Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in Your Account Fix Goto page 1, 2  Next View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) Bug Reports Author Message Tank863 New Member Joined: May 29, 2003 Posts: 16 Posted: Thu May 27, 2004 8:32 pm This was uncovered by NSN Sentinel(tm) when applied to the test sites. In Your Account's index.php file you will find 4 placements of: Code: getusrinfo($user); if (($userinfo[username] != $cookie[1]) AND ($userinfo[user_password] != $cookie[2])) { What if you are using NSN's Your Account Version: 3.2.0 Alpha.. does this apply and where would I need to fix it? sixonetonoffun Spouse Contemplates Divorce Joined: Jan 02, 2003 Posts: 2499 Posted: Thu May 27, 2004 9:27 pm Have to check with Bob M on that one I've not seen it mentioned at all though. You could test by creating a new user and if it succeeds your probably ok with that one. peace Worker Joined: Mar 11, 2004 Posts: 209 Posted: Fri May 28, 2004 6:06 am hello i have questions plz i download it and wanna know if it contains this fix or should i do it manually . will it work well with ;i use 7.3 ( it has union tab or hack what else) and have Raven's HA thx Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Fri May 28, 2004 7:17 am peace wrote: hello i have questions plz i download it and wanna know if it contains this fix or should i do it manually . will it work well with ;i use 7.3 ( it has union tab or hack what else) and have Raven's HA thx It contains the fix in the sense that it includes instructions on how to fix it. Union Tap and my original hack alert are not needed although it won't hurt to leave the code in. If you leave the code in you should place Sentinel first. peace Worker Joined: Mar 11, 2004 Posts: 209 Posted: Fri May 28, 2004 2:01 pm ty for anaswer raven BobMarion Former Admin in Good Standing Joined: Oct 30, 2002 Posts: 1043 Location: RedNeck Land (known as Kentucky) Posted: Fri May 28, 2004 2:28 pm Not all NSNYA's have the patch applied so you will need to check teh edituser, edithome, editcomm, and chngtheme routines to see if your copy has the patch. peace Worker Joined: Mar 11, 2004 Posts: 209 Posted: Fri May 28, 2004 2:43 pm hello Bob i dont have NSNYA coz i see u havent one yet for 7.3 so i m waitin if Raven have time to update his no mail hack for 7.3 im havin problems with activation mails SOMETIMES p.s wooohoooo welcome to Admin Team BobMarion Former Admin in Good Standing Joined: Oct 30, 2002 Posts: 1043 Location: RedNeck Land (known as Kentucky) Posted: Fri May 28, 2004 2:54 pm Hint, PHP-Nuke 7.3 is the same as 7.2 as 7.1 as far as NSNYA goes Plus I should have said that was in reply to tank's question up top peace Worker Joined: Mar 11, 2004 Posts: 209 Posted: Fri May 28, 2004 3:14 pm thx for reply & hints Bob sorry Tank for messing your topic Bob Raven put in progress 'Raven's Auto Registration for 7.3' for me tho coz he know my problem so if i use your NSNYA ill feel sad and guilty regards BobMarion Former Admin in Good Standing Joined: Oct 30, 2002 Posts: 1043 Location: RedNeck Land (known as Kentucky) Posted: Fri May 28, 2004 3:29 pm Not a problem I completely understand. Tank863 New Member Joined: May 29, 2003 Posts: 16 Posted: Sat May 29, 2004 8:28 am Bob, Thanks for answering my many posts all over the place.. (sorry about that) I posted them, not knowing you are everywhere Anyway.. to update this thread. I did have to apply the fixes to the following: edituser, edithome, editcomm, and chngtheme again.. thanks ... MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Sat May 29, 2004 4:16 pm I have a funny one here, i have a few users, that since applying the YA fix, cannot get to the "change info"; Change Home; Change Comms and Change Theme sections, it boots them straight back to YA page, as it would if not correct user by the else main($user) line. It is only for a few tho, I can access mine fine, not a problem, but if I log in as one of those having the problem, I cannot get to those functions either, so doesnt appear to be a cookie related issue. Any ideas? sixonetonoffun Spouse Contemplates Divorce Joined: Jan 02, 2003 Posts: 2499 Posted: Sat May 29, 2004 7:16 pm Tank Thanks for posting back! MickP is that the latest version of changes to YA from Raven's front page? Only registered users can see links on this board! Get registered or login to the forums! MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Sun May 30, 2004 1:59 am Yes, thats the one, it has only started since changing those lines. I am running a modified 6.5/7.2 version (i started at 6.5, but have been manually making changes since, due to my pages being customised for the site) Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Sun May 30, 2004 7:35 am MickP wrote: I have a funny one here, i have a few users, that since applying the YA fix, cannot get to the "change info"; Change Home; Change Comms and Change Theme sections, it boots them straight back to YA page, as it would if not correct user by the else main($user) line. It is only for a few tho, I can access mine fine, not a problem, but if I log in as one of those having the problem, I cannot get to those functions either, so doesnt appear to be a cookie related issue. Any ideas? Mick, I had the exact same problem (6.9). That's when we discovered the security holes in YA. Once I made those fixes all was well. But, you say you made those changes so I am perplexed about your situation. What I would suggest is that you take just one of the functions in YA, like Change Theme and debug it. Put a statement like Code: die('here'); in various places in the change theme function to find out where the function is dying. When you isolate that point, that should reveal the problem. MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Sun May 30, 2004 7:18 pm Ok, this is where it fails, tho do not know why, Code: function chgtheme() {     global $user, $userinfo, $Default_Theme, $cookie, $module_name;  cookiedecode($user); getusrinfo($user); if (($userinfo[username] == $cookie[1]) AND ($userinfo[user_password] == $cookie[2])) { die('here'); with die on the line above, it shows the "here" on a blank page, on the line shown, it just returns you to the YA main page. Ps. If i revert code back to Code:       getusrinfo($user);     if (($userinfo[username] != $cookie[1]) AND ($userinfo[user_password] != $cookie[2])) { it all works fine again. Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Sun May 30, 2004 9:34 pm MickP, you're not using the latest code (it was updated). See the news item on the front page. MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Sun May 30, 2004 10:52 pm yep, just changed to the new code, it now reads Code: function chgtheme() {     global $user, $userinfo, $Default_Theme, $cookie, $module_name; cookiedecode($user); getusrinfo($user); if ((is_user($user)) AND ($userinfo['username'] == $cookie[1]) AND ($userinfo['user_password'] == $cookie[2])) {     include ("header.php");     OpenTable(); my account works fine still, one of the ones that is/was having problems, I have just checked, and it has made no difference. it still dies in the same position as above. BobMarion Former Admin in Good Standing Joined: Oct 30, 2002 Posts: 1043 Location: RedNeck Land (known as Kentucky) Posted: Mon May 31, 2004 12:22 am I tried visiting your site but I got a DNS error Will try again tomorrow after all these storms pass. MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Mon May 31, 2004 12:31 am Thanks, Not sure why you got a DNS error, all is fine here. If you need log in details of one of the members that is having problems with it to try, let me know and I will PM them to you. scubamaxx New Member Joined: Aug 18, 2002 Posts: 11 Location: Vienna, Austria Posted: Mon May 31, 2004 3:35 pm MickP wrote: Code: function chgtheme() {     global $user, $userinfo, $Default_Theme, $cookie, $module_name; cookiedecode($user); getusrinfo($user); if ((is_user($user)) AND ($userinfo['username'] == $cookie[1]) AND ($userinfo['user_password'] == $cookie[2])) {     include ("header.php");     OpenTable(); on my system it only works when i give a != and == in case of == == ?!?!? Code: function chgtheme() {     global $user, $userinfo, $Default_Theme, $cookie, $module_name; cookiedecode($user); getusrinfo($user); if ((is_user($user)) AND ($userinfo['username'] != $cookie[1]) AND ($userinfo['user_password'] == $cookie[2])) {     include ("header.php");     OpenTable(); sixonetonoffun Spouse Contemplates Divorce Joined: Jan 02, 2003 Posts: 2499 Posted: Mon May 31, 2004 4:06 pm For your sanity I'm experiencing the same thing with PHPNuke7.3 on Win2k/Apache1.3.29/PHP4.3.4/MySQL4.1.1a As long as the line is (for all 4 functions) if ((is_user($user)) AND ($userinfo['username'] != $cookie[1]) AND ($userinfo['user_password'] == $cookie[2])) { everything seems fine. The thing thats really bugging me is I can't seem to figure out why! Not = and compare values are two totally different things. Why it should work one way for some and not for others throws me here. This doesn't matter if Sentinel is active or not the results the same. chatserv The Mouse Is Extension Of Arm Joined: May 02, 2003 Posts: 1396 Location: Puerto Rico Posted: Mon May 31, 2004 4:08 pm To anyone having problems with this code email me your index for the Your_Account module and your site url to Only registered users can see links on this board! Get registered or login to the forums! MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Mon May 31, 2004 4:42 pm Hi All, I have found the problem with this, if someone could arrive at the solution If I signed up as MICK, but log on as Mick, it will not allow me into those 4 areas, if I log in as MICK, all is fine. This goes for any members on my site, if what is in the database does not match (casewise as well as characters) what you sign in as, this will happen. MickP Hangin' Around Joined: Sep 17, 2003 Posts: 31 Location: Australia Posted: Mon May 31, 2004 4:46 pm Just tested here on this site and the same occurs, would something like Code:                 $username = strtolower($username); work in there somewhere? Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) Bug Reports Goto page 1, 2  Next  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------RavenNuke / Raven CMS CMS WikiSecurity IssuesConverting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General DiscussionCertification - Submit Scripts For RavenNuke(tm) CertificationCertification - Modules, Blocks, Other Scripts/Applications Converted For RavenNuke(tm)Certification - All Discussion RavenNuke(tm) v2.5x----------------RavenNuke(tm) v2.5x RavenNuke(tm) v2.4x----------------v2.4 RN Announcementsv2.4 RN Documentationv2.4 RN Issues RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestionsv2.30.01 RN Security Issuesv2.30.01 RN New Installation Issuesv2.30.01 RN Upgrade Issuesv2.30.01 RN All Other Issues RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePieeCommerce Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroRaven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroPublic Testing of RavenNuke(tm) v2.10.00HtAccesserIssues/Problems With This Site Security----------------NukeSentinel(tm) Country and IP2Country UpdatesSecurity - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsPHP-Nuke Patched Series By Chatserv Information About Forums----------------PHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsDesign Discussions Scripts - General----------------Bug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountBrowser Specific IssuesUpgrading NukeNuke Treasury NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepositoryNSN NukeProject Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Private----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
:: :: ::

zerosum