Loaded Admin Secure 1.7 on 6.5 - help !!!!!!!

Nuke Soldier Joined: Oct 23, 2003 Posts: 24

Hi.

I loaded the 1.7 version on 2 of my sites - loaded great - got security codes - wrote tables to db - moded admin, main and auth as intal text says - one site is live- one test -both running 6.5 - big problems on both.

Test site first - getting these error messages:

Quote:

Parse error: parse error in /home/tdgtws/public_html/mainfile.php on line 220

Warning: get_lang(admin/language/lang-.php): failed to open stream: No such file or directory in /home/tdgtws/public_html/mainfile.php on line 188

Warning: get_lang(): Failed opening 'admin/language/lang-.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/tdgtws/public_html/mainfile.php on line 188

Fatal error: Call to a member function on a non-object in /home/tdgtws/public_html/admin.php on line 38

Main file up to line 200 is:

Code:

?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
function nuke_getRootPath() {
$ret = "./";
if (eregi('\/modules\/[^\/]+\/[^\/]+\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../../../"; }
else if (eregi('\/modules\/[^\/]+\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../../"; }
else if (eregi('\/modules\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../"; }
return $ret;
}
require_once(nuke_getRootPath().'includes/asfunc.php');
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
   $do_gzip_compress = TRUE;
   ob_start();
   ob_implicit_flush(0);
   //header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("I don't like you...");
}
}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
Header("Location: index.php");
die();
}
}

if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif ($inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

$mainfile = 1;
$sql = "SELECT sitename, nukeurl, site_logo, slogan, startdate, adminmail, anonpost, Default_Theme, foot1, foot2, foot3, commentlimit, anonymous, minpass, pollcomm, articlecomm, broadcast_msg, my_headlines, top, storyhome, user_news, oldnum, ultramode, banners, backend_title, backend_language, language, locale, multilingual, useflags, notify, notify_email, notify_subject, notify_message, notify_from, footermsgtxt, email_send, attachmentdir, attachments, attachments_view, download_dir, defaultpopserver, singleaccount, singleaccountname, numaccounts, imgpath, filter_forward, moderate, admingraphic, httpref, httprefmax, CensorMode, CensorReplace, copyright, Version_Num FROM ".$prefix."_config";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$sitename = $row[sitename];
$nukeurl = $row[nukeurl];
$site_logo = $row[site_logo];
$slogan = $row[slogan];
$startdate = $row[startdate];
$adminmail = $row[adminmail];
$anonpost = $row[anonpost];
$Default_Theme = $row[Default_Theme];
$foot1 = $row[foot1];
$foot2 = $row[foot2];
$foot3 = $row[foot3];
$commentlimit = $row[commentlimit];
$anonymous = $row[anonymous];
$minpass = $row[minpass];
$pollcomm = $row[pollcomm];
$articlecomm = $row[articlecomm];
$broadcast_msg = $row[broadcast_msg];
$my_headlines = $row[my_headlines];
$top = $row[top];
$storyhome = $row[storyhome];
$user_news = $row[user_news];
$oldnum = $row[oldnum];
$ultramode = $row[ultramode];
$banners = $row[banners];
$backend_title = $row[backend_title];
$backend_language = $row[backend_language];
$language = $row[language];
$locale = $row[locale];
$multilingual = $row[multilingual];
$useflags = $row[useflags];
$notify = $row[notify];
$notify_email = $row[notify_email];
$notify_subject = $row[notify_subject];
$notify_message = $row[notify_message];
$notify_from = $row[notify_from];
$footermsgtxt = $row[footermsgtxt];
$email_send = $row[email_send];
$attachmentdir = $row[attachmentdir];
$attachments = $row[attachments];
$attachments_view = $row[attachments_view];
$download_dir = $row[download_dir];
$defaultpopserver = $row[defaultpopserver];
$singleaccount = $row[singleaccount];
$singleaccountname = $row[singleaccountname];
$numaccounts = $row[numaccounts];
$imgpath = $row[imgpath];
$filter_forward = $row[filter_forward];
$moderate = $row[moderate];
$admingraphic = $row[admingraphic];
$httpref = $row[httpref];
$httprefmax = $row[httprefmax];
$CensorMode = $row[CensorMode];
$CensorReplace = $row[CensorReplace];
$copyright = $row[copyright];
$Version_Num = $row[Version_Num];
$domain = eregi_replace("http://", "", $nukeurl);
$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

if ($forum_admin != 1) {
if (isset($newlang) AND !eregi("\.","$newlang")) {
if (file_exists("language/lang-$newlang.php")) {
   setcookie("lang",$newlang,time()+31536000);
   include("language/lang-$newlang.php");
   $currentlang = $newlang;
} else {
   setcookie("lang",$language,time()+31536000);
   include("language/lang-$language.php");
   $currentlang = $language;
}
} elseif (isset($lang)) {
include("language/lang-$lang.php");
$currentlang = $lang;
} else {
setcookie("lang",$language,time()+31536000);
include("language/lang-$language.php");
$currentlang = $language;
}
}

function get_lang($module) {
global $currentlang, $language;
if (file_exists("modules/$module/language/lang-$currentlang.php")) {
if ($module == admin) {
   include_once("admin/language/lang-$currentlang.php");
} else {
   include_once("modules/$module/language/lang-$currentlang.php");
}
} else {
if ($module == admin) {
   include_once("admin/language/lang-$currentlang.php");
} else {
   include_once("modules/$module/language/lang-$language.php");
}
}
}

//function is_admin($admin) { //
//modded admin secure//
function is_admin($admin) {
return asec_isAdmin($admin);
}
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {

Asmin file to line 40 is :

Code:

<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/

require_once("mainfile.php");
get_lang(admin);

function create_first($name, $url, $email, $pwd, $user_new) {
global $prefix, $db, $user_prefix;
$first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
if ($first == 0) {
$pwd = md5($pwd);
$the_adm = "God";
$sql = "INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')";
$db->sql_query($sql);
if ($user_new == 1) {
   $user_regdate = date("M d, Y");
   $user_avatar = "blank.gif";
   $commentlimit = 4096;
   if ($url == "http://") { $url = ""; }
   $sql = "INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit','english','D M d, Y g:i a')";
   $db->sql_query($sql);
}
login();
}
}

$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
if ($the_first == 0) {
if (!$name) {

Help please
Thank you

Support Mod Joined: Feb 15, 2004 Posts: 806

is_admin() function is not modified properly. Smile

Here the problem:

Code:

//function is_admin($admin) { //
//modded admin secure//
function is_admin($admin) {
return asec_isAdmin($admin);
}
global $prefix, $db;
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
$aid = "$admin[0]";
$pwd = "$admin[1]";
} else {
...

If you're not familiar with PHP, you can remove is_admin() function completely and replace with new function calling to Admin Secure admin check function. This is a sample layout, where is_admin() function located between get_lang() and is_user() function. Use this to guide you modify mainfile.php:

Code:

I hope this can solve the problem.
Good luck. Smile