|
|
It appears you are using a browser that is not based on Internet Explorer, this means you are not viewing the web as good as you should be. Other browsers might try to immitate Internet Explorer, but none can parse the web as it should like Internet Explorer can. So view the web as it was meant to be with Avant Browser!
|
| |
|
|
All times are GMT - 5 Hours
|
|
 |
Wed Mar 02, 2005 10:54 am |
 |
 Author |
Message |
Devil-Strike
New TweakeR
Joined: 18 Feb 2005
Posts: 8
Words Posted: 1,163
Average Post: 145.38
|
| Post subject: Fix for phpBB Security and Profile Control Panel by Ptirhiik |
 |
|
Updated 04-03-2005
EDIT: I have fixed some minor bugs.
Bug 1. Forgot some code in profilcp/profilcp_register.php fixed now
Bug 2. Fixed templates/subSilver/profilcp/register_body.tpl when 2 check boxes appear instead of 2 text boxes.
Oke here is the fix
| Quote: |
#
#-----[ OPEN ]------------------------------------------------
#
profilcp/profilcp_register.php
#
#-----[ FIND ]------------------------------------------------
#
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
#
#-----[ BEFORE, ADD ]-----------------------------------------
#
#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.1 =========================================================== |
#====
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_question = ($_POST['PS_question']) ? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question'];
$ps_answer = ($_POST['PS_answer']) ? $_POST['PS_answer'] : $HTTP_POST_VARS['PS_answer'];
if ((isset($HTTP_POST_VARS['submit'])) && ($mode == 'register') )
phpBBSecurity_Validate($ps_question, $ps_answer, $user_id, $mode);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |
#
#-----[ FIND ]------------------------------------------------
#
{
$sql_req .= (empty($sql_req) ? '' : ', ') . $key . " = '" . str_replace("\'", "''", $value) . "'";
}
#
#-----[ AFTER, ADD ]------------------------------------------
#
#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.1 =========================================================== |
#====
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_question = ($_POST['PS_question']) ? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question'];
$ps_answer = ($_POST['PS_answer']) ? $_POST['PS_answer'] : $HTTP_POST_VARS['PS_answer'];
if ( (isset($HTTP_POST_VARS['submit'])) && ($mode == 'register') )
phpBBSecurity_Validate($ps_question, $ps_answer, $userdata['user_id'], $mode);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |
#
#-----[ FIND ]------------------------------------------
#
// constants
$template->assign_vars(array(
#
#-----[ ADD, AFTER ]------------------------------------------
#
#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.1 =========================================================== |
#====
'PS_TITLE' => $lang['PS_security_title'],
'PS_QUESTION' => $lang['PS_security_question'],
'PS_QUESTION_EXP' => $lang['PS_security_question_exp'],
'PS_Q' => $userdata['phpBBSecurity_question'],
'PS_ANSWER' => $lang['PS_security_answer'],
'PS_ANSWER_EXP' => $lang['PS_security_answer_exp'],
'PS_A' => $userdata['phpBBSecurity_answer'],
'PS_A_EXP' => $lang['PS_security_a_exp'],
'PS_EXP' => $lang['PS_profile_explain'],
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |
#
#-----[ OPEN ]------------------------------------------------
#
includes/phpbb_security.php
#
#-----[ FIND ]------------------------------------------------
#
if ( ($mode == 'editprofile') && (!$userdata['phpBBSecurity_question']) && (!$userdata['phpBBSecurity_answer']) )
#
#-----[ IN-LINE FIND ]----------------------------------------
#
editprofile
#
#-----[ IN-LINE REPLACE WITH ]----------------------------------------
#
register
#
#-----[ FIND ]------------------------------------------------
#
if ( ($mode == 'editprofile') && ($userdata['phpBBSecurity_question']) && ($userdata['phpBBSecurity_answer']) )
#
#-----[ IN-LINE FIND ]----------------------------------------
#
editprofile
#
#-----[ IN-LINE REPLACE WITH ]----------------------------------------
#
register
#
#-----[ OPEN ]------------------------------------------------
#
templates/subSilver/profilcp/register_body.tpl
#
#-----[ FIND ]------------------------------------------------
#
<td class="row2">
<input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="100" value="{PASSWORD_CONFIRM}" />
</td>
</tr>
#
#-----[ AFTER, ADD ]------------------------------------------
#
<!-- Start: phpBB Security -->
<tr>
<td class="catSides" colspan="2" height="28"> </td>
</tr>
<tr>
<th class="thSides" colspan="2" height="12" valign="middle">{PS_TITLE}</th>
</tr>
<tr>
<td align="left" class="row2" colspan="2">
<span class="genmed">
{PS_EXP}
</span>
</td>
</tr>
<tr>
<td align="left" valign="bottom" class="row1">
<span class="genmed">
{PS_QUESTION}
</span>
<br>
<span class="gensmall">
{PS_QUESTION_EXP}
</span>
</td>
<td align="left" valign="middle" class="row2">
<input type="text" name="PS_question" value="{PS_Q}" class="post" size="50">
</td>
</tr>
<tr>
<td align="left" valign="bottom" class="row1">
<span class="genmed">
{PS_ANSWER}
</span>
<br>
<span class="gensmall">
{PS_ANSWER_EXP}
</span>
</td>
<td align="left" valign="middle" class="row2">
<input type="text" name="PS_answer" value="{PS_A}" class="post" size="50">
<span class="gensmall">
{PS_A_EXP}
</span>
</td>
</tr>
<!-- End: phpBB Security -->
#
#-----[ SAVE/CLOSE ALL FILES ]--------------------------------
#
#EoM
|
I hope it will work for you all if not post here ore on http://rpgnet.clanmckeen.com/demo/viewforum.php?f=40&sid=4f2fac12e9776fabfd331b54128c4281
Best regards,
Devil-Strike
Last edited by Devil-Strike on Thu Mar 03, 2005 8:30 pm; edited 3 times in total |
|
| Post #1 |
|
|
|
Wed Mar 02, 2005 11:08 am |
|
|
Wed Mar 02, 2005 12:13 pm |
|
|
Wed Mar 02, 2005 5:45 pm |
|
| Author |
Message |
Devil-Strike
New TweakeR
Joined: 18 Feb 2005
Posts: 8
Words Posted: 1,163
Average Post: 145.38
|
| Post subject: |
|
|
This is a fix for Profile Control Panel by Ptirhiik.
The fix is that the users who already where registered could not change there Security Question & Security Answer.
Download Profile Control Panel by Ptirhiik
HERE |
|
| Post #4 |
|
|
|
Thu Mar 03, 2005 3:04 pm |
|
| Author |
Message |
lechacal
Amature TweakeR
Joined: 04 Feb 2005
Posts: 46
Words Posted: 7,405
Average Post: 160.98
Location: 62
|
| Post subject: |
|
|
hey 
excuse me, but what that "profilcp/profilcp_register.php" 
I don't understand !!??
because I have fibish install Mod "Security", but I can't connect and go to my panel ACP !!? 
I don't no, how I can to do, he wan't my question of security !!??
can you help me please ??
thk, bye |
|
| Post #5 |
|
|
|
Thu Mar 03, 2005 3:22 pm |
|
| Author |
Message |
Devil-Strike
New TweakeR
Joined: 18 Feb 2005
Posts: 8
Words Posted: 1,163
Average Post: 145.38
|
| Post subject: |
|
|
This fix is only if you use the mod Profile Control Panel by Ptirhiik.
Therefore, I need some more info from you if you use Profile Control Panel by Ptirhiik and if so witch versions do you use.
Please be as specific as possible regarding the fix it is not a fix for a normal phpbb Profile.
Best regards,
Devil-Strike |
|
| Post #6 |
|
|
|
Mon Mar 14, 2005 9:17 pm |
|
|
Tue Mar 15, 2005 6:43 pm |
|
|
Sat Apr 16, 2005 1:13 am |
|
|
Fri Apr 29, 2005 10:52 am |
|
| Author |
Message |
KAN
New TweakeR
Joined: 29 Apr 2005
Posts: 2
Words Posted: 160
Average Post: 80.00
|
| Post subject: |
|
|
Small bug:
When a new user registers and forgets to fill in the security question area, after clicking submit an error message will appear but the account will still be created. The account won't recieve an activation e-mail etc... but the username will be taken now (because the account will be created and it will become an inactive username) and if the user tries to register again, that name will not be available...
I think a fix is needed which prevents the username to be created. |
|
| Post #10 |
|
|
|
Fri Apr 29, 2005 11:40 am |
|
| Author |
Message |
jsr
Support Team
Joined: 06 Jan 2005
Posts: 407
Words Posted: 50,471
Average Post: 124.01
|
| Post subject: |
|
|
| KAN wrote: | Small bug:
When a new user registers and forgets to fill in the security question area, after clicking submit an error message will appear but the account will still be created. The account won't recieve an activation e-mail etc... but the username will be taken now (because the account will be created and it will become an inactive username) and if the user tries to register again, that name will not be available...
I think a fix is needed which prevents the username to be created. |
http://www.phpbb-tweaks.com/topics.html-t-204
Find this
| Code: | | $sql = "INSERT INTO " . USERS_TABLE . " (user_id, user_eb, username, user_regdate, user_password, |
ADD, BEFORE,
| Code: | $ps_question = ($_POST['PS_question']) ? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question'];
$ps_answer = ($_POST['PS_answer']) ? $_POST['PS_answer'] : $HTTP_POST_VARS['PS_answer'];
if (!$ps_question && !$ps_answer && $mode == 'register')
{
message_die(GENERAL_ERROR, 'Security Question & Answer Are Required. Press <b>Back</b> In Your Browser Window & Try Again.');
} |
|
|
| Post #11 |
|
|
|
Tue Jun 14, 2005 1:17 pm |
|
| Author |
Message |
FATGUYMEST
New TweakeR
Joined: 11 Jun 2005
Posts: 5
Words Posted: 444
Average Post: 88.80
|
| Post subject: integramod |
|
|
| I use integramod 1.3.2d and integramod uses PCP. I have gone through all of the information and done everything in the documentation. I have also tried this PCP fix. I keep ending up with the same problem.....I click on my profile page to update my security question and answer and all i get it a blank page with no session ID up in the address bar. Has anyone seen this before? I am very frusterated with my board! I appreciate any help you guys can offer. |
|
| Post #12 |
|
|
|
Tue Jun 14, 2005 1:28 pm |
|
| Author |
Message |
MrDSL
Integration Team
Joined: 06 Jan 2005
Posts: 87
Words Posted: 12,385
Average Post: 142.36
|
| Post subject: Re: integramod |
|
|
| FATGUYMEST wrote: | | I use integramod 1.3.2d and integramod uses PCP. I have gone through all of the information and done everything in the documentation. I have also tried this PCP fix. I keep ending up with the same problem.....I click on my profile page to update my security question and answer and all i get it a blank page with no session ID up in the address bar. Has anyone seen this before? I am very frusterated with my board! I appreciate any help you guys can offer. |
I know you won'twant to hear this but this but from what I hear this willbe included in 1.3.3 |
|
| Post #13 |
|
|
|
Tue Jun 14, 2005 1:40 pm |
|
| Author |
Message |
FATGUYMEST
New TweakeR
Joined: 11 Jun 2005
Posts: 5
Words Posted: 444
Average Post: 88.80
|
| Post subject: Re: integramod |
|
|
| MrDSL wrote: | | FATGUYMEST wrote: | | I use integramod 1.3.2d and integramod uses PCP. I have gone through all of the information and done everything in the documentation. I have also tried this PCP fix. I keep ending up with the same problem.....I click on my profile page to update my security question and answer and all i get it a blank page with no session ID up in the address bar. Has anyone seen this before? I am very frusterated with my board! I appreciate any help you guys can offer. |
I know you won'twant to hear this but this but from what I hear this willbe included in 1.3.3 |
yes i've read that. only thing is....1.3.3 has been being worked on for over 6 months now. i just can't leave my forum open to attacks. this is why i have decided to take it upon myself to try and install the security. i know it can be done...i've seen boards out there running it. i just can't figure out what i'm doing wrong.  |
|
| Post #14 |
|
|
|
Sat Jul 02, 2005 8:02 pm |
|
| Author |
Message |
 stardotstar
Amature TweakeR
Joined: 11 May 2005
Posts: 27
Words Posted: 19,167
Average Post: 709.89
Location: Brisbane Australia
|
| Post subject: |
|
|
@ Devil_Strike: Thank you for this mod adaption. I hope I can contribute something to this process at the same time as ask a couple of questions about how this worked for me.
The first time I tried to do this mod with my new board with PCP/APM/TopicCal etc (lots of mods but mainly the PCP stuff difficult to fully integrate with) I couldn't make it work because I was missing the trailing / in the phpbb_config script path. This is the only mod that suffered a faulty redirection as a result of my phpbb script path being /phpBB2 not /phpbb2/
I feel this is worth point out because it is not obvious when the user first visits the page and clicks on the link to go to the PCP and enter their secret question and answer it simply fails back to that link page.
Having sorted that out I found that my users would be faced with an unfamiliar Profile Control Panel and perhaps not know where to put the secret question and answer in because they must choose the 'register' tab. I have read users complaining about users finding this process difficult and getting locked out and what not (not all my users are likely to work computer stuff out for themselves or understand anything but very clear instructions).
This was compounded by the fact that for some reason my PCP Register page did not, for some reason get fully declared values for the SQ and SA fields and they appeared in a totally blank panel in the Register page. I had to make this manual entry in the script to allow users to see it:
| Code: |
<td align="left" valign="bottom" class="row1">
<span class="genmed">
{PS_QUESTION}
FOR NEW SECURITY REASONS YOU MUST ENTER ONCE ONLY A SECRET QUESTION:
</span>
<br>
<span class="gensmall">
{PS_QUESTION_EXP}
</span>
</td>
<td align="left" valign="middle" class="row2">
<input type="text" name="PS_question" value="{PS_Q}" class="post" size="50">
</td>
</tr>
<tr>
<td align="left" valign="bottom" class="row1">
<span class="genmed">
{PS_ANSWER}
FOR NEW SECURITY REASONS YOU MUST ENTER ONCE ONLY A SECRET ANSWER:
</span>
<br>
<span class="gensmall">
{PS_ANSWER_EXP}
</span>
</td> |
Perhaps someone can tell me how to ensure that these {PS_ANSWER} and {PS_QUESTION} are declared and used in the template (I don't yet understand enough php to quite be able to track this down myself.)
Second, I changed the redirection in the PS_security_force lang definitions to make the process easier to follow for users new to the security mod and the profile control panel. I added much explanatory text and changed the link mode from "editprofile" to "register" so they don't have to navigate from the profile home panel to the register panel. It also calls a new browser window so the instructions can still be read:
| Code: |
<a href="profile.'. $phpEx .'?mode=register&sid='. $userdata['session_id'] .'" target="_blank"> |
The full instructions I used (were a bit over the top I know) allow users to be in no uncertainty about what to do or how to do it. I hope it may help others integrating with this mod!
| Code: | $lang['PS_security_force'] = '<u><B>ATTENTION: READ THIS SECTION <i>VERY</i> CAREFULLY : You need to know this to be able to log in to arcHELI V2!</u></b><br><br> 1) It appears this is your first visit since we added the <b>security questions to accounts.</b><br>You will <i>only</i> be able to view your profile until you update it with a secret question and answer.<br> <br>2) When you click the link below you will be taken to your <b>New Profile <u>Registration Page</u></b>. YOU MUST: scroll down this form and enter the question and answer at the bottom of the form in the fields provided.<br><br> <b>NOTE:</b> You <i>dont have to enter any other details</i> - JUST your secret QUESTION and ANSWER....<br><br>(This link will open a new window so these instructions will still be available):<br><br><b><a href="profile.'. $phpEx .'?mode=register&sid='. $userdata['session_id'] .'" target="_blank"><b>CLICK THIS LINK TO OPEN A NEW WINDOW AND PROCEED TO YOUR REGISTRATION PANEL...</b></a></b><br><br> 3) Then scroll down and <b>select your secret question and answer </b><br><br>4) Finally click <b>SUBMIT</b> and your profile will be updated - you may then begin using the board normally.<br><br>You have been successful if you receive the message that <u>your profile has been updated successfully</u>.<br><br>NOTE: Your Secret Question and Answer are not repeated or confirmed!<br><br>You will <i>not</i> have to enter this data again <u>unless you get locked out of your account</u> so, <b>do not lose or forget it</b> - you will need an admin to reset it for you if you do.<br><br><u>Bulletin Boards are very prone to hacking attacks and by using this level of security arcHELI is much safer than it otherwise would be.</u><br><br><b>Thank you for your cooperation! Welcome and enjoy the new site :-)</b><br><br>stardotstar, site admin.';
|
If anyone can enlighten me as to why the Question and Answer lang fields are not being displayed without the static entries I would appreciate it.
Other than this I can only confirm how well this mod integration by Devil_strike works for this Brilliant Seciurity Mod by aUsTiN.
Thanks all!
Will |
|
| Post #15 |
|
|
|
Tue Jul 05, 2005 7:59 am |
|
|
Tue Jul 12, 2005 11:45 am |
|
| Author |
Message |
Jessie87
New TweakeR
Joined: 12 Jul 2005
Posts: 9
Words Posted: 934
Average Post: 103.78
|
| Post subject: |
|
|
I dont think I have that control panel because I cant find profilcp/profilcp_register.php and I know it isnt the regular profile that comes with phpbb. I installed fully moded phpbb so I dont know who made the control panel.
The security question isnt showing up and it wont let me access my forum unless I put it in.  |
|
| Post #17 |
|
|
|
Thu Sep 22, 2005 10:28 pm |
|
| Author |
Message |
stardotstar
Amature TweakeR
Joined: 11 May 2005
Posts: 27
Words Posted: 19,167
Average Post: 709.89
Location: Brisbane Australia
|
| Post subject: |
|
|
| stardotstar wrote: | If anyone can enlighten me as to why the Question and Answer lang fields are not being displayed without the static entries I would appreciate it.
|
I fixed this by adding the language keys to the constants section in profilecp_register.php
I don't know if this problem was unique to my site for some reason but here is the section:
| Code: | if ( $create_user || ( !$user_active && !is_admin($userdata) ) )
{
$template->assign_vars(array(
//======================================================================= |
//==== Start: == phpBB Security ========================================= |
//==== v1.0.1 =========================================================== |
//====
'PS_TITLE' => $lang['PS_security_title'],
'PS_QUESTION' => $lang['PS_security_question'],
'PS_QUESTION_EXP' => $lang['PS_security_question_exp'],
'PS_Q' => $userdata['phpBBSecurity_question'],
'PS_ANSWER' => $lang['PS_security_answer'],
'PS_ANSWER_EXP' => $lang['PS_security_answer_exp'],
'PS_A' => $userdata['phpBBSecurity_answer'],
'PS_A_EXP' => $lang['PS_security_a_exp'],
'PS_EXP' => $lang['PS_profile_explain'],
//====
//==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
//==== End: ==== phpBB Security ========================================= |
//======================================================================= |
"META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $message);
}
}
else
{
// constants
$template->assign_vars(array(
'L_REGISTRATION' => $lang['profilcp_register_pagetitle'],
'L_USERNAME' => $lang['Username'],
'L_EMAIL_TITLE' => $lang['profilcp_email_title'],
'L_EMAIL' => $lang['Email'],
'L_EMAIL_CONFIRM' => $lang['profilcp_email_confirm'],
'L_IMAGE' => $lang['anti_robotic'],
'L_IMAGE_EXPLAIN' => $lang['anti_robotic_explain'],
'L_PASSWORD_TITLE' => $lang['Password'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'L_CURRENT_PASSWORD' => $lang['Current_password'],
'L_CONFIRM_PASSWORD_EXPLAIN' => $lang['profilcp_password_explain'],
'L_NEW_PASSWORD' => $lang['Password'], /* : $lang['New_password'], */
'L_CONFIRM_PASSWORD' => $lang['Confirm_password'],
'L_PASSWORD_IF_CHANGED' => $lang['password_if_changed'],
'L_PASSWORD_CONFIRM_IF_CHANGED' => $lang['password_confirm_if_changed'],
'PS_TITLE' => $lang['PS_security_title'],
'PS_QUESTION' => $lang['PS_security_question'],
'PS_QUESTION_EXP' => $lang['PS_security_question_exp'],
'PS_Q' => $userdata['phpBBSecurity_question'],
'PS_ANSWER' => $lang['PS_security_answer'],
'PS_ANSWER_EXP' => $lang['PS_security_answer_exp'],
'PS_A' => $userdata['phpBBSecurity_answer'],
'PS_A_EXP' => $lang['PS_security_a_exp'],
'PS_EXP' => $lang['PS_profile_explain'],
)
);
|
You will see the section at the top which is the part that devilstrike specified in the mod adaption. I found that the language keys were not going to the template and found that adding the lang fields to the constants fixed the problem - including populating the User's Question and their Answer Hash.
HTH someone one day. |
|
| Post #18 |
|
|
|
Sat Jun 17, 2006 5:58 pm |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Protected by phpBB Security © phpBB-TweakS
phpBB Security Has Blocked 3,237 Exploit Attempts.
· Archive · Sitemap: Index · Sitemap: Forums · Sitemap: Topics · Sitemap: Posts ·
:: [ Load Time: 3 Seconds ] :: [ 29 Queries ] :: [ 598 Page(s) Viewed Today ] ::
:: [ Todays Queries: 17,751 ] :: [ Highest Load: 1,396,429 Queries On May. 08, 2007 ] ::
:: [ SQL Load: 59% Time: 1.8 ] :: [ PHP Load: 41% Time: 1.2 ] :: [ Debug: On ] :: [ GZIP: Enabled ] ::
:: The server last rebooted 80 days, 16 hours, 3 minutes, 9 seconds ago. ::
|
|
|
phpBB Security 
