|
|
It appears you are using a browser that is not based on Internet Explorer, this means you are not viewing the web as good as you should be. Other browsers might try to immitate Internet Explorer, but none can parse the web as it should like Internet Explorer can. So view the web as it was meant to be with Avant Browser!
|
| |
|
|
All times are GMT - 5 Hours
|
|
 |
Tue May 31, 2005 5:15 pm |
 |
 Author |
Message |
tormentor
Amature TweakeR
Joined: 31 May 2005
Posts: 14
Words Posted: 2,710
Average Post: 193.57
|
| Post subject: Fix for phpBB Security and Minerva R3 |
 |
|
Fix for phpBB Security and Minerva R3 ( http://www.project-minerva.org )
Before beginning the installation make these changes to the files of the mod (NOT of phpbb)
-----------------------------------
----[ OPEN ]----------------------
-----------------------------------
install/installer.php
-----------------------------------
----[ FIND ]-----------------------
-----------------------------------
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_login_limit', '3');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_notify_admin', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_notify_admin_id', '". $userdata['user_id'] ."');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_auto_ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_allowed_sessions', '50');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('". $admin ."', '2');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('". $mod ."', '0');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('". $name ."', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_DDoS_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_Encoded_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_Union_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_Clike_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_SQL_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_File_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_Perl_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_total_attempts', '0');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_Cback_Ban', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_Allow_Change', '0');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_notify_admin_pm', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_notify_admin_em', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_DDoS_level', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_per_page', '100');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_allowed_admins', '');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_disallowed_agents', '');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_disallowed_referers', '');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_last_backup_date', '19');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_backup_time', '18');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_backup_on', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_backup_folder', 'backup');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value) VALUES ('phpBBSecurity_backup_filename', 'backup');";
-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_login_limit', '3', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_notify_admin', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_notify_admin_id', '". $userdata['user_id'] ."', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_auto_ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_allowed_sessions', '50', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('". $admin ."', '2', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('". $mod ."', '0', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('". $name ."', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_DDoS_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_Encoded_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_Union_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_Clike_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_SQL_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_File_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_Perl_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_total_attempts', '0', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_Cback_Ban', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_Allow_Change', '0', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_notify_admin_pm', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_notify_admin_em', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_DDoS_level', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_per_page', '100', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_allowed_admins', '', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_disallowed_agents', '', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_disallowed_referers', '', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_last_backup_date', '19', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_backup_time', '18', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_backup_on', '1', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_backup_folder', 'backup', '1');";
$sql[] = "INSERT INTO ". CONFIG_TABLE ." (config_name, config_value, is_dynamic) VALUES ('phpBBSecurity_backup_filename', 'backup', '1');";
-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------
root/language/lang_english/lang_phpbb_security.php
-----------------------------------
----[ FIND ]-----------------------
-----------------------------------
$lang['PS_security_force'] = 'Sorry, it appears this is your first visit since we added the security questions to accounts. You will only be able to view your profile until you update it and add a question and answer. Thanks!<br><br>Click <b><a href="profile.'. $phpEx .'?mode=editprofile&sid='. $userdata['session_id'] .'">here</a></b> to goto your profile.';
-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------
$lang['PS_security_force'] = 'Sorry, it appears this is your first visit since we added the security questions to accounts. You will only be able to view your profile until you update it and add a question and answer. Thanks!<br><br>Click <b><a href="profile.'. $phpEx .'?mode=register">here</a></b> to goto your profile.';
-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------
Now begin to install the mod following the instructions, you'll need to apply the "Fix for phpBB Security and Profile Control Panel by Ptirhiik" by Devil-Strike that you can find here:
http://phpbb-tweaks.com/topics.html-t-353
Note that I've done manually the changes to the database so I never tried the modified installer.php but it should work. Feel free to modify this mod in a more professional way (I'm not a coder)
Tormentor ( http://posetteforever.com ) |
|
| Post #1 |
|
|
|
Wed Jun 01, 2005 8:50 am |
|
|
Wed Jun 01, 2005 9:59 am |
|
| Author |
Message |
tormentor
Amature TweakeR
Joined: 31 May 2005
Posts: 14
Words Posted: 2,710
Average Post: 193.57
|
| Post subject: |
|
|
  Tnx Austin, but I'm testing the mod on Minerva and it seems to work only partially.
In order to test the mod on the premodded Minerva I created an user and tried to login three times in order to lock the user id and...
1st error:
| Code: | | Fatal error: Call to undefined function: make_bbcode_uid() in /home/content/t/o/r/tormentor/html/phpbb/includes/phpbb_security.php on line 694 |
'cause I'm unable to find what to do and the function make_bbcode_uid() is in the /includes/bbcode.php file I took the original bbcode.php from the 2.015 installation and applied the "profil cp" and "local links" mod to make it compatible with Minerva. So the error disappeared.
Now I've a new and fresh error in the header (even if the "reactivation banner" appears and works correctly) :
| Code: | | Warning: preg_replace(): Empty regular expression in /home/content/t/o/r/tormentor/html/phpbb/includes/functions_post.php on line 300 |
on line 300 of functions.php there is:
| Code: | | $message = preg_replace($html_entities_match, $html_entities_replace, $message); |
After searching for the solution on various forums I tried to replace this line with:
| Code: | | $message = preg_replace('/\:(([a-z0-9]:)?)' . $bbcode_uid . '/s', '', $message); |
and it seems to work (even if I really don't know if it will affect the functionality of the board)
And now the last error, another
| Code: | | Warning: preg_replace(): Empty regular expression in /home/content/t/o/r/tormentor/html/phpbb/includes/functions_post.php on line 315 |
on line 315 there is:
| Code: | | return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message); |
If I comment out this line all works fine, but obviously I shouldn't...
The main problem is that I'm not a coder and know very little, I search for the fixes on the net...
Any idea ? Thank you in advance 
P.S. My temporary installation is in
http://posetteforever.com/phpbb
P.P.S.
The "quick reply" box seems not to work here... |
|
| Post #3 |
|
|
|
Wed Jun 01, 2005 10:26 am |
|
|
Wed Jun 01, 2005 1:21 pm |
|
|
Wed Jun 01, 2005 3:41 pm |
|
| Author |
Message |
tormentor
Amature TweakeR
Joined: 31 May 2005
Posts: 14
Words Posted: 2,710
Average Post: 193.57
|
| Post subject: |
|
|
Update: after your suggestion all is working fine, except that i had to reinstall the original bbcode.php, so the
| Code: |
Fatal error: Call to undefined function: make_bbcode_uid() in /home/content/t/o/r/tormentor/html/phpbb/includes/phpbb_security.php on line 694
|
appeared again and I had to comment out that line in phpbb_security,php ( $bbcode_uid = make_bbcode_uid(); ) |
|
| Post #6 |
|
|
|
Thu Jun 02, 2005 8:41 am |
|
| Author |
Message |
aUsTiN
Webmaster
 
Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
|
| Post subject: |
|
|
You cant comment out lines in files like that. Everything is where its at for reasons (be it my mod or someone elses).
You need to add
include_once($phpbb_root_path .'includes/bbcode.'. $phpEx);
to the top of whatever file having the above error. That doesnt mean add it to phpbb_security.php, the file you are viewing when you get the error. |
|
| Post #7 |
|
|
|
Fri Jun 03, 2005 8:08 pm |
|
| Author |
Message |
tormentor
Amature TweakeR
Joined: 31 May 2005
Posts: 14
Words Posted: 2,710
Average Post: 193.57
|
| Post subject: |
|
|
I found the fix Austin, it's here:
http://www.project-minerva.org/home/index.php?file=kb&module=kb&mode=article&k=16&page_num=11&start=0
The bbcode parse in Minerva R3 is now implemented as a class, so all bbcode functions need to be referenced accordingly. This should simply require that you prefix bbcode functions with 'bbcode_parse->'. See the example code below which shows how '$bbcode_parse->' has been correctly inserted
So the fix is:
open includes/phpbb_security.php
find
make_bbcode_uid();
replace with
bbcode_parse->make_bbcode_uid();
(2 times)
and it works. I'll post here the full fix soon, thank you Austin.
However I uninstalled Minerva R3 because it has a lot of bugs (it's a beta) and I'm not able to fix them all ...
I hope that it can be of some help anyway ...
Thank you again for you great mod (and it works well on my new integramod phpbb...) |
|
| Post #8 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Protected by phpBB Security © phpBB-TweakS
phpBB Security Has Blocked 3,237 Exploit Attempts.
· Archive · Sitemap: Index · Sitemap: Forums · Sitemap: Topics · Sitemap: Posts ·
:: [ Load Time: 2.8 Seconds ] :: [ 29 Queries ] :: [ 3,494 Page(s) Viewed Today ] ::
:: [ Todays Queries: 97,616 ] :: [ Highest Load: 1,396,429 Queries On May. 08, 2007 ] ::
:: [ SQL Load: 61% Time: 1.7 ] :: [ PHP Load: 39% Time: 1.1 ] :: [ Debug: On ] :: [ GZIP: Enabled ] ::
:: The server last rebooted 80 days, 2 hours, 5 minutes, 27 seconds ago. ::
|
|
|
phpBB Security 
?
!! Thanks 
!