Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro
Author Message
mvillamizar
Regular
Regular


Joined: Nov 02, 2004
Posts: 54
Location: Colombia

PostPosted: Wed Aug 02, 2006 8:02 am Reply with quote

Hi,

I have installed v2.02.00

when i log in using god admin, i can access some modules and some not
I can access the administration menu, but not modules administration, I get a blank page saying access denied.

Thanks Shocked

_________________
Mario Villamizar
Web Developer 
View user's profile Send private message Visit poster's website
mvillamizar
PostPosted: Wed Aug 02, 2006 10:34 am Reply with quote

Help please is urgent worship
 
mvillamizar
PostPosted: Wed Aug 02, 2006 11:15 am Reply with quote

I have change the name of the admin.php to myadmin.php and changed also in the config.php file the variable $admin_file = "myadmin";

when i do this is when happen the error describes obove

what can i do to fix this. Shocked
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Aug 02, 2006 3:21 pm Reply with quote

Changing the admin file name doesnt really offer any real benefit so you could change it back to the default.
This issue is fixed in the next release and is caused by some files still having the original authors references to hard coded to admin.php instead of $admin_file.'.php'

You should also be aware that that most of the older modules, blocks etc available from third parties may well have hard coded references to admin.php so changing the name of the admin file can break these where the third party author has not updated thir scripts.
 
View user's profile Send private message Send e-mail
mvillamizar
PostPosted: Wed Aug 02, 2006 8:25 pm Reply with quote

well now everything is woorking, but the news module does post any news

what could be?
 
Guardian2003
PostPosted: Wed Aug 02, 2006 8:31 pm Reply with quote

Do you have any illegal characters in the title?
I couldnt find a submit news on your site to test.
 
Bluezzz
Involved
Involved


Joined: Feb 08, 2005
Posts: 290
Location: USA

PostPosted: Sat Aug 26, 2006 9:07 am Reply with quote

Guardian2003 wrote:
Changing the admin file name doesnt really offer any real benefit so you could change it back to the default.
This issue is fixed in the next release and is caused by some files still having the original authors references to hard coded to admin.php instead of $admin_file.'.php'

You should also be aware that that most of the older modules, blocks etc available from third parties may well have hard coded references to admin.php so changing the name of the admin file can break these where the third party author has not updated thir scripts.


In regard to "This issue is fixed in the next release", I'm on the next release, as a matter of a fact I'm on the latest RN76 2.02.02 ... this issue is not fixed. I changed the admin.php to another name without extension per instructions and then when I refreshed my browser I got the error message of Access Denied (for the main index page). And yes I put the new name in the config without extension. So I've put it back to what it was and it works fine. My problem didn't just occur from an Admin panel though, I just refreshed my main site page and got that error.

I'll go with the advice of leaving it as "admin" in config.

Yes I know, this is three years later but I felt it necessary to resurrect this post since it was the answer to my current problem.

_________________
Bluezzz
~ Stop & smell the roses, while you can! ~ 
View user's profile Send private message
Guardian2003
PostPosted: Sat Aug 26, 2006 10:10 am Reply with quote

No you are on the current public release (and was the current public release at the time I posted).
The *next* release which is due to go into QA testing any time now is v2.10.00 and was the one I was referring to as the *next* release - just for clarity Smile

I'm still finding so many older modules and stuff that reference a hard coded admin file which will break when the location of the admin file is changed so for backward compatibility I still recommend leaving things in there default setting.

Yes, as you rightly point out, there were a few references we missed in v2.02.02 but these are definitely fixed in v2.10.00
 
Bluezzz
PostPosted: Sat Aug 26, 2006 10:48 am Reply with quote

I'd like to get in on that testing and upgrade/Q&A for 2.10.00 since I plan to continue being very involved in this site I'm now creating. I'd like to get this site functioning correctly as is and then somehow back up the whole thing and then create yet a third so I can use the third to experiment in. I'm not sure how I'd do that tho LOL.

OH my, I just realized that my reference to *three year old post* was incorrect! I was looking at the Joined: dates, not the posted dates ... I'm sooooooooo sorry!

OK now, another thing I've noticed that I cannot do as suggested in the admin.php file is:

//Uncomment the following lines after setting the site url in the Administration
//global $domain;
//if (!stripos_clone($_SERVER['HTTP_HOST'], $domain)) {
// die("Access denied");
//}

If I do uncomment that out I can refresh my main site page ok but my Admin page shows Access Denied so I've had to go back in and use the // again. The site admin page is correct and works fine if I don't comment those lines out. Not sure why that is!?
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sat Aug 26, 2006 11:43 am Reply with quote

Bluezzz, You do not need to comment that out nor do folks need to rename their admin.php files. These were all very lame attempts by the author of PHP-Nuke (FB, NOT Raven) to give a sense of "security". NukeSentinel is protecting your admin.php file so you just need to let it do its job...

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Bluezzz
PostPosted: Sat Aug 26, 2006 2:13 pm Reply with quote

THANK YOU for those assurances! I did notice that for both of those attempted changes I got Access Denied results so I put them both back to normal (defaults).

All I can say to others is ... if the site works good for you at any time do a backup from Admin for both site & forums AND then before you make any changes to any .php or .access type files do a backup of it in case you need to *go back*, these procedures have saved me alot of time and trouble in the long run!

I guess I need to work on my Sentinel next, the module is on but I have to get the blocks going ... and even so, in the module from the instructions on the Install help pages I'm STUCK on the CGIAuth part LOL ... workin it out tho!
 
montego
PostPosted: Sat Aug 26, 2006 2:44 pm Reply with quote

Well, ok, so its not protecting your admin.php file as yet... Gotta get that CGIAuth working luv!
 
Bluezzz
PostPosted: Sat Aug 26, 2006 2:46 pm Reply with quote

Dang it! Shocked I'm still getting with my host to find out why HTTPAdmin isn't there ... I think they've got my site as a module on Apache (thus CGIAuth) and not however it *should be* ... I really, really don't wanna do those recommended steps cause I'm afraid I'll mess it up LOL
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Aug 26, 2006 4:55 pm Reply with quote

Cgiauth is VERY affective none the less.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Bluezzz
PostPosted: Sat Aug 26, 2006 5:00 pm Reply with quote

The instructions on how to make it work in that mode are kinda scary tho, I'm pretty good at this stuff but I'm sorta scared of this step ... last time I installed a phpnuke site it was HTTP ready so I didn't have to make changes to that in Sentinel, this site is a different host. Would someone care to explain the differences and how either one is effective? Maybe if I understand why I need to make these changes it'll help me when I tackle that.
 
montego
PostPosted: Sat Aug 26, 2006 5:29 pm Reply with quote

There are many hacks (and not in a good sense) out there which were attacking vulnerabilities in the admin.php?<blah blah blah>... Although the patches assembled and distributed by Chatserv over the years closed many of those "holes", drop in a new module that is not written well, and new vulnerability.

HTTPAuth/CGIAuth protection on the admin.php script just gives an extra layer of "protection" in that in order to use that script AT ALL, they would have to figure out the login name and password. (Very similar to using cpanel to password protect a directory on your website.)

It is a very good thing to do and very much encouraged... Wink Wink Wink

Just follow the instructions in the HowToInstall manual related to the setup of CGIAuth and you should be fine. If you run into issues that you cannot figure out, search on CGIAuth here in the forums and you will find a wealth of historical knowledge...
 
Bluezzz
PostPosted: Tue Aug 29, 2006 11:59 am Reply with quote

I have searched to no avail. If I leave in those 8 lines in (generated during setup of Sentinel) I get the login box continually popping up until after the third time when I get Authorization Failed page. I have the correct path in, I am using the right username/pw. I do have to run in CPIAuth unfortunately. I've had to comment out those sentinel lines in order to get back into my site. This is the last major hurdle before I open the site & I will continue searching but I need to get this fixed right ... any help would be appreciated!
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Sep 05, 2006 10:48 pm Reply with quote

Bluezzz, did you ever resolve this? And just for the record, even though we distinguish between HTTP and CGI authorization, they are one and the same from the browser standpoint. The difference is where the userid and password confirmation comes from. PHP does not pass the variables when compiled as CGI.
 
View user's profile Send private message
Bluezzz
PostPosted: Tue Sep 05, 2006 11:59 pm Reply with quote

Again I think I resolved this and posted on another post. Yes, I am using the CGIAuth and had issues with it ... I redid the file that had those 8 lines and it was fine thereafter, seems I had the initial file wrong somehow ... fixed now tho. Thanks for answering Raven : o}

I do have to tell you that darklord, montego and Guardian2003 have been tremendous help and they are much appreciated! I think my site is working pretty good except one Forums admin concern which I've posted about and will double check soon to see if I did something wrong there. Thank you all!
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©