Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
JRSweets
Worker
Worker


Joined: Aug 06, 2004
Posts: 192

PostPosted: Wed Dec 22, 2004 10:13 am Reply with quote

Ok I know HTTP Auth protects admin.php so this link Only registered users can see links on this board! Get registered or login! php?op=forums is protected. However is you goto to:
Only registered users can see links on this board! Get registered or login! you bypass the HTTP Auth login box. Is there a way to have the same login box protect both files?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Dec 22, 2004 4:40 pm Reply with quote

A quick solution would be, if you have .htaccess, you could add theis code to the top of your .htaccess (This is the CGI Auth code)
Code:
# -------------------------------------------

# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
  deny from all
</Files>

<Files modules/Forums/admin/index.php>
   <Limit GET POST PUT>
      require valid-user
   </Limit>
   AuthName "Restricted"
   AuthType Basic
   AuthUserFile /path/to/your/.staccess
</Files>


Then, you will need to set up your .staccess with valid user names and encrypted passwords. We should be able to get this into NukeSentinel where you won't need this, but this would be a quick fix. BTW, I haven't tested it so let me know if it works or not Wink
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Wed Dec 22, 2004 8:21 pm Reply with quote

On my test site i've done this:
Code:
# -------------------------------------------

# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
  <Files .staccess>
    deny from all
  </Files>
  <Files admin.php>
    <Limit GET POST PUT>
      require valid-user
    </Limit>
    AuthName "Restricted by NukeSentinel(tm)"
    AuthType Basic
    AuthUserFile /my/path/to/.staccess
  </Files>
  <Files modules/Forums/admin/index.php>
    <Limit GET POST PUT>
      require valid-user
    </Limit>
    AuthName "Restricted by NukeSentinel(tm)"
    AuthType Basic
    AuthUserFile /my/path/to/.staccess
  </Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------


However it's not bring up the forced login thru CGI Auth Sad

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
BobMarion
PostPosted: Wed Dec 22, 2004 9:13 pm Reply with quote

Smile create a new .htaccess file for your modules/Forums/admin/ directory and add this:
Code:
# -------------------------------------------

# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
  <Files index.php>
    <Limit GET POST PUT>
      require valid-user
    </Limit>
    AuthName "Restricted by NukeSentinel(tm)"
    AuthType Basic
    AuthUserFile /path/to/your/.staccess
  </Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------


This requires that you have CGIAuth completely setup thru NukeSentinel on your site for this to work properly.
 
JRSweets
PostPosted: Thu Dec 23, 2004 12:58 pm Reply with quote

I don't use CGI Auth/.staccess I just use the .htaccess HTTP auth setting. Is there a way to do is using that or do I have to setup CGI Auth/.staccess? If so thats what I will do.
 
JRSweets
PostPosted: Tue Jan 25, 2005 12:40 pm Reply with quote

Raven or Bob,

Do you see a problem with doing this...

Open includes/sentinel.php and find:
Code:
if (basename($_SERVER['SCRIPT_NAME'], '.php')==$admin_file) {

and replace with this:
Code:
if ((basename($_SERVER['SCRIPT_NAME'], '.php')==$admin_file) OR ($_SERVER['SCRIPT_NAME'] == '/modules/Forums/admin/index.php')) {


It seems to work correctly for me and force the HTTP Auth when using a direct link to the forums ACP.
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Jan 25, 2005 3:56 pm Reply with quote

Doesn't seem to work when I tried it but whats new lol!
But this seems to work ok for me:
if ((basename($_SERVER['SCRIPT_NAME'], '.php')==$admin_file) OR (stripos_clone($_SERVER['REQUEST_URI'], '/modules/Forums/admin/'))) {

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
sixonetonoffun
PostPosted: Tue Jan 25, 2005 6:09 pm Reply with quote

Giving this a little more thought just /admin would be pretty good too because it would catch any direct access to modules/modulename/admin too. I can't think of any conflicts off the top of my head.
 
Raven
PostPosted: Tue Jan 25, 2005 9:24 pm Reply with quote

It's good. I just put a separate CGIAuth in the admin folder.
 
JRSweets
PostPosted: Tue Jan 25, 2005 10:08 pm Reply with quote

This might be a dumb question but, whats the difference between $_SERVER['REQUEST_URI'] and $_SERVER['SCRIPT_NAME']?
 
sixonetonoffun
PostPosted: Tue Jan 25, 2005 10:48 pm Reply with quote

I thought $_SERVER['QUERY_STRING'] and $_SERVER['REQUEST_URI'] are basically the full request string and the $_SERVER['SCRIPT_NAME'] and $_SERVER['PHP_SELF'] are the actual script file name. But I've been wrong before.
 
Raven
PostPosted: Wed Jan 26, 2005 1:29 am Reply with quote

See if this helps Only registered users can see links on this board! Get registered or login!
 
JRSweets
PostPosted: Wed Jan 26, 2005 7:45 am Reply with quote

Thanks guys. RavensScripts

So we could use something like this:

Code:
if ((basename($_SERVER['SCRIPT_NAME'], '.php')==$admin_file) OR (stripos_clone($_SERVER['REQUEST_URI'], '/admin'))) { 


or this

Code:
if ((basename($_SERVER['SCRIPT_NAME'], '.php')==$admin_file) OR (stripos_clone($_SERVER['REQUEST_URI'], '/admin/'))) { 


Which would be correct?
 
sixonetonoffun
PostPosted: Mon Jan 31, 2005 10:18 am Reply with quote

I went with this but there is slightly more of a potential for conflict. But it activates when accessing urls like /modules.php?name=Your_Account&file=admin which I like very much.

Code:


if ((basename($_SERVER['SCRIPT_NAME'], '.php')==$admin_file) OR (stripos_clone($_SERVER['REQUEST_URI'], 'admin'))) {
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©