enable error reporting and check your error logs

Posted: Fri Nov 17, 2006 4:14 am

Hello evadres99, ans Thnaks for help me.

(I have 1700 one week without the webpage very gotten upset)

I explain the errors to you:

When I put

Quote:

#
#-----[ OPEN ]------------------------------------------
#
index.php

function mail_password($username, $code) {
#
#-----[ FIND ]------------------------------------------
#
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;

#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,

Now it will look something like:
global $nsnst_const, $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;

everything works well

When I put

Quote:

#
#-----[ FIND ]------------------------------------------
# This appears twice in this function
$host_name = $_SERVER['REMOTE_ADDR'];

#
#-----[ REPLACE WITH ]------------------------------------------
#
if(!defined("NUKESENTINEL_IS_LOADED")) {
$host_name = $_SERVER['REMOTE_ADDR'];
} else {
$host_name = $nsnst_const['remote_ip'];
}

function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {
#

It appears the following error
Parse error: syntax error, unexpected $end in /home/clubpeug/public_html/modules/Your_Account/index.php on line 1877

When I put

Quote:

#
#-----[ FIND ]------------------------------------------
#
$uname = $_SERVER['REMOTE_ADDR'];

#
#-----[ REPLACE WITH ]------------------------------------------
#
if(!defined("NUKESENTINEL_IS_LOADED")) {
$uname = $_SERVER['REMOTE_ADDR'];
} else {
$uname = $nsnst_const['remote_ip'];
}

function userinfo($username, $bypass=0, $hid=0, $url=0) {
# Submitted by technocrat

It appears the following error
Parse error: syntax error, unexpected T_ELSE in /home/clubpeug/public_html/modules/Your_Account/index.php on line 926

If you pay attention, in the functions I have eliminated the word in because I believe that he was bad and also it gave error me

Posted: Fri Nov 17, 2006 6:18 am

I see nothing wrong with the code snippets provided in the instructions. Therefore, it must be how you applied them. Maybe post here 10 lines above through 10 lines below your edits so we can see them "in context".

Posted: Fri Nov 17, 2006 7:40 am

In agreement, I put code pieces to you in where I have made changes.

Quote:

include("footer.php");
} else {
if(!defined("NUKESENTINEL_IS_LOADED")) {
$host_name = $_SERVER['REMOTE_ADDR'];
} else {
$host_name = $nsnst_const['remote_ip'];
}

function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {

$row = $db->sql_fetchrow($result);
$user_email = filter($row['user_email'], "nohtml");
$user_password = $row['user_password'];
$user_password = htmlspecialchars(stripslashes($user_password));
$areyou = substr($user_password, 0, 10);
if ($areyou==$code) {
$newpass=makepass();
$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._HASREQUESTED."\n\n"._YOURNEWPASSWORD." $newpass\n\n "._YOUCANCHANGE." $nukeurl/modules.php?name=$module_name\n\n"._IFYOUDIDNOTASK."";
$subject = ""._USERPASSWORD4." $username";
mail($user_email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion());
/* Next step: add the new password to the database */
$cryptpass = md5($newpass);
$query = "UPDATE ".$user_prefix."_users SET user_password='$cryptpass' WHERE username='$username'";
if (!$db->sql_query($query)) {
echo ""._UPDATEFAILED."";
}
include ("header.php");
OpenTable();
echo "<center>"._PASSWORD4." $username "._MAILED." "._GOBACK."</center>";
CloseTable();
include ("footer.php");
/* If no Code, send it */
} else {
$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
if($db->sql_numrows($result) == 0) {
include ("header.php");
OpenTable();
echo "<center>"._SORRYNOUSERINFO."</center>";
CloseTable();
include ("footer.php");
} else {
if(!defined("NUKESENTINEL_IS_LOADED")) {
$host_name = $_SERVER['REMOTE_ADDR'];
} else {
$host_name = $nsnst_const['remote_ip'];
}

function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {

$row = $db->sql_fetchrow($result);
$user_email = filter($row['user_email'], "nohtml");
$user_password = $row['user_password'];
$areyou = substr($user_password, 0, 10);
$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._CODEREQUESTED."\n\n"._YOURCODEIS." $areyou \n\n"._WITHTHISCODE." $nukeurl/modules.php?name=$module_name&op=pass_lost\n"._IFYOUDIDNOTASK2."";
$subject=""._CODEFOR." $username";
mail($user_email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion());
include ("header.php");

Quote:

} else {
docookie($setinfo['user_id'], $username, $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);
if(!defined("NUKESENTINEL_IS_LOADED")) {
$uname = $_SERVER['REMOTE_ADDR'];
} else {
$uname = $nsnst_const['remote_ip'];
}

function userinfo($username, $bypass=0, $hid=0, $url=0) {

$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");
$db->sql_query("UPDATE ".$prefix."_users SET last_ip='$uname' WHERE username='$username'");
}
if (!empty($pm_login)) {
Header("Location: messages-inbox.html");
exit;
}

Quote:

if ($userinfo['last_ip'] != 0) {
echo "<center>"._ADMINFUNCTIONS." "._LASTIP." ".$userinfo['last_ip']." ";
echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
} else {
echo "<center>[ <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
}

Can anything send me by mail, the archive index.php of Your Account (nuke 7.9 patched 3dot3 and Sentinel 2503), with the modifications in order to prove it.

Thanks

Posted: Fri Nov 17, 2006 3:33 pm

Please, I need help. It is the only way to defend to me of the attacks that I have received. It does not matter to me if a payment support is necessary.
If adjustment this I will not think about leaving the PHPNuke... Crying or Very sad

If you want I send the file to you, or send me you, I will thank for it.

Involved Joined: Jul 15, 2004 Posts: 252 Location: OKC, OK

Ok here is the problem...
When it says "In function userinfo(...." What that is saying, is now look in this function and find...

The word in is not a mistake it is directions on where to look.

you have added a line you do not need, this is from your code below.

Code:

if(!defined("NUKESENTINEL_IS_LOADED")) {


$uname = $_SERVER['REMOTE_ADDR'];


} else {


$uname = $nsnst_const['remote_ip'];


}


!!!! ERASE THIS LINE!!!!function userinfo($username, $bypass=0, $hid=0, $url=0) {





$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");


$db->sql_query("UPDATE ".$prefix."_users SET last_ip='$uname' WHERE username='$username'");


}

See where I say to remove that line? Take that out of your code.

now in the function userinfo($username, $bypass=0, $hid=0, $url=0)

Code:




# 


#-----[ FIND ]------------------------------------------ 


#


global $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;





# 


#-----[ ADD TO IT ]------------------------------------------ 


#


$nsnst_const,

You will also have to remove the line
"function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {"

and look in that function and make the changes to that.

I don't know if I am explaning this well. I hope you see what I am saying and can correct the file.

If you don't get it, PM me and I can make the edits, but it would bnot be untill tomorow Sat. 11/18 in the afternoon my time GMT -6, so very last your time

Posted: Sat Nov 18, 2006 7:05 am

nuevonuke wrote:

Please, I need help. It is the only way to defend to me of the attacks that I have received. It does not matter to me if a payment support is necessary.
If adjustment this I will not think about leaving the PHPNuke... Crying or Very sad

If you want I send the file to you, or send me you, I will thank for it.

Please understand that many of us have day jobs and families. I am only on-line an hour a day. Sad

I think Tao_Man is on the right track...

Posted: Sat Nov 18, 2006 10:03 am

Sorry so much montego, did not want to bother you. Already that this of webs occupies long time. Wink

I take more than one week to recover my webpage.
I want to thanks you for the help, mainly to Tao man, because its solution has been valid.
My web is [ Only registered users can see links on this board! Get registered or login! ] and anything that you want, can to request it.