I believe I found a fix for a bug in the nc bundle when your logged in as admin and you go to the forums admin page you get an error stating " your not authorised to administer this board " .I found this fix accidently actually,What I did was is I typed your not authorised to administer this board in google and one search brought me to the nuke cvs page for pagestart.php http://cvs.nukecops.com/co.php/modules/Forums/admin/pagestart.php?r=1.3 .I noticed a message die contained this error so I Investaged and searched for differences in coding.There was a few versions of it so i took the 1.2 version and uploaded it to .\modules\forums\admin\ directory.I click to admin the forums and it worked.I went back to the cvs page for pagestart.php and did a diff w/ 1.2 and 1.3 http://cvs.nukecops.com/diff.php/modules/Forums/admin/pagestart.php?r1=1.2&r2=1.3&ty=h .Apparently the 1.3 update was a security patch and in the coding there was a noticable difference that seemed like a mistake.
The 1.2 version around line 77 had ....
if ($radminsuper == 1 OR $radminforum == 1) {
The 1.3 version had ....
if ($radminsuper != 1 OR $radminforum != 1) {
The difference is that after if ($radminsuper in 1.2 had == as well as OR $radminforum .in 1.3 version instead of == it had != .
To fix.... take the 1.3 version replace ! with = .save ->upload to [root]\modules\Forums\admin\
.go to admin->forums and it should work.
I saw alot of people had this problem and wasnt using the nc bundle rather the 6.0 w/ bbtonuke mod.Whoever has this problem and doesnt have nc bundle and is using a different nuke version and this fix helps please reply and state the nuke version you use, so that it helps others decide if this fix is for them.
Also another fix is just take the 1.2 file from cvs and upload.Yes that works too but since 1.3 was a security update I dont recommend doing this as this may defeat the update purpose and can be a threat to your boards security.
If possible can an admin clarify about the ! instead of = and was it a mistake or it was there on purpose?
gr82meetu78 Nuke Soldier
Joined: Nov 09, 2003
Posts: 16
Posted:
Sun Nov 09, 2003 9:11 pm
I'm not the admin, but that is/was a serious friggin logic error.
== meansTHIS IS EQUAL TO THAT
!= means THIS IS NOT EQUAL TO THAT
so a statement like
if(a==b){
echo "a and b are the same";
}elseif(a != b){
echo "a and b are different";
}
Also be careful with OR, in a comparison statement it is very rare to use literal OR you should use || instead. Whoever is placing OR all over the place in this code is just praying for a break in the future when PHP abandons trying to be perl compatible.
OR isn't really considered best practice anymore.
Thank you D1ab70 for the fix, to be honest I would never have caught it.
The statment is just evaluating whether a person has permission to admin the board.
$radminsuper is a flag that is set if you are the site admin (superuser)
$radminforum is a flag that is set if you are a forum admin
They evaluate as follows
1=TRUE
0=FALSE
So assuming the line in question contains a die statement it probably looks something like this
if ($radminsuper == 1 OR $radminforum == 1) {
die_message("You are not authorized");
}
When in fact it should have read
if($radminsuper != 1 || $radminforum !=1){
die_message("You are niether a site admin nor are you a forum admin");
}
Well I'm off to find this piece of screwup in my own site now, since I have been locked out for over 24 hours, with no luck at finding the problem
gr82meetu78 Nuke Soldier
Joined: Nov 09, 2003
Posts: 16
Posted:
Sun Nov 09, 2003 9:27 pm
Hey there was something for you I forgot
I just got to looking at the code in the page you mentioned.
Here is the fix in it's entirety
extract($row);
if ($radminsuper != 1 && $radminforum != 1) {
message_die(GENERAL_MESSAGE, "You are not authorised to administer this board");
}
The extract is needed because $radminsuper and $radminforum remained undefined otherwise.
Man who is doing QC for the code around these parts lately?
IACOJ Major
Joined: Jan 15, 2003
Posts: 1269
Location: USA
Posted:
Fri Nov 14, 2003 11:21 am
Please download the security patch released today. There is a link to it from the news article on the front page.
Hi the last update to the bundle end of october caused some issues. We cannot locate the developer however we fixed the bundle to working order again.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
D1ab70 Nuke Soldier
Joined: Jul 18, 2003
Posts: 14
Posted:
Mon Nov 17, 2003 2:09 pm
sorry, gr82meetu78 for not getting back right away ive been away for a while but it seems a new security patch iacoj just posted.im gonna try that fix and revert the file and see if it works.thanks zx for fixing the bundle while chatserv has been out.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
