Sentinel 2.30 & Firefox 1.04 White Page

Dove · New Member Joined: Jun 29, 2004 Posts: 11 Location: USA

Hello,
First I'd like to say what a pleasure it always is
browsing your forums. Smile

After installing a fresh Sentinel 2.30 on a Nuke 7.7
web with 3.0 patches, I received a white page (on the main
page- index) with Firefox 1.04, Netscape 7.2, & Opera. All but
IE (for once Wink

). Hitting the "refresh" button loads the page and all is fine.

I checked my server logs and saw this warning:

PHP Warning: ob_start(): output handler 'ob_gzhandler' cannot be used after 'URL-Rewriter' in /home/mysite/public_html/mainfile.php on line 54

The site was fine until installing Sentinel 2.30.

I did see a similar post

Only registered users can see links on this board!
Get registered or login to the forums!

and changing the 3.0 patched code from:

Code:

ob_start(array('ob_gzhandler',5));
ob_implicit_flush(0);
header('Content-Encoding: gzip');

back to the original as Chatserv suggested:

Code:

ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');

Fixed it.

Hope this helps someone that adds Sentinel after the patch.

My server specs
Linux - apache 1.3.33
php 4.3.11

sting · Posted: Sat Jun 18, 2005 10:03 pm

Thanks much! I am having this same issue on one of my sites, great to know the fix.

-sting

Raven · Posted: Sat Jun 18, 2005 11:49 pm

You might also try moving this code

Code:

if (defined('FORUM_ADMIN')) {
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@include_once("../../includes/nukesentinel.php");
} else {
@include_once("includes/nukesentinel.php");
}

after

Code:

$phpver = phpversion();
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
}
if ($phpver >= '4.0.4pl1' && strstr($_SERVER["HTTP_USER_AGENT"],'compatible')) {
if (extension_loaded('zlib')) {
   ob_end_clean();
   ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
   if (extension_loaded('zlib')) {
      $do_gzip_compress = TRUE;
      ob_start(array('ob_gzhandler',5));
      ob_implicit_flush(0);
      header('Content-Encoding: gzip');
   }
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

in mainfile.php. Let me know if that works and I will add this to the NukeSentinel FAQ.

infidelguy · Posted: Tue Jun 21, 2005 10:04 am

Raven, this fixed my problem:

Mac users using Solaris also had a problem, their problem is gone too! The error they were getting is: nsurl-error domain 1011.

Thanks!

infidelguy · Posted: Tue Jun 21, 2005 11:31 am

Oh wait! Hey Raven or Bob, now that I have made these changes. I no longer get a blocked page notification when I conduct a union attack.

Help please?

Raven · Posted: Tue Jun 21, 2005 11:55 am

Please post your first 100 lines or so of mainfile.php. That should not stop Sentinel.

infidelguy · Posted: Tue Jun 21, 2005 12:12 pm

I made the changes as recommended by Dove and it works now. Possibly less secure I'm sure. Here is my current mainfile.php

Code:

<?php
if (defined('FORUM_ADMIN')) {
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@include_once("../../includes/nukesentinel.php");
} else {
@include_once("includes/nukesentinel.php");
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security checking code 2003 by chatserv */
/* http://www.nukefixes.com -- http://www.nukeresources.com */
/************************************************************************/
define('NUKE_FILE', true);
if (file_exists("includes/custom_files/custom_mainfile.php")) {
include_once("includes/custom_files/custom_mainfile.php");
}
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

$phpver = phpversion();
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
}
if ($phpver >= '4.0.4pl1' && strstr($_SERVER["HTTP_USER_AGENT"],'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if(isset($admin))
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}

if(isset($user))
{
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}

foreach ($_GET as $sec_key => $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||

Raven · Posted: Tue Jun 21, 2005 12:16 pm

Change it back as I instructed. Then remove this code

Code:

//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

That's in the installation instructions, btw. That's what's blocking NukeSentinel. You don't need it.

infidelguy · Posted: Tue Jun 21, 2005 12:49 pm

Hi Raven and thank you for you patience and kindness,

Everything works fine now.

In your instructions at section 4, you start talking about Upgrading. This lead me to think that everything else was about upgrading, which it obviously was not. So I ignored that part.

I apologize for not understanding.

Thanks, everything is gold. Smile

Dove · New Member Joined: Jun 29, 2004 Posts: 11 Location: USA

That worked perfect Raven, thank you.

Raven · Posted: Tue Jun 21, 2005 4:04 pm

infidelguy wrote:

Hi Raven and thank you for you patience and kindness,

Everything works fine now.

In your instructions at section 4, you start talking about Upgrading. This lead me to think that everything else was about upgrading, which it obviously was not. So I ignored that part.

I apologize for not understanding.

Thanks, everything is gold. Smile

Hey! No aplogy needed. We keep tweaking the ReadMe to make it better. Thanks for the feedback!

Raven · Posted: Tue Jun 21, 2005 4:05 pm

Dove wrote:

That worked perfect Raven, thank you.

sting · Posted: Tue Jun 21, 2005 9:03 pm

Ahhh Union Tap.

The Spiders! Get them off me.

It was fun though for a while there... Wink

-sting

MarkyBear · Hangin' Around Joined: Mar 27, 2005 Posts: 39

This did the trick for me too, although the codeing was a little different for some reason in my mainfile, I just added it after the:

Code:

$PHP_SELF = $_SERVER['PHP_SELF'];
}

and it's worked fine with no more errors!

Thanks Raven!!

Sfolivier · New Member Joined: Jun 29, 2005 Posts: 15

I moved

Code:

if (defined('FORUM_ADMIN')) {
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@include_once("../../includes/nukesentinel.php");
} else {
@include_once("includes/nukesentinel.php");
}

as instructed and it solved the problem for me as well (just in case you're still wondering if it's FAQ material).

Thanks for the tip (I don't count how many times this forum helped me).

Raven · Posted: Sun Jul 10, 2005 4:08 pm

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

Well I have read this thread and others but cannot get the site back up. Fresh install of 7.6 v3.0b with NukeSentinel_71-78_232. Restored the original edited files but it is still blank.

I run the old analyze.php and I have a good connection.

This is my third time installing Sentinal. You would think I would get it right.

I have yet to run the nsnst.php as I have yet to get the site up again. I uploaded all the files along with the edited filed and the site went blank before I ran the nsnst.php

I tried to clear cookies but no good. I even tried to run the nsnst.php regardless but no joy.

Raven · Posted: Fri Jul 22, 2005 11:10 pm

Take NukeSentinel out of the picture. Drop the database and delete all the files. Then, reload the files w/o NS and recreate the database. Does the site come up? What site is it?

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

I can't drop the database as it was an import of around 60 users of a PHPBB site. Everything was working perfectly until I tried to install Sentinal. Before I had a chance to run the nsnst.php I had a blank page.

Only registered users can see links on this board!
Get registered or login to the forums!

Raven · Posted: Sat Jul 23, 2005 10:16 am

What is the error log showing? Are you sure the MySQL parameters are correct?

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

[23-Jul-2005 00:20:47] PHP Fatal error: main(): Failed opening required 'mainfile.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/bcring/public_html/modules.php on line 20

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

Another one

[23-Jul-2005 00:20:47] PHP Warning: main(mainfile.php): failed to open stream: No such file or directory in /home/bcring/public_html/modules.php on line 20

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

Only registered users can see links on this board!
Get registered or login to the forums!

MySQL parameters where working before I installed so why would they be wrong now?

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

Deleted all file uploads and replaced all edited files (mainfile, admin, header) and site is back up but without the center message.

Only registered users can see links on this board!
Get registered or login to the forums!

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

Well the site is back up without Sentinal. A remaining bug is now I have no messages on the front page. I had one programmed with unlimited expiration but I don't see it any more. I deleted and redid it but still nothing. Cleared cookies but again not seeing the front page message.