Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Dec 27, 2004 5:32 pm Reply with quote

I am running phpNuke 7.5 with the latest 2.8 Chatserv patches installed (and Sentinel 2.1.2 -- yes, I am a *Good Boy*). I have done nothing to the forums (but do have mods to .htaccess mentioned here) and am confused as to how to get to the latest version since I keep hearing about security issues with prior versions? I believe 7.5 comes with 2.0.10 right?

Can someone please shed some light on whether I (or is it the collective-newbie-WE?) am ok as is or what I need to do to be right with the Forum gods again? I am really concerned about being hacked!

Many thanks,
montego
 
View user's profile Send private message Visit poster's website
JRSweets
Worker
Worker


Joined: Aug 06, 2004
Posts: 192

PostPosted: Mon Dec 27, 2004 5:43 pm Reply with quote

You can check the version number in the nuke_bbconfig table. You should upgrade to 2.0.11 if you are not running it. To upgrade, since you didn't mod the forums, goto Only registered users can see links on this board! Get registered or login! or Only registered users can see links on this board! Get registered or login! and the latest ported version of the forums.
 
View user's profile Send private message
montego
PostPosted: Mon Dec 27, 2004 6:04 pm Reply with quote

The following article from nukeresources regarding the 2.8 patches confuses me:

Only registered users can see links on this board! Get registered or login!

It mentions "plus BBtoNuke 2.0.11 has been added to them". I don't understand whether this means that if I have installed the 2.8 patches I should be at phpBB 2.0.11 or what? Do I have to upgrade any db tables? What a confusing "world" this is...

BTW, I tried finding nuke Forum downloads at the two mentioned sites and could only find a download on nukeresources.

montego
 
mds
Client


Joined: Dec 24, 2004
Posts: 194
Location: Michigan

PostPosted: Mon Dec 27, 2004 10:26 pm Reply with quote

seeing how i am not familiar with what is packaged in the patch's you will have to look around and see if there is a file with this name "upgrade10-11" it should go into the root directory and called from your browser as Only registered users can see links on this board! Get registered or login!

if you do not have this file get it here : Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
montego
PostPosted: Tue Dec 28, 2004 8:15 am Reply with quote

Thank you mds; however, I think the newbies here need to understand what Chatserv means by his statement in his news article regarding the 2.8 patches. I have no idea if he has just patched the 2.0.10 code that came with 7.5 OR if the patch also includes all the functionality and fixes in 2.0.11.

I don't think many of us really want to go upgrade to 2.0.11 if we do not have to, but if we want to, we need to understand what the impact is of applying the 2.8 patches over top of it.

Are these not valid concerns / questions?

montego
 
mds
PostPosted: Tue Dec 28, 2004 11:59 am Reply with quote

well like i said i am not familiar with Chats patched versions sorry but if i was to comment on this i would only be providing mis information...however standard 7.5 comes with PHPBB 2.0.10 and the newest out is 2.0.11

Quote:
Are these not valid concerns / questions?

montego


absolutely

somebody else here is better to answer these concerns they know more about the codeing and what is safe and what is best...
Happy Holidays
 
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Tue Dec 28, 2004 12:51 pm Reply with quote

Ok, from my experience over the last week or so, Chat's 2.8 patch indeed has all relevant 2.0.11 files intact and ready to go. He even added my security graphic hack to the usercp_confirm.php file. Yes, I too noticed that there is no 2.0.10 to 2.0.11 upgrade file, although there is one with the bbtonuke update. I know, it's confusing...

If you had a 2.0.10, the only thing the upgrade does is store the new version number (.0.11) to the {prefix}_bbconfig table, and creates the {prefix}_bbconfirm table (which is new). If you are using Nuke to register new users, then the bbconfirm table is unnecessary and will never be accessed. If you use Forums for new user registrations, then the bbconfirm table is only necessary if you activate the security image in Forum Admin panel.

Here are the querys you can use to update from 2.0.10 to 2.0.11 by hand:
(using phpMyAdmin or similar)

Code:
UPDATE nuke_bbconfig SET config_value = '.0.11' WHERE config_name = 'version' LIMIT 1 ;


then

--
-- Table structure for table `nuke_bbconfirm`
--

DROP TABLE IF EXISTS nuke_bbconfirm;
CREATE TABLE nuke_bbconfirm (
  confirm_id char(32) NOT NULL default '',
  session_id char(32) NOT NULL default '',
  code char(6) NOT NULL default '',
  PRIMARY KEY  (session_id,confirm_id)
) TYPE=MyISAM;


Pay attention to the prefix nuke_!! If your prefix is different (check config.php if you're unsure), replace all instances of nuke_ with your prefix!

If you were running any other version than 2.0.10 before upgrading, you can run these queries, but they may not be enough! They just cannot hurt anything... versions prior to 2.0.10 might require some other adjustments, so best bet is to 'step through' the upgrade scripts for the Forums until you get to 2.0.10. Then the above queries will be the only thing you need to go from 2.0.10 to 2.0.11

PHrEEk
 
View user's profile Send private message
montego
PostPosted: Tue Dec 28, 2004 12:54 pm Reply with quote

PHrEEk,

Your post was absolutely perfect! That is exactly what I needed and what I hope other relative newbies needed as well. Very much appreciated.

Wave

Thank you, thank you, thank you,
montego
 
morpheus_75
Involved
Involved


Joined: Oct 07, 2003
Posts: 302

PostPosted: Wed Dec 29, 2004 3:28 am Reply with quote

I don't know if PHrEEkie's post has already answered the following question. If it has, please forgive me for the bother.

This is my point. I have phpbb 2.0.10 and need to upgrade to 2.0.11 WITHOUT installing all the package. In fact my forum is quite modded and I'd rather make changes manually.

Can anyone help me?

Thanks a lot! Smile
 
View user's profile Send private message
JRSweets
PostPosted: Wed Dec 29, 2004 7:12 am Reply with quote

Check Only registered users can see links on this board! Get registered or login! or Only registered users can see links on this board! Get registered or login! They both have a knowledge base that includes manually upgrade instructions.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©