Forum Admin Inaccessable STILL!

DataMatrix · New Member Joined: May 04, 2005 Posts: 2

I tried every single thing to do and I still get this error:
"Warning: main(config.php): failed to open stream: No such file or directory in d:\appserv\www\includes\nukesentinel.php on line 37

Fatal error: main(): Failed opening required 'config.php' (include_path='.;c:\php4\pear') in d:\appserv\www\includes\nukesentinel.php on line 37"

Any help would be appreciated Smile

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

It can't find something its trying to open. What is line 37 in your \includes\nukesentinel.php? You can open that file with any text editor or notepad.

Raven · Posted: Wed May 04, 2005 11:13 pm

What version of phpnuke?
What version of NukeSentinel(TM)?
What patch level of Chatserv's?

chatserv · Posted: Thu May 05, 2005 12:51 am

This means the files have a mix of $forum_admin and FORUM_ADMIN which is the correct one to use, these have to be edited in mainfile.php, db.php, pagestart.php, common.php and sentinel.php, they all must match, in essence:
if ($forum_admin == 1) {
is incorrect, it should be:
if (defined('FORUM_ADMIN')) {
in the listed files, same with:
$forum_admin = 1;
which should be:
define('FORUM_ADMIN', true);

DataMatrix · New Member Joined: May 04, 2005 Posts: 2

Ok, working now, thanks chatserv and thanks for the responses kguske and Raven Smile

ring_c · Involved Joined: Dec 28, 2003 Posts: 276 Location: Israel

chatserv wrote:

This means the files have a mix of $forum_admin and FORUM_ADMIN which is the correct one to use, these have to be edited in mainfile.php, db.php, pagestart.php, common.php and sentinel.php, they all must match, in essence:
if ($forum_admin == 1) {
is incorrect, it should be:
if (defined('FORUM_ADMIN')) {
in the listed files, same with:
$forum_admin = 1;
which should be:
define('FORUM_ADMIN', true);

Thanks alot, chatserv. I had the same problem as well, and now I've fixed it according to your direction.

I have only one question. There are 2 common.php files. one under /forums/ and the other under /forums/admin/ .

The one under the admin dir. contains this code:

Code:

$forum_admin = "1";

Should it be also replaced with

Code:

define('FORUM_ADMIN', true);

?

TIA!

chatserv · Posted: Wed May 11, 2005 10:27 am

Delete the one under forums/admin

ring_c · Involved Joined: Dec 28, 2003 Posts: 276 Location: Israel

Quote:

Delete the one under forums/admin

You mean remove the whole file?
Anyway, I've renamed it and it all seems to work...

chatserv · Posted: Wed May 11, 2005 6:10 pm

I meant the common.php file found in the forum's admin directory.

dsfreak · New Member Joined: May 12, 2005 Posts: 7

Ok, where can I find all these files?

dsfreak · New Member Joined: May 12, 2005 Posts: 7

Ok, I have found the following in the following directories....

common.php in root/modules/Forums
mainfile.php in root
db.php in root/db
sentinel.php in (havent found, but did find NukeSentinel.php)in root/includes
pagestart.php in root/modules/Forums/admin (but it doesn't have any of the code listed above.... help plz!!!)

chatserv · Posted: Sat May 14, 2005 10:25 am

The files you listed are the correct ones, post your pagestart.php file here, place the code within code bb tags and disable smilies and html when posting it.

dsfreak · New Member Joined: May 12, 2005 Posts: 7

Ok, the one under forums/admin?

chatserv · Posted: Sat May 14, 2005 1:20 pm

Yes, it should be the only one.

dsfreak · New Member Joined: May 12, 2005 Posts: 7

Ok, here it is....

Code:

<?php
/***************************************************************************
* pagestart.php
* -------------------
* begin : Thursday, Aug 2, 2001
* copyright : (C) 2001 The phpBB Group
* email :

Only registered users can see links on this board!
Get registered or login to the forums!

*
* $Id: pagestart.php,v 1.1.2.6 2003/05/06 20:18:42 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
* phpbb2 forums port version 2.0.5 (c) 2003 - Nuke Cops (http://nukecops.com)
*
* Ported by Nuke Cops to phpbb2 standalone 2.0.5 Test
* and debugging completed by the Elite Nukers and site members.
*
* You run this package at your sole risk. Nuke Cops and affiliates cannot
* be held liable if anything goes wrong. You are advised to test this
* package on a development system. Backup everything before implementing
* in a production environment. If something goes wrong, you can always
* backout and restore your backups.
*
* Installing and running this also means you agree to the terms of the AUP
* found at Nuke Cops.
*
* This is version 2.0.5 of the phpbb2 forum port for PHP-Nuke. Work is based
* on Tom Nitzschner's forum port version 2.0.6. Tom's 2.0.6 port was based
* on the phpbb2 standalone version 2.0.3. Our version 2.0.5 from Nuke Cops is
* now reflecting phpbb2 standalone 2.0.5 that fixes some bugs and the
* invalid_session error message.
***************************************************************************/
/***************************************************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* by Tom Nitzschner (tom@toms-home.com)
* http://bbtonuke.sourceforge.net (or http://www.toms-home.com)
*
* As always, make a backup before messing with anything. All code
* release by me is considered sample code only. It may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on http://bbtonuke.sourceforge.net first,
* then on my site. All original header code and copyright messages will be maintained
* to give credit where credit is due. If you modify this, the only requirement is
* that you also maintain all original copyright messages. All my work is released
* under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

if (!defined('IN_PHPBB'))
{
die("Hacking attempt");
}

define('IN_ADMIN', true);
$forum_admin = 1;
include("../../../mainfile.php");
include($phpbb_root_path.'common.'.$phpEx);
//
// Do a check to see if the nuke user is still valid.
//

global $admin;
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$sql = "SELECT radminforum, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if (!is_admin($admin) AND ($row[radminsuper] != 1 OR $row[radminforum] != 1)) {
message_die(GENERAL_MESSAGE, "You are not authorised to administer this board");
}
/*
global $cookie, $nukeuser;
$user = base64_decode($user);
$cookie = explode(":", $user);
$sql = "SELECT user_id, user_password FROM " . USERS_TABLE . "
WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
if(!$result) {
message_die(GENERAL_ERROR, 'Could not query user account', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ($cookie[2] == $row['user_password'] && $row['user_password'] != "") {
$nukeuser = $user;
} else {
unset($user);
unset($cookie);
message_die(GENERAL_MESSAGE, "You are not authorised to administer this board");
}
*/
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX, $nukeuser);
init_userprefs($userdata);
//
// End session management
//
/*
if( !$userdata['session_logged_in'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . '../../../' . append_sid("login.$phpEx?redirect=admin/"));
exit;
}
else if( $userdata['user_level'] != ADMIN )
{
message_die(GENERAL_MESSAGE, $lang['Not_admin']);
}
*/
if ( empty($no_page_header) )
{
// Not including the pageheader can be neccesarry if META tags are
// needed in the calling script.
include('./page_header_admin.'.$phpEx);
}

?>

What are you gonna do, edit it for me? Just post it here, or pm me with it

chatserv · Posted: Sat May 14, 2005 3:18 pm

Code:

<?php
/***************************************************************************
* pagestart.php
* -------------------
* begin : Thursday, Aug 2, 2001
* copyright : (C) 2001 The phpBB Group
* email :

Only registered users can see links on this board!
Get registered or login to the forums!

*
* $Id: pagestart.php,v 1.1.2.6 2003/05/06 20:18:42 acydburn Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

if (!defined('IN_PHPBB'))
{
die("Hacking attempt");
}

define('IN_ADMIN', true);
define('FORUM_ADMIN', true);
define("PHPBB_ROOT_PATH", $phpbb_root_path);
define("PHPBB_PHPEX", $phpEx);
include("../../../mainfile.php");
$phpbb_root_path = PHPBB_ROOT_PATH;
$phpEx = PHPBB_PHPEX;
include($phpbb_root_path.'common.'.$phpEx);
//
// Do a check to see if the nuke user is still valid.
//

global $admin;
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$sql = "SELECT radminforum, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if (!is_admin($admin) AND ($row[radminsuper] != 1 OR $row[radminforum] != 1)) {
message_die(GENERAL_MESSAGE, "You are not authorised to administer this board");
}
/*
global $cookie, $nukeuser;
$user = addslashes(base64_decode($user));
$cookie = explode(":", $user);
$sql = "SELECT user_id, user_password FROM " . USERS_TABLE . "
WHERE username='$cookie[1]'";
$result = $db->sql_query($sql);
if(!$result) {
message_die(GENERAL_ERROR, 'Could not query user account', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ($cookie[2] == $row['user_password'] && $row['user_password'] != "") {
$nukeuser = $user;
} else {
unset($user);
unset($cookie);
message_die(GENERAL_MESSAGE, "You are not authorised to administer this board");
}
*/
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX, $nukeuser);
init_userprefs($userdata);
//
// End session management
//
/*
if( !$userdata['session_logged_in'] )
{
$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', $_SERVER['SERVER_SOFTWARE']) ) ? 'Refresh: 0; URL=' : 'Location: ';
header($header_location . '../../../' . append_sid("login.$phpEx?redirect=admin/"));
exit;
}
else if( $userdata['user_level'] != ADMIN )
{
message_die(GENERAL_MESSAGE, $lang['Not_admin']);
}
*/
if ( empty($no_page_header) )
{
// Not including the pageheader can be neccesarry if META tags are
// needed in the calling script.
include('./page_header_admin.'.$phpEx);
}

?>

Mike2098 · New Member Joined: May 30, 2005 Posts: 10

I had a simular problem with my phpnuke platinum 7.6.0 so I cleared the database and removed the first 8 lines from my mainfile my site works fine I just canot use sentinal what version would you recomend I install is the 2.1.1 version ok or is there a better version that is compatible with my platinum version ??
thanks

chatserv · Posted: Mon May 30, 2005 8:01 am

What lines were those?

Mike2098 · New Member Joined: May 30, 2005 Posts: 10

The ones relating to sentinal in mainfile.php,

I have now gone back to 2.1.1 the one that comes with platinum 2.2.0 and it seems to be working fine can goto forum admin my games save high scores etc all looking good. I would like to update but not if it will cause too meany problems.

chatserv · Posted: Mon May 30, 2005 10:02 am

I downloaded Platinum 7.6.0 and found odd that techgfx used instances of:

Code:

if ($forum_admin == 1) {

instead of:

Code:

if (defined('FORUM_ADMIN')) {

seeing how he was the one that uncovered that vulnerability.

Mike2098 · New Member Joined: May 30, 2005 Posts: 10

It does seem a bit strange, still he is buisy on his next release maybe he will have included sentinal in the update as every one seems to install it !! we shall see as I said its all working at the moment so I will wait and see what comes out next!

sting · Posted: Fri Jun 03, 2005 11:23 pm

Just as an FYI, having uploaded a clean 7.4 site with the 3.0 patches, I still had to make the appropriate changes to the pagestart, db, and common files - they still had the former variable structure.

Thanks for posting it clearly as usual Chat, once I made the changes, it all came up fine.

-sting

chatserv · Posted: Fri Jun 03, 2005 11:35 pm

I double checked the 7.4 patch and it has all changes applied.

sting · Posted: Fri Jun 03, 2005 11:41 pm

Odd.... How very odd. Of course I have been staring at this thing now for 2 or 3 hours straight. LOL

In any case, the fixed worked. You are the man.

-sting

chatserv · Posted: Fri Jun 03, 2005 11:50 pm

I know, it's odd to me as well, you can see an example here of 3.0's db.php:

Only registered users can see links on this board!
Get registered or login to the forums!

And the same file is present in the zip.