Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
Bluezzz
Involved
Involved


Joined: Feb 08, 2005
Posts: 290
Location: USA

PostPosted: Tue Oct 31, 2006 6:47 am Reply with quote

I have added a new site & forum admin. They can log into the site and admin just fine with their own username/pw combo (not god or my admin), however ... when they click on the forum admin icon they cannot log in under their own admin ... they must log in under god (superuser) admin ... I'd really rather NOT have it that way! Does anyone know what the problem is? I'm using the BB2Nuke that came with my RN76 2.02.02 ... with the NS that came with that. How can I have it so all admins can log into both site and forums admin pages under their own logins??? Help!?

_________________
Bluezzz
~ Stop & smell the roses, while you can! ~ 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Tue Oct 31, 2006 6:59 am Reply with quote

Just to clarify - are you talking about forum moderation with the Nuke user ID set up as a moderator or forums administration (i.e. admin.php?op=forums)? If it's forums administration, do you have admin authentication on this function? If so, you may need to setup admin authentication for the admin...but don't they already have this for admin.php?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Bluezzz
PostPosted: Tue Oct 31, 2006 7:11 am Reply with quote

admin.php (site admin) ...
OK with cookies deleted, cache deleted, etc ... loading site as new to browser. I try to log in as my new admin in /nukesite/admin.php and that works fine, NS asks for the username/pw and seems ok because then I get sent to login page on the site itself for which I enter login name/pw/graphic #s ... all ok I get logged into site admin just fine under this person's login.

forums/admin.php (forums admin) ...
Then I go to the forums icon and click it and NS (I think it's NS) brings up a popup login box. I try to login forums admin as the username/pw of said new admin but it rejects that login three times until I get booted to a 401 permissions page.

However, if I enter the site admin (god/superuser) login name/pw it will allow me in. I'm not sure what the problem is or why I cannot log into the forums admin as this new admin's username/pw. Site login is fine using their login combo ... forums admin rejects until it gets god/superuser login info ... NOT good : o/

I've never understood why I get asked for username/pw again from forums admin since I've already logged in as admin to the site itself. Even as god/superuser I have to log in three times:

1) NS login popup box
2) Site login page if NS passes me LOL
3) Forums admin page

It's a bish deleting cookies lemme tell ya!

BTW, I as god/superuser and I as a regular user/admin am not having any problems logging in except NS sometimes wants the encrypted version of a pw, which I've enquired about here previously but no one really knew what was up with it. In NS I've had to change the encrypted to normal pws or I can't log in under regular pws ... the only one I didn't change was the god which is still encrypted and gives me fits now and then, in otherwords sometimes I have to enter the encrypted pw (the whole dang long mess of it) instead of the normal pw for god/admin to get access ... but that's another issue.

For now, I need help figuring out why my new admin can log into the site ok but needs to have god/superuser pw to access the forums admin area.
 
Bluezzz
PostPosted: Tue Oct 31, 2006 7:19 am Reply with quote

And before you ask, yes they are set to Administrator every which way from Sunday, including in NS (I did the scan for new admins, etc, Is Protected).
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Tue Oct 31, 2006 7:20 am Reply with quote

Bluezz, you (or someone helping you) must have added password protection on the Forums/admin directory. Remember back earlier this year all of the forum admin exploits going around? We were suggesting to folks here to do exactly that.

I am pretty sure that is what is going on.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Bluezzz
PostPosted: Tue Oct 31, 2006 7:29 am Reply with quote

Where would I have done that?

And if that's the case is there a way to fix it so each admin can safely login to forums admin without needing god/superuser admin rights?
 
montego
PostPosted: Tue Oct 31, 2006 7:52 am Reply with quote

You could have used cpanel to place a password on the modules/Forums/admin directory or you could have used a .htaccess/.staccess combination of files under this same directory.

If you used the cpanel approach, then you would have to manually sync those passwords (not something you would want to do).

The other option would be to have a .htaccess file in this directory which has the same deny statements that NukeSentinel has but point to the same .staccess file that you have in the root of your nuke structure (where NukeSentinel is using it).
 
Bluezzz
PostPosted: Tue Oct 31, 2006 8:39 am Reply with quote

Ya lost me : o/

I can say I doubt I went the cPanel route since I tend to avoid that. I believe I tried the .htaccess/.staccess route which if I recall was in the NS install instructions but by the same token I don't think it ever worked because I don't think I ever made those changes as I ran into some login problem after trying it so I undid what install said to do, and then someone here told me that part wasn't necessary anyway ... or something ... I forget now.

Can you be more specific? Which .htaccess/.staccess file is the correct one and do I just copy that to the other admin's folder (like from root to forums/admin)? I'm confused.
 
montego
PostPosted: Wed Nov 01, 2006 8:36 pm Reply with quote

If you look in the modules/Forums/admin directory, do you see a .htaccess file?

If the answer is "YES", then you need to look inside that and see what it is using for the password file, as that will control which password is being asked for to get to the Forums Admin.

If the answer is "NO", then I think you have to look in the .htaccess file in the root of your nuke installation and see if there is any reference to the above mentioned directory (with a deny) and calling out a password file to use for validation.
 
Bluezzz
PostPosted: Fri Nov 03, 2006 2:39 pm Reply with quote

It has an .htaccess file that has something like this in it ...

AuthType Basic

AuthName "Forums Admin"

AuthUserFile "/home/<<userdir>>/.htpasswds/<<nukeroot>>/modules/Forums/admin/passwd"


require valid-user


There is no pw in it. Also it's not using an .staccess file either. The question was however, how do I get it so that admins can use their own pw not related to God/superuser pw?
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Fri Nov 03, 2006 4:59 pm Reply with quote

Bluezzz, if I remember correctly you did use cPanel to set up authentication as I did you a step by step guide - but that doesnt mean you are still using it, you may have changed it after that.
 
View user's profile Send private message Send e-mail
Bluezzz
PostPosted: Fri Nov 03, 2006 6:00 pm Reply with quote

Nope that wasn't me. I used Raven's install instructions for NS and had some problems at around step four or thereabouts. I have to us CGIAuth not HTTPauth, which was complicated for me from the previous time I'd installed. I didn't use cPanel at all that I remember. I avoid cPanel if I can LOL. I did have problems with the .htaccess file tho, I sort of got it working but I really don't remember how now.

Like I said, I as god/superuser and I as my own admin have no problems logging in, all I want is info to have other admins log in without giving them superuser for the forums ... for some reason my forums require superuser login and I don't want to give that out obviously.
 
montego
PostPosted: Fri Nov 03, 2006 11:05 pm Reply with quote

Bluezz, that is definitely cpanel. You are someone helping you had to have added that password using cpanel. You can check that yourself by logging into cpanel and checking the password protect function.

For NukeSentinel, are you using HTTPAuth or CGIAuth? You should fine this on the main NukeSentinel administration page about midway down. The reason I ask is that if you are using CGIAuth, you may be able to use the same .staccess file to protect the forums admin.

It is important to still protect this. I know that you are not liking the double password bit, but you never know what other exploits people will find in phpBB admin that this stops cold.
 
Bluezzz
PostPosted: Fri Nov 03, 2006 11:09 pm Reply with quote

If it's cpanel then it's not something I did, perhaps it's a host thing. I know we were suppose to 777 .htaccess and .staccess files so ya I did that, they didn't seem to take from my FTP program so I did have to do it from cpanel. I didn't set any folders or files to a pw protect directory tho. I just tried to follow the NS directions as best I could ... and as I said above CGIAuth is what I have to us. To my knowledge no one (and I am the only one god/superuser/reseller host) that is messing with my site files to my knowledge. I did not set any pws in cpanel. So if that indicates I did then some wires got crosses somewhere. I have an .htaccess file in Forums/admin but no .staccess file.
 
montego
PostPosted: Fri Nov 03, 2006 11:25 pm Reply with quote

.htaccess and .staccess should be 666, not 777! I would change that right away.

The added password on the modules/Forums/admin directory is NOT from NukeSentinel. It was related to the phpbb_root_path exploits back earlier this year. It came from this thread here: Only registered users can see links on this board! Get registered or login!

Please check cpanel as I have mentioned. Whether you like to believe it or not, that is where the second password is getting set. I can clearly see that from your .htaccess file that you posted the contents of. BTW, I am going to blank out a bit of that path here in a second.

You could change (make a copy first) the modules/Forums/admin/.htaccess file to be something more like this:

Code:


<Files .staccess>
deny from all
</Files>

<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted Forum Area"
AuthType Basic
AuthUserFile <<same path as what you see in NS for the .staccess path>>


Just copy and paste from the NS main administration page what the full path is to your NS .staccess file and then your admins don't have to log into it twice.
 
Guardian2003
PostPosted: Sat Nov 04, 2006 12:40 am Reply with quote

Only registered users can see links on this board! Get registered or login!
 
Bluezzz
PostPosted: Sat Nov 04, 2006 12:42 am Reply with quote

Well it's whatever is all boxes checked, I may have the numbers wrong, it's whatever NS install said to make it LOL.

Is your suggested change going to allow for each admin to log in with their own username/pw and not have to use god/superuser?

Thanks for your help, not sure I understand what yer telling me tho : o/
 
montego
PostPosted: Mon Nov 06, 2006 6:45 pm Reply with quote

Quote:

Is your suggested change going to allow for each admin to log in with their own username/pw and not have to use god/superuser?


Yes. You still have to make them a nuke admin (but only give them "Forums", not "SuperUser) and you still have to add them to NukeSentinel. They would then log into admin.php like any other admin (which I think you already have them doing this) and then when they click on Forums in the Administration Menu, they will go right into the Forum admin panel (no extra password).

I have this installed this way on my own site and it works just fine.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©