Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
KevvieBhoy
New Member
New Member


Joined: Jan 06, 2005
Posts: 3
Location: Bonnie Scotland

PostPosted: Fri Jan 07, 2005 3:44 am Reply with quote

Hi, i originally posted this message in bug reports, but reading some of the other posts in this forum i think it might belong in here instead. Apologies then for the cross-post.

First, greets to Raven, Bob and everyone else involved in the gem that is NukeSentinel.

I've just setup Nuke 7.6 Patched with Sentinel 2.1.3

My problem appeared when setting up Admin Auth.

I want to use CGIAuth instead of HTTPAuth. (Is CGIAuth a better method than HTTPAuth, i heard it was because it is server level?)

HTTPAuth works fine, asking for my Auth Login and Auth Password when setup.

However, when i setup to run CGIAuth i am instead asked for my AdminID and Auth Password, not my Auth Login and Auth Password.

I checked the .staccess and it is being written to ok whenever i change password, but the user always remains the same, my AdminID. Even when i change my Auth Login, my AdminID is still written to the file.

I had a squint at ABCGIBuild.php...

Code:
if(is_god($admin)) {

  if($abconfig['http_auth'] == 2 AND $abconfig['staccess_path'] > "") {
    $stwrite = "";
    $adminresult = $db->sql_query("SELECT * FROM ".$prefix."_nsnst_admins WHERE password_crypt>'' ORDER BY aid");
    while($adminrow = $db->sql_fetchrow($adminresult)) {
      $stwrite .= $adminrow['aid'].":".$adminrow['password_crypt']."\n";
      $doit = fopen($abconfig['staccess_path'], "w");
      fwrite($doit, $stwrite);
      fclose($doit);
    }
  }
  Header("Location: ".$admin_file.".php?op=ABAuthList");
} else {
  Header("Location: ".$admin_file.".php?op=ABMain");
}


I believe the offending section is...

Code:
$stwrite .= $adminrow['aid'].":".$adminrow['password_crypt']."\n";


The code is writing adminrow 'aid' where it should be writing 'login'

I changed the above code and now it is working fine, asking for my Auth Login and Auth Password, writing the correct info to .staccess whenever i change it in my Admin Auth List.

Hope this helps, or maybe i've just got it wrong and Sentinel is supposed to use the AdminID.

My updated code reads...

Code:
if(is_god($admin)) {

  if($abconfig['http_auth'] == 2 AND $abconfig['staccess_path'] > "") {
    $stwrite = "";
    $adminresult = $db->sql_query("SELECT * FROM ".$prefix."_nsnst_admins WHERE password_crypt>'' ORDER BY aid");
    while($adminrow = $db->sql_fetchrow($adminresult)) {
      $stwrite .= $adminrow['login'].":".$adminrow['password_crypt']."\n";
      $doit = fopen($abconfig['staccess_path'], "w");
      fwrite($doit, $stwrite);
      fclose($doit);
    }
  }
  Header("Location: ".$admin_file.".php?op=ABAuthList");
} else {
  Header("Location: ".$admin_file.".php?op=ABMain");
}

Best Regards.
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Jan 07, 2005 5:07 am Reply with quote

Yes, CGIAuth (My term) is somewhat safer since it is at the server level if you are running Apache and have access to .htaccess.

As to the rest of your post, we will check it out and get back to you. Thanks!
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©