Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Tekniqal
New Member
New Member


Joined: Nov 10, 2004
Posts: 4

PostPosted: Sat May 21, 2005 2:14 pm Reply with quote

Hello,
I am having some problems doing this. When I go into my Sentinel options the particular cvar, "Admin Auth:" is unchangeable. I am assuming there should be a drop down menu to select between CGIAuth and HTTPAuth. However, I think it is trying to use HTTPAuth because it just says..."HTTPAuth Requires "register_globals" to be ON" My webhosting provider has already told me they will not turn on register_globals. So I guess I need to either manually turn on CGIAuth through phpMyAdmin or disable the register_globals checking. How should I go about doing this. I am using Nuke 7.7 and Apache/2.0.54. Currently when I try to goto admin.php it asks for my user and password but the user and pass that I set up in the Sentinel admin list arent working here. I have checked the nuke_nsnst_admins table and the correct info is in there. So I am kinda stuck. Your help is much appreciated.
-Chris
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat May 21, 2005 5:38 pm Reply with quote

I am pretty sure that I have installed it on sites that have register_globals off, so I need to investigate that and provide my findings. Let's skip the NS setup and do it this way.

Code:
<form method='post'>

Enter password to be encrypted using crypt(EX:EX): <input name='pw'><br /><br />
Enter the 'salt' value for the encryption (8 long): <input name='salt' maxlength='16'><br /><br />
<input type='submit' name='submit' value='Encrypt'><br /><br />
<?
if (isset($_POST['submit'])&&isset($_POST['pw'])&&!empty($_POST['pw'])) {
   echo "Password <b>".$_POST['pw']."</b> translated is <b>".crypt($_POST['pw'],$_POST['salt'])."</b>";
}
?>


The above script should be saved as a file and then ftp it to your server or just run it locally if you have a PHP setup on your PC (it doesn't require nuke). It will allow you to enter a password in plain text and then it will encode it using the crypt() function. It will produce a line of text like userid:encoded_password. You then place userid:encoded_password in the .staccess file. For instance, let's say your userid is Tekniqal and you want to use a password of ravenscripts. Running it through the script using a salt value of SK (The salt value can be any 2 character code you want) will produce this
Code:
Password ravenscripts translated is SKaO7Wem4oeco


So, your .staccess should look like
Code:
Tekniqal:SKaO7Wem4oeco

and your .htaccess should have, at a minimum, this code. The ?????? would be replaced by your userid on your server. If .staccess is in a subfolder, the the subfolder name would go after the public_html folder and before the /.staccess
Code:
<Files .staccess>

  deny from all
</Files>

<Files admin.php>
   <Limit GET POST PUT>
      require valid-user
   </Limit>
   AuthName "Restricted by NukeSentinel(tm)"
   AuthType Basic
   AuthUserFile /home/???????/public_html/.staccess
</Files>
 
View user's profile Send private message
Tekniqal
PostPosted: Sat May 21, 2005 5:55 pm Reply with quote

Alright, now I got my username and pass working by encrypting my own pass and placing that code in the .staccess. The next step would be the .htaccess code. This is what I have...
Code:
# -------------------------------------------

# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Tekniqal"
AuthType Basic
AuthUserFile /usr/www/ue/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------

Is this ok? I can log into the admin fine now with how the files are set up. I guess the only thing that is acting up would be the drop down menu for the Auth Type. Should I just not worry about this?

Thanks so much for your help.
-Chris
 
Raven
PostPosted: Sat May 21, 2005 6:07 pm Reply with quote

Don't worry about the NS drop down. I need to investigate the register_globals setup when I get time. As long as this is working you are protected just as if NS was doing it.
 
Tekniqal
PostPosted: Sat May 21, 2005 9:17 pm Reply with quote

Sounds great, thx for your help. Good work on the script. Cant wait to start playin around with it.
 
counteru
New Member
New Member


Joined: Apr 29, 2005
Posts: 4

PostPosted: Tue May 24, 2005 4:32 pm Reply with quote

I am tryin to follow these steps.. but im havin problems with my .htaccess file. For the life of me i cannot figure out what i need to put in there. If i use that file it blocks everyone from gettin in my site .. gives me an error that says the site is misconfigured. I only have the sample .htaccess file and sample .stacces file.. havent changed them.. and dont really understand how i am suppose to change them. can someone please explain what I do with these?
 
View user's profile Send private message
Tekniqal
PostPosted: Tue May 24, 2005 7:17 pm Reply with quote

Before anything, make your htaccess and staccess blank so that you can get into your site.

Basically, you need to make a .php file named whatever u want with the following code.
Code:


<form method='post'>
Enter password to be encrypted using crypt(EX:EX): <input name='pw'><br /><br />
Enter the 'salt' value for the encryption (8 long): <input name='salt' maxlength='16'><br /><br />
<input type='submit' name='submit' value='Encrypt'><br /><br />
<?
if (isset($_POST['submit'])&&isset($_POST['pw'])&&!empty($_POST['pw'])) {
   echo "Password <b>".$_POST['pw']."</b> translated is <b>".crypt($_POST['pw'],$_POST['salt'])."</b>";
}
?>

Now goto that file in your webbrowser ie. Only registered users can see links on this board! Get registered or login!
Put your desired password in the first textbox. And put a "salt" value in the second. You can just use SK as Raven said. Once you get the encrypted password, place that in the .staccess (this file holds your admin users). Your .staccess file will look like:
Code:
<desired username here>:<encrypted password from pass.php here>


Now, to get your needed code for the .htaccess there is a easy way to have Sentinel generate it for you. First goto your admin panel in nuke and then goto the nukesentinel section. Ont hat page scroll down and look at the option, "htaccess Path:" Make sure this is filled in. You should be able to just use the path that they give you right below it. This is what mine said and it is correct "Normally: /usr/www/ue/.htaccess". Do the same for staccess. Now click "CGIAuth Setup" which is right below the staccess path. You will see that it displays a generated htaccess file for ya. It will look something like:
Code:
# -------------------------------------------

# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>

<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /usr/www/ue/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------


Just replace the "Restricted by NukeSentinel(tm)" with the username you placed in staccess. Place the code in htaccess and you are set.

Hope this helps. Its exactly how I did it.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©