I just turn sql error reporting from rnconfig and this is what I got:
Quote:
*** YES, THIS IS A BLANK FILE - MAKE SURE PERMISSIONS ARE 666 SO IT CAN BE WRITTEN TO ***
August 10, 2008, 1:49 pm SQL was: SELECT Default_Theme FROM nuke_config WHERE 1;
querycount = 1
August 10, 2008, 1:49 pm SQL was: SELECT id FROM nuke_banned_ip WHERE ip_address='84.108.129.245'
querycount = 2
August 10, 2008, 1:49 pm SQL was: SELECT ip_address FROM nuke_banned_ip WHERE ip_address='84.108.129.*'
querycount = 3
August 10, 2008, 1:49 pm SQL was: SELECT * FROM nuke_mail_config
querycount = 4
August 10, 2008, 1:49 pm 1146 : Table 'prefligh_preflight.nuke_mail_config' doesn't exist
SQL was: SELECT * FROM nuke_mail_config
remote addr: 84.108.129.245
August 10, 2008, 1:49 pm SQL was: SELECT * FROM `nuke_config`
querycount = 5
August 10, 2008, 1:49 pm SQL was: SELECT `config_name`, `config_value` FROM `nuke_nsnst_config`
querycount = 6
August 10, 2008, 1:49 pm SQL was: SELECT * FROM `nuke_nsnst_ip2country` WHERE (`ip_lo`<='1416397301' AND `ip_hi`>='1416397301') AND `c2c`='01'
querycount = 7
August 10, 2008, 1:49 pm SQL was: SELECT * FROM `nuke_nsnst_blockers` ORDER BY `blocker`
querycount = 8
August 10, 2008, 1:49 pm SQL was: SELECT pwd FROM nuke_authors WHERE aid='preflight'
querycount = 9
August 10, 2008, 1:49 pm SQL was: SELECT * FROM `nuke_nsnst_blocked_ips` WHERE `ip_addr` = '84.*.*.*' OR `ip_addr` = '84.108.*.*' OR `ip_addr` = '84.108.129.*' OR `ip_addr` = '84.108.129.245'
querycount = 10
August 10, 2008, 1:49 pm SQL was: SELECT * FROM `nuke_nsnst_blocked_ranges` WHERE `ip_lo`<='1416397301' AND `ip_hi`>='1416397301'
querycount = 11
August 10, 2008, 1:49 pm SQL was: SELECT * FROM `nuke_nsnst_excluded_ranges` WHERE `ip_lo`<='1416397301' AND `ip_hi`>='1416397301'
querycount = 12
August 10, 2008, 1:49 pm SQL was: SELECT `c2c` FROM `nuke_nsnst_ip2country` WHERE `ip_lo`<='1416397301' AND `ip_hi`>='1416397301 LIMIT 0,1'
querycount = 13
Do your other modules require changes to any of the core Nuke files? You may need to go through their installation files to see what modifications were needed to install.
what I did is complied the following mainfile which is curently working:
its a mix between the original and the ravens one: (basicly I changed the top until function languge)
Quote:
<?php
putenv("TZ=Israel");
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/*
Only registered users can see links on this board! Get registered or login to the forums!
*/
/* Copyright (c) 2005 by Roy Shiker & PHPNuke Israel */
/* Hebrew Translation & Coding By PHPNuke Israel -
Only registered users can see links on this board! Get registered or login to the forums!
*/
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security checking code 2003 by chatserv */
/*
Only registered users can see links on this board! Get registered or login to the forums!
--
Only registered users can see links on this board! Get registered or login to the forums!
Only registered users can see links on this board! Get registered or login to the forums!
".$_SERVER['HTTP_HOST'].rtrim($_SERVER['REQUEST_URI'],'/'));
}
if (file_exists("includes/custom_files/custom_mainfile.php")) {
include_once("includes/custom_files/custom_mainfile.php");
}
//Union Tap
//Copyright Zhen-Xjell 2004
Only registered users can see links on this board! Get registered or login to the forums!
//Code to prevent UNION SQL Injections
//if(!file_exsts('includes/nukesentinel.php')) {
// unset($matches);
// unset($loc);
// if(isset($_SERVER['QUERY_STRING'])) {
// if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
// die('Illegal Operation');
// }
// }
//}
//if(!file_exists('includes/nukesentinel.php')) {
// if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
// $queryString = $_SERVER['QUERY_STRING'];
// if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
// die('Illegal Operation');
// }
// }
//}
$phpver = phpversion();
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
}
if ($phpver >= '4.0.4pl1' && strstr($_SERVER["HTTP_USER_AGENT"],'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
//foreach ($_GET as $secvalue) {
// if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
// (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
// (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
// (eregi("\"", $secvalue)) ||
// (eregi("forum_admin", $var_name)) ||
// (eregi("inside_mod", $var_name))) {
// die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
// }
//}
//foreach ($_POST as $secvalue) {
// if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
// die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
// }
//}
if (stristr($_SERVER['SCRIPT_NAME'], "mainfile.php")) {
Header("Location: index.php");
die();
}
if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
include_once("../../../includes/nukesentinel.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
include_once("includes/nukesentinel.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}
function is_active($module) {
global $prefix, $db;
static $save;
if (is_array($save)) {
if (isset($save[$module])) return ($save[$module]);
return 0;
}
$sql = 'SELECT title FROM '.$prefix.'_modules WHERE active=\'1\'';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$save[$row[0]] = 1;
}
if (isset($save[$module])) return ($save[$module]);
return 0;
}
function render_blocks($side, $blockfile, $title, $content, $bid, $url) {
if(!defined('BLOCK_FILE')) {
define('BLOCK_FILE', true);
}
if (empty($url)) {
if (empty($blockfile)) {
// GT-NExtGEn 0.5 by Bill Murrin (Audioslaved)
Only registered users can see links on this board! Get registered or login to the forums!
(c) 2004
//Modified by montego from
Only registered users can see links on this board! Get registered or login to the forums!
function ultramode() {
global $prefix, $db;
$ultra = 'ultramode.txt';
$file = fopen($ultra, 'w');
fwrite($file, 'General purpose self-explanatory file with news headlines'."\n");
$sql = 'SELECT s.sid, s.catid, s.aid, s.title, s.time, s.hometext, s.comments, s.topic, t.topictext, t.topicimage FROM '.$prefix.'_stories s LEFT JOIN '.$prefix.'_topics t ON t.topicid = s.topic WHERE s.ihome = 0 ORDER BY s.time DESC LIMIT 0,10';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$rsid = intval($row['sid']);
$raid = $row['aid'];
$rcatid = $row['catid'];
$rtitle = check_html(stripslashes($row['title']), 'nohtml');
$rtime = $row['time'];
$rhometext = check_html(stripslashes($row['hometext']), 'nohtml');
$rcomments = $row['comments'];
$rtopic = $row['topic'];
$topictext = stripslashes(check_html($row['topictext'], 'nohtml'));
$topicimage = stripslashes($row['topicimage']);
$content = "%%\n".$rtitle."\n".'/modules.php?name=News&file=article&sid='.$rsid."\n".$rtime."\n".$raid."\n".$topictext."\n".$rcomments."\n".$topicimage."\n";
fwrite($file, $content);
}
fclose($file);
}
function cookiedecode($user) {
global $cookie, $db, $user_prefix;
static $pass;
if(!is_array($user)) {
$user = base64_decode($user);
$user = addslashes($user);
$cookie = explode(':', $user);
} else {
$cookie = $user;
}
if (!isset($pass) AND isset($cookie[1])) {
$sql = 'SELECT user_password FROM '.$user_prefix.'_users WHERE username=\''.$cookie[1].'\'';
$result = $db->sql_query($sql);
list($pass) = $db->sql_fetchrow($result);
}
if (isset($cookie[2]) AND ($cookie[2] == $pass) AND (!empty($pass))) { return $cookie; }
}
function getusrinfo($user) {
global $user_prefix, $db, $userinfo, $cookie;
if (!$user OR empty($user)) {
return NULL;
}
cookiedecode($user);
$user = $cookie;
if (isset($userrow) AND is_array($userrow)) {
if ($userrow['username'] == $user[1] && $userrow['user_password'] == $user[2]) {
return $userrow;
}
}
$sql = 'SELECT * FROM '.$user_prefix.'_users WHERE username=\''.$user[1].'\' AND user_password=\''.$user[2].'\'';
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
static $userrow;
$userrow = $db->sql_fetchrow($result);
return $userinfo = $userrow;
}
unset($userinfo);
}
// Speed up this function with stripos_clone and str_replace
function FixQuotes ($what = '') {
$what = str_replace("'","''",$what);
while (stripos_clone($what, "\\\\'")) {
$what = str_replace("\\\\'","'",$what);
}
return $what;
}
/*********************************************************/
/* text filter */
/*********************************************************/
function delQuotes($string) {
/* no recursive function to add quote to an HTML tag if needed */
/* and delete duplicate spaces between attribs. */
$tmp=''; // string buffer
$result=''; // result string
$i=0;
$attrib=-1; // Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
$quote=0; // Is a string quote delimited opened ? 0=no, 1=yes
$len = strlen($string);
while ($i<$len) {
switch($string[$i]) { // What car is it in the buffer ?
case '"': // a quote.
if ($quote==0) {
$quote=1;
} else {
$quote=0;
if (($attrib>0) && ($tmp != '')) { $result .= "=\"$tmp\""; }
$tmp='';
$attrib=-1;
}
break;
case '=': // an equal - attrib delimiter
if ($quote==0) { // Is it found in a string ?
$attrib=1;
if ($tmp!='') $result.=" $tmp";
$tmp='';
} else $tmp .= '=';
break;
case ' ': // a blank ?
if ($attrib>0) { # add it to the string, if one opened.
$tmp .= $string[$i];
}
break;
default: // Other
if ($attrib<0) // If we weren't in an attrib, set attrib to 0
$attrib=0;
$tmp .= $string[$i];
break;
}
$i++;
}
if (($quote!=0) && ($tmp != '')) {
if ($attrib==1) { $result .= '='; } // If it is the value of an atrib, add the '='
$result .= "\"$tmp\""; // Add quote if needed (the reason of the function
}
return $result;
}
###############################################################################
#
# nukeWYSIWYG Copyright (c) 2005 Kevin Guske
Only registered users can see links on this board! Get registered or login to the forums!
# kses developed by Ulf Harnhammar
Only registered users can see links on this board! Get registered or login to the forums!
# kses enhancement ideas contributed by sixonetonoffun
Only registered users can see links on this board! Get registered or login to the forums!
# FCKeditor by Frederico Caldeira Knabben
Only registered users can see links on this board! Get registered or login to the forums!
# Original FCKeditor for PHP-Nuke by H.Theisen
Only registered users can see links on this board! Get registered or login to the forums!
#
###############################################################################
/**
* montego - extended capability to skip the final html check.
* This is used to allow for content that is posted by an admin to pass through unabated.
* However, in order to help ensure XHTML compliance, the kses_no_null, kses_js_entities and
* kses_normalize_entities functions are very useful.
*/
function check_html ($string, $allowed_html = '', $allowed_protocols = array('http', 'https', 'ftp', 'news', 'nntp', 'gopher', 'mailto'))
{
$stop = FALSE;
if(!function_exists('kses_no_null')) {
@include_once('includes/kses/kses.php');
}
if (get_magic_quotes_gpc() == 1) {
$string = stripslashes($string);
}
$string = kses_no_null($string);
$string = kses_js_entities($string);
$string = kses_normalize_entities($string);
$string = kses_hook($string);
if (stripos_clone($allowed_html, 'nocheck') === true) {
return $string;
} else {
if (stripos_clone($allowed_html, 'nohtml') === false) {
global $AllowableHTML;
$allowed_html = $AllowableHTML;
} else {
$allowed_html = array('<null>');
}
$allowed_html_fixed = kses_array_lc($allowed_html);
return kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
}
function wysiwyg_textarea($name, $value, $config = 'NukeUser', $cols = 50, $rows = 10)
{
global $advanced_editor;
// Don't waste bandwidth by loading WYSIWYG editor for crawlers
if ($advanced_editor == 0 or !isset($_COOKIE))
{
echo '<textarea name="'.$name.'" cols="'.$cols.'" rows="'.$rows.'">'.$value.'</textarea>';
} else {
@include_once('includes/FCKeditor/fckeditor.php');
$rows = $rows + 2; // Add extra space for toolbars
$oFCKeditor = new FCKeditor($name) ;
$oFCKheight = $rows * 20;
$oFCKeditor->Height = $oFCKheight;
$oFCKeditor->ToolbarSet = $config;
$oFCKeditor->InstanceName = $name;
$oFCKeditor->Value = $value;
$oFCKeditor->Create();
}
}
function wysiwyg_textarea_html($name, $value, $config = 'NukeUser', $cols = 50, $rows = 10)
{
global $advanced_editor;
// Don't waste bandwidth by loading WYSIWYG editor for crawlers
if ($advanced_editor == 0 or !isset($_COOKIE))
{
echo '<textarea name="'.$name.'" cols="'.$cols.'" rows="'.$rows.'">'.$value.'</textarea>';
} else {
@include_once('includes/FCKeditor/fckeditor.php');
$rows = $rows + 2; // Add extra space for toolbars
$oFCKeditor = new FCKeditor($name);
$oFCKheight = $rows * 20;
$oFCKeditor->Height = $oFCKheight;
$oFCKeditor->ToolbarSet = $config;
$oFCKeditor->InstanceName = $name;
$oFCKeditor->Value = $value;
$wysiwygHTML = $oFCKeditor->CreateHtml() ;
return $wysiwygHTML;
}
}
function filter_text($Message, $strip='') {
global $EditedMessage;
check_words($Message);
$EditedMessage=check_html($EditedMessage, $strip);
return $EditedMessage;
}
function filter($what, $strip="", $save="", $type="") {
if ($strip == "nohtml") {
$what = check_html($what, $strip);
$what = htmlentities(trim($what), ENT_QUOTES);
// If the variable $what doesn't comes from a preview screen should be converted
if ($type != "preview" AND $save != 1) {
$what = html_entity_decode($what, ENT_QUOTES);
}
}
if ($save == 1) {
$what = check_words($what);
$what = check_html($what, $strip);
$what = addslashes($what);
} else {
$what = stripslashes(FixQuotes($what));
$what = check_words($what);
$what = check_html($what, $strip);
}
return($what);
}
// Beta 3 code by Quake 08/19/2005
// Written for Nuke-Evolution and Nuke Patched
function formatTimestamp($time) {
global $datetime, $locale;
static $localeSet; // setlocale() can be expensive to call; only need to call it once
if (!isset($localeSet)) {
setlocale(LC_TIME, $locale);
$localeSet = 1;
}
function headlines($bid, $cenbox=0) {
global $prefix, $db, $useBoxoverWithnukePIE;
if (!defined('_CHARSET')) define('_CHARSET','ISO-8859-1');
include_once('includes/SimplePie/simplepie.inc');
include_once('includes/SimplePie/idn/idna_convert.class.php');
# Create a new instance of the SimplePie object
$feed = new SimplePie();
# Get Feed Information
$bid = intval($bid);
$result = $db->sql_query('SELECT title, url, refresh FROM '.$prefix.'_blocks WHERE bid=\''.$bid.'\'');
list($title, $url, $refresh) = $db->sql_fetchrow($result);
$title = stripslashes(check_html($title, 'nohtml'));
$refresh = intval($refresh);
# Initialize the whole SimplePie object. Read the feed, process it, parse it, cache it, etc.
$feed->set_feed_url($url);
$feed->set_output_encoding(_CHARSET);
$feed->set_cache_duration($refresh);
$feed->init();
$feed->handle_content_type();
$content = '<font class="content">';
if (isset($feed->error)) {
# If errors, display it.
$content .= htmlspecialchars($feed->error);
}
else
{
foreach($feed->get_items() as $item) {
$content .= '·';
# If the item has a permalink back to the original post, link the item's title to it.
if ($item->get_permalink())
{
$content .= '<a href="' . $item->get_permalink() . '" title="';
$item_desc = $item->get_description();
if ($useBoxoverWithnukePIE)
{
if ($item_desc == check_html($item_desc, 'nohtml')) $item_desc = nl2br($item_desc);
$content .= 'cssbody=[nukePIEbody] cssheader=[nukePIEhdr] header=['.encodeBoxover(check_html($item->get_title(), 'nohtml')).'] body=['.encodeBoxover(xmlentities($item_desc)).'] singleclickstop=[On] ';
}
else
{
$content .= check_html($item_desc, 'nohtml');
}
$content .= '">';
}
$content .= check_html($item->get_title(), 'nohtml');
if ($item->get_permalink()) $content .= '</a>';
# Check for enclosures. If an item has any, set the first one to the $enclosure variable.
/* if ($enclosure = $item->get_enclosure(0)) {
# Use the embed() method to embed the enclosure into the page inline.
$content .= '<div align="center">';
$content .= '<p>' . $enclosure->embed(array(
'audio' => './for_the_demo/place_audio.png',
'video' => './for_the_demo/place_video.png',
'alt' => '<img src="./for_the_demo/mini_podcast.png" class="download" border="0" title="Download the Podcast (' . $enclosure->get_extension() . '; ' . $enclosure->get_size() . ' MB)" />',
'altclass' => 'download'
)) . '</p>';
$content .= '<p class="footnote" align="center">(' . $enclosure->get_type() . '; ' . $enclosure->get_size() . ' MB)</p>';
$content .= '</div>';
}
*/ $content .= '<br />'.chr(10);
}
}
function removecrlf($str) {
// Function for Security Fix by Ulf Harnhammar, VSU Security 2002
// Looks like I don't have so bad track record of security reports as Ulf believes
// He decided to not contact me, but I'm always here, digging on the net
return strtr($str, "\015\012", ' ');
}
function validate_mail($email) {
if(strlen($email) < 7 || !preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
// These next 3 lines have been commented out by Raven on 1/14/2007.
// Reason being, this function should only validate the email and return to the calling script.
// The calling script should handle the validation results.
// OpenTable();
// echo _ERRORINVEMAIL;
// CloseTable();
return false;
} else {
return $email;
}
}
/*****[BEGIN]******************************************
[ Base: function validateEmailFormat ($email) ]
******************************************************/
// Copyright (C) 2001 Ron Harwood and L. Patrick Smallwood
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//
// File: functions/validateemailformat.php
//
// Added by Raven 1/14/2007
//
function validateEmailFormat ($email)
{
// This is based on page 295 of the book 'Mastering Regular Expressions' - the most
// definitive RFC-compliant email regex.
// Some shortcuts for avoiding backslashitis
$esc = '\\\\';
$Period = '\.';
$space = '\040';
$tab = '\t';
$OpenBR = '\[';
$CloseBR = '\]';
$OpenParen = '\(';
$CloseParen = '\)';
$NonASCII = '\x80-\xff';
$ctrl = '\000-\037';
$CRlist = '\n\015'; // note: this should really be only \015.
// Items 19, 20, 21 -- see table on page 295 of 'Mastering Regular Expressions'
$qtext = "[^$esc$NonASCII$CRlist\"]"; // for within "..."
$dtext = "[^$esc$NonASCII$CRlist$OpenBR$CloseBR]"; // for within [...]
$quoted_pair = " $esc [^$NonASCII] "; // an escaped character
// Items 22 and 23, comment.
// Impossible to do properly with a regex, I make do by allowing at most
// one level of nesting.
$ctext = " [^$esc$NonASCII$CRlist()] ";
// $Cnested matches one non-nested comment.
// It is unrolled, with normal of $ctext, special of $quoted_pair.
$Cnested = "";
$Cnested .= "$OpenParen"; // (
$Cnested .= "$ctext*"; // nor
[0-9]{1,2})