Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
Dove
New Member
New Member


Joined: Jun 29, 2004
Posts: 11
Location: USA

PostPosted: Thu Jun 09, 2005 3:54 am Reply with quote

Hello,
First I'd like to say what a pleasure it always is
browsing your forums. Smile

After installing a fresh Sentinel 2.30 on a Nuke 7.7
web with 3.0 patches, I received a white page (on the main
page- index) with Firefox 1.04, Netscape 7.2, & Opera. All but
IE (for once Wink ). Hitting the "refresh" button loads the page and all is fine.

I checked my server logs and saw this warning:

PHP Warning: ob_start(): output handler 'ob_gzhandler' cannot be used after 'URL-Rewriter' in /home/mysite/public_html/mainfile.php on line 54

The site was fine until installing Sentinel 2.30.

I did see a similar post Only registered users can see links on this board! Get registered or login!

and changing the 3.0 patched code from:
Code:
ob_start(array('ob_gzhandler',5));

         ob_implicit_flush(0);
         header('Content-Encoding: gzip');


back to the original as Chatserv suggested:
Code:
ob_start();

         ob_implicit_flush(0);
         //header('Content-Encoding: gzip');


Fixed it. Smile

Hope this helps someone that adds Sentinel after the patch.

My server specs
Linux - apache 1.3.33
php 4.3.11
 
View user's profile Send private message
sting
Involved
Involved


Joined: Sep 23, 2003
Posts: 456
Location: Somewhere out there...

PostPosted: Sat Jun 18, 2005 10:03 pm Reply with quote

Thanks much! I am having this same issue on one of my sites, great to know the fix.

-sting
 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat Jun 18, 2005 11:49 pm Reply with quote

You might also try moving this code
Code:
if (defined('FORUM_ADMIN')) {

  @include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
  @include_once("../../includes/nukesentinel.php");
} else {
  @include_once("includes/nukesentinel.php");
}

after
Code:
$phpver = phpversion();

if ($phpver < '4.1.0') {
   $_GET = $HTTP_GET_VARS;
   $_POST = $HTTP_POST_VARS;
   $_SERVER = $HTTP_SERVER_VARS;
}
if ($phpver >= '4.0.4pl1' && strstr($_SERVER["HTTP_USER_AGENT"],'compatible')) {
   if (extension_loaded('zlib')) {
      ob_end_clean();
      ob_start('ob_gzhandler');
   }
} else if ($phpver > '4.0') {
   if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
      if (extension_loaded('zlib')) {
         $do_gzip_compress = TRUE;
         ob_start(array('ob_gzhandler',5));
         ob_implicit_flush(0);
         header('Content-Encoding: gzip');
      }
   }
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
   $PHP_SELF = $_SERVER['PHP_SELF'];
}

in mainfile.php. Let me know if that works and I will add this to the NukeSentinel FAQ.
 
View user's profile Send private message
infidelguy
Hangin' Around


Joined: May 25, 2005
Posts: 26
Location: Atlanta, Georgia

PostPosted: Tue Jun 21, 2005 10:04 am Reply with quote

Raven, this fixed my problem:

Mac users using Solaris also had a problem, their problem is gone too! The error they were getting is: nsurl-error domain 1011.

Thanks!
 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
infidelguy
PostPosted: Tue Jun 21, 2005 11:31 am Reply with quote

Oh wait! Hey Raven or Bob, now that I have made these changes. I no longer get a blocked page notification when I conduct a union attack.

Help please?
 
Raven
PostPosted: Tue Jun 21, 2005 11:55 am Reply with quote

Please post your first 100 lines or so of mainfile.php. That should not stop Sentinel.
 
infidelguy
PostPosted: Tue Jun 21, 2005 12:12 pm Reply with quote

I made the changes as recommended by Dove and it works now. Possibly less secure I'm sure. Here is my current mainfile.php

Code:


<?php
if (defined('FORUM_ADMIN')) {
    @include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
    @include_once("../../includes/nukesentinel.php");
} else {
    @include_once("includes/nukesentinel.php");
}

if (!ini_get("register_globals")) {
    import_request_variables('GPC');
}

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/
/* Additional security checking code 2003 by chatserv                   */
/* http://www.nukefixes.com -- http://www.nukeresources.com             */
/************************************************************************/
define('NUKE_FILE', true);
if (file_exists("includes/custom_files/custom_mainfile.php")) {
   include_once("includes/custom_files/custom_mainfile.php");
}
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
   die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

$phpver = phpversion();
if ($phpver < '4.1.0') {
    $_GET = $HTTP_GET_VARS;
    $_POST = $HTTP_POST_VARS;
    $_SERVER = $HTTP_SERVER_VARS;
}
if ($phpver >= '4.0.4pl1' && strstr($_SERVER["HTTP_USER_AGENT"],'compatible')) {
    if (extension_loaded('zlib')) {
   ob_end_clean();
   ob_start('ob_gzhandler');
    }
} else if ($phpver > '4.0') {
    if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
   if (extension_loaded('zlib')) {
       $do_gzip_compress = TRUE;
       ob_start();
                  ob_implicit_flush(0);
                  //header('Content-Encoding: gzip');
   }
    }
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
    $PHP_SELF = $_SERVER['PHP_SELF'];
}

if(isset($admin))
{
   $admin = base64_decode($admin);
   $admin = addslashes($admin);
   $admin = base64_encode($admin);
}

if(isset($user))
{
   $user = base64_decode($user);
   $user = addslashes($user);
   $user = base64_encode($user);
}

foreach ($_GET as $sec_key => $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||

 
Raven
PostPosted: Tue Jun 21, 2005 12:16 pm Reply with quote

Change it back as I instructed. Then remove this code
Code:
//Union Tap

//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
   die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

That's in the installation instructions, btw. That's what's blocking NukeSentinel. You don't need it.
 
infidelguy
PostPosted: Tue Jun 21, 2005 12:49 pm Reply with quote

Hi Raven and thank you for you patience and kindness,

Everything works fine now.

In your instructions at section 4, you start talking about Upgrading. This lead me to think that everything else was about upgrading, which it obviously was not. So I ignored that part.

I apologize for not understanding.

Thanks, everything is gold. Smile
 
Dove
PostPosted: Tue Jun 21, 2005 2:19 pm Reply with quote

That worked perfect Raven, thank you.
 
Raven
PostPosted: Tue Jun 21, 2005 4:04 pm Reply with quote

infidelguy wrote:
Hi Raven and thank you for you patience and kindness,

Everything works fine now.

In your instructions at section 4, you start talking about Upgrading. This lead me to think that everything else was about upgrading, which it obviously was not. So I ignored that part.

I apologize for not understanding.

Thanks, everything is gold. Smile
Hey! No aplogy needed. We keep tweaking the ReadMe to make it better. Thanks for the feedback!
 
Raven
PostPosted: Tue Jun 21, 2005 4:05 pm Reply with quote

Dove wrote:
That worked perfect Raven, thank you.
RavensScripts
 
sting
PostPosted: Tue Jun 21, 2005 9:03 pm Reply with quote

Ahhh Union Tap.

The Spiders! Get them off me.

It was fun though for a while there... Wink

-sting
 
MarkyBear
Hangin' Around


Joined: Mar 27, 2005
Posts: 39

PostPosted: Sat Jun 25, 2005 10:43 am Reply with quote

This did the trick for me too, although the codeing was a little different for some reason in my mainfile, I just added it after the:

Code:
 $PHP_SELF = $_SERVER['PHP_SELF']; 

}


and it's worked fine with no more errors!

Thanks Raven!!
 
View user's profile Send private message
Sfolivier
New Member
New Member


Joined: Jun 29, 2005
Posts: 15

PostPosted: Sun Jul 10, 2005 2:01 pm Reply with quote

I moved

Code:
if (defined('FORUM_ADMIN')) {

  @include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
  @include_once("../../includes/nukesentinel.php");
} else {
  @include_once("includes/nukesentinel.php");
}


as instructed and it solved the problem for me as well (just in case you're still wondering if it's FAQ material).

Thanks for the tip (I don't count how many times this forum helped me).
 
View user's profile Send private message
Raven
PostPosted: Sun Jul 10, 2005 4:08 pm Reply with quote

RavensScripts
 
Donovan
Client


Joined: Oct 07, 2003
Posts: 735
Location: Ohio

PostPosted: Fri Jul 22, 2005 10:53 pm Reply with quote

Well I have read this thread and others but cannot get the site back up. Fresh install of 7.6 v3.0b with NukeSentinel_71-78_232. Restored the original edited files but it is still blank.

I run the old analyze.php and I have a good connection.

This is my third time installing Sentinal. You would think I would get it right.

I have yet to run the nsnst.php as I have yet to get the site up again. I uploaded all the files along with the edited filed and the site went blank before I ran the nsnst.php

I tried to clear cookies but no good. I even tried to run the nsnst.php regardless but no joy.
 
View user's profile Send private message Visit poster's website ICQ Number
Raven
PostPosted: Fri Jul 22, 2005 11:10 pm Reply with quote

Take NukeSentinel out of the picture. Drop the database and delete all the files. Then, reload the files w/o NS and recreate the database. Does the site come up? What site is it?
 
Donovan
PostPosted: Sat Jul 23, 2005 10:11 am Reply with quote

I can't drop the database as it was an import of around 60 users of a PHPBB site. Everything was working perfectly until I tried to install Sentinal. Before I had a chance to run the nsnst.php I had a blank page.
Only registered users can see links on this board! Get registered or login!
 
Raven
PostPosted: Sat Jul 23, 2005 10:16 am Reply with quote

What is the error log showing? Are you sure the MySQL parameters are correct?
 
Donovan
PostPosted: Sat Jul 23, 2005 10:20 am Reply with quote

[23-Jul-2005 00:20:47] PHP Fatal error: main(): Failed opening required 'mainfile.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/bcring/public_html/modules.php on line 20
 
Donovan
PostPosted: Sat Jul 23, 2005 10:21 am Reply with quote

Another one


[23-Jul-2005 00:20:47] PHP Warning: main(mainfile.php): failed to open stream: No such file or directory in /home/bcring/public_html/modules.php on line 20
 
Donovan
PostPosted: Sat Jul 23, 2005 10:26 am Reply with quote

Only registered users can see links on this board! Get registered or login!

MySQL parameters where working before I installed so why would they be wrong now?
 
Donovan
PostPosted: Sat Jul 23, 2005 10:37 am Reply with quote

Deleted all file uploads and replaced all edited files (mainfile, admin, header) and site is back up but without the center message.
Only registered users can see links on this board! Get registered or login!
 
Donovan
PostPosted: Sat Jul 23, 2005 11:04 am Reply with quote

Well the site is back up without Sentinal. A remaining bug is now I have no messages on the front page. I had one programmed with unlimited expiration but I don't see it any more. I deleted and redid it but still nothing. Cleared cookies but again not seeing the front page message.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©