PHP-Nuke v7.6 Login and New User security graphic fix

SuperCat · Hangin' Around Joined: Nov 27, 2004 Posts: 37 Location: MN

If you use the security graphic, You wont be able to get new users and nobody will be able to login until you fix this:

Open modules/Your_Account/index.php

Find:

Code:

function new_user() {

Just above that, add:

Code:

function gfx($random_num) {
global $prefix, $db, $module_name;
require("config.php");
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
$image = ImageCreateFromJPEG("modules/$module_name/images/code_bg.jpg");
$text_color = ImageColorAllocate($image, 80, 80, 80);
Header("Content-type: image/jpeg");
ImageString ($image, 5, 12, 2, $code, $text_color);
ImageJPEG($image, '', 75);
ImageDestroy($image);
die();
}

In function new_user() find:

Code:

echo "<tr><td>"._SECURITYCODE.":</td><td><img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"

Replace with:

Code:

echo "<tr><td>"._SECURITYCODE.":</td><td><img src='modules.php?name=$module_name&op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."' /></td></tr>\n"

Find inside function main($user):

Code:

echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."' /></td></tr>\n"

Replace with:

Code:

echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='modules.php?name=$module_name&op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."' /></td></tr>\n"

chatserv · Posted: Sat Nov 27, 2004 6:52 pm

The gfx function is now stored in mainfile.php

SuperCat · Hangin' Around Joined: Nov 27, 2004 Posts: 37 Location: MN

I see it there at the bottom, but i wouldnt have had to reimport the old way if it worked in the first place.

chatserv · Posted: Sat Nov 27, 2004 9:58 pm

I'll check what changed because it worked with 7.5, only a minor change was required but only if using GT.

SuperCat · Hangin' Around Joined: Nov 27, 2004 Posts: 37 Location: MN

Any resolution yet on this bug?

I didnt use 7.5, so i wouldnt know if the problem crept up between 7.5 and 7.6. My last version was 7.1.

chatserv · Posted: Sat Dec 11, 2004 10:24 am

Are you using some form of GoogleTap Supercat?

SuperCat · Hangin' Around Joined: Nov 27, 2004 Posts: 37 Location: MN

no i am not. I make sure my nuke is as close to stock as possible.

I do think i have a possible bug that may cause it. Ill post about it in a new thread.

Darrell3831 · Worker Joined: Feb 18, 2004 Posts: 244

I just upgraded from nuke 7.4 patched 2.9 to 7.5 pathced 3.0 and the issue croped up for me too.

Does anyone have a resolution for it yet, besides rolling back to the old code?

Thanks,
Darrell

chatserv · Posted: Mon May 23, 2005 7:10 pm

Darrell3831 did you first upgrade Nuke before adding the patch for 7.5? you can't use Nuke Patched to upgrade Nuke.

Darrell3831 · Worker Joined: Feb 18, 2004 Posts: 244

Yes I did upgrade first.

Here's how I did it.

I copied 7.5 original over the top of my current 7.4. Then I ran the upgrade script for 7.4 to 7.5.

Then I copied the 7.5/3.0 patches over the top of that and ran the upgrade script you included with that.

Then I deleted the administration stuff you mentioned in the sticky in the other folder. (case, links, and .php files..)

Would that have been the wrong approach?

chatserv · Posted: Mon May 23, 2005 8:07 pm

If the site in question is psy-center edit the your account module's index file and the login block, change:

Code:

img src='?gfx=gfx&random_num=$random_num'

to:

Code:

img src='modules.php?name=Your_Account&gfx=gfx&random_num=$random_num'

ardmhacha · Posted: Mon May 30, 2005 3:23 am

I upgraded from 6.9 to 7.6 and have the security image problem also. I have tried the fixes as suggested without any luck. To upgrade I did as Darrell 3831 above only to the newer version of phpnuke.

This problem is happening in 'Your Account' module as well as in my 'Site info' block. When I go to properties of the image in 'Your Account' it is

Only registered users can see links on this board!
Get registered or login to the forums!

The properties in the 'Site info' is

Only registered users can see links on this board!
Get registered or login to the forums!

I have also checked for a blank line at the start and end of certain files but everything seemed OK. I ran analyse.php and the security image showed up there. I have been looking for a fix for this for two days to no avail. This has been the most frustrating problem i have yet encoutered with phpnuke.

I would really appreciate someone's help with this.

Thank you

Raven · Posted: Mon May 30, 2005 4:19 am

Please create, for me, both a user and an admin account. Then PM me your
Site URL, id/pass
Ftp Url, id/pass

I'll look into it as soon as I can. This will save 20 questions.

Darrell3831 · Worker Joined: Feb 18, 2004 Posts: 244

ardmhacha and Raven,

If you find out what is wrong with ardmhacha's site please post back here so that I can fix mine too.

After not being able to fix it I just switched the check to off.. =0 and moved on to other problems.

Thanks,
Darrell

chatserv · Posted: Mon May 30, 2005 8:05 am

Are any of you using NextGen GT?

ardmhacha · Posted: Mon May 30, 2005 8:53 am

Chatserv - No I' not using it on my site

Only registered users can see links on this board!
Get registered or login to the forums!

Darrell3831 · Worker Joined: Feb 18, 2004 Posts: 244

I am chatserv,

I had it installed and working in 7.4.. Everything worked that I know of in 7.4, but my upgrade to 7.5 is where things stopped working. The gfx and admin autorecognizing modules both stopped... (I don't have 7.6)

Darrell

chatserv · Posted: Mon May 30, 2005 9:53 am

Darrell Do a find & replace in the Your Account module's index.php file and block-Login.php for:

Code:

?gfx=gfx&random_num=$random_num

Change to:

Code:

modules.php?name=Your_Account&gfx=gfx&random_num=$random_num

Raven · Posted: Mon May 30, 2005 10:55 am

ardmhacha,

I have tried about everything I can think of and I'm at a loss at this point. It's finding everything it should because it's not showing a red X. I'll look again later if it hasn't been solved. It is a very strange one, indeed, and the solution is probably very simple - I'm just not spotting it.

ardmhacha · Posted: Mon May 30, 2005 11:28 am

Thanks Raven,

As I said, I too had tried everything I could find as a possible solution to this. I also downloaded the 'Your Account' module again and overwrote the files, as others had done, but no joy. You mentioned that "It's finding everything it should because it's not showing a red X" Thats not the case here. Even when logged in as admin, it shows a red X.

Thanks again for the help.

Barry

Raven · Posted: Mon May 30, 2005 12:58 pm

I don't see a red X - I see the ALT tag. If you're seeing a red X then that helps me. I'll look at it again this evening.

Darrell3831 · Worker Joined: Feb 18, 2004 Posts: 244

Chatserv,

Before I try this, is there a better way to tap Nuke than GTNextGen? Do you prefer or reccomend something else?

I'd hate to change my core files and mess up my 'upgradeability' over this if there is a better method of tapping.

Thanks,
Darrell

chatserv wrote:

Darrell Do a find & replace in the Your Account module's index.php file and block-Login.php for:

Code:

?gfx=gfx&random_num=$random_num

Change to:

Code:

modules.php?name=Your_Account&gfx=gfx&random_num=$random_num

chatserv · Posted: Tue May 31, 2005 1:49 pm

I use NextGen myself on several sites, outside of it there's NC's tap and the Googlifier, you would have to try those, i have and prefer GT but that's a matter of taste.

ardmhacha · Posted: Fri Jun 03, 2005 1:26 am

I'm still experiencing a problem with the security code image in version 7.6. The link is still broken in both the 'Your Account' module and 'Site Info'. (more concerned about the in 'Your Account' though) I have had another look through various files to check for a space after ?> and despite finding and fixing one in the mainfile.php, it did not cure the problem. The ones I checked were those in the top level area (where config.php is) and those in the 'Admin' and 'modules/Your Account' directories. Does anyone know any other files I should check that may have a bearing on this problem? Do I have to so through every file in the site? Also, I would appreciate if someone using 7.6 with their security image showing could post the path to the image that is present in modules/Your Account/index.php. Also, chatserv, you mention above 'The gfx function is now stored in mainfile.php' Should the same amendments to the path be made in both mainfile.php and modules/Your Account/index.php.

Any advice would be much appreciated. Now, excuse me while I go and bang my head off the nearest wall.

Thanks

Barry

Raven · Posted: Fri Jun 03, 2005 5:24 am

I searched your files and was unable to locate any offending files. It truly has me baffled.