phpbbSecurity_Guests() error & fix

2006-05-02T08:40:09-07:00

ooOHHHH. I thought that was weird that it hadn't been caught already. I will look into that. Thanks Dragon.

Statistics: Posted Author: Kate — Tue May 02, 2006 8:40 am

Re: phpbbSecurity_Guests() error & fix

2006-05-02T06:20:47-07:00

Did you use the update for IM or the regular Security update?

You can find the IM version here - http://www.integramod.com/forum/dload.p ... file_id=10

Statistics: Posted Author: Dragonsys — Tue May 02, 2006 6:20 am

phpbbSecurity_Guests() error & fix

2006-05-02T05:42:31-07:00

Hi all,

I performed the upgrade this morning from 1.0.4/2.0.19 to 1.0.4/2.0.20 and got the phpbbSecurity_Guests() error.

After an initial pass I noticed that some of my IM files had the phpBB Security mods for 1.0.2, not 1.0.3. So I went through the upgrade script and found a few things my files were missing (below). So far, things work. But I'm not very familiar with PCP or with the Security mod, so I'd like someone to double check me.

I could not find the mods IM has made with respect to registering since IM uses profilcp, the below are fixes in austin's upgrade instructions that I did not do. Can someone familiar with PS and the profilcp please tell me where to look?

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/usercp_register.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#');
$unhtml_specialchars_replace = array('>', 'sql_query($q);
}
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

//
// Did the user submit? In this case build a query to update the users profile in the DB
//
if ( isset($HTTP_POST_VARS['submit']) )
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
if ($mode == 'editprofile' || $mode == 'register')
{
if ( ($username == $password_confirm) && (isset($board_config['phpBBSecurity_use_password_match'])) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['PS_pass_match_error'];
}

if ( (strlen($password_confirm) < $baord_config['phpBBSecurity_password_min_length']) && (isset($board_config['phpBBSecurity_use_password_length'])) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['PS_pass_length_error'];
}
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

if ( !$error )
{

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
if ($userdata['user_password'] != $pass_check)
{
$sessiondata = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : array();
$sessiondata['autologinid'] = ($sessiondata['autologinid'] == $userdata['user_password']) ? $pass_check : '';
$sessiondata['userid'] = $userdata['user_id'];
$sessionmethod = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? SESSION_METHOD_COOKIE : SESSION_METHOD_GET;

setcookie($board_config['cookie_name'] .'_data', serialize($sessiondata), (time() + 31536000), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
setcookie($board_config['cookie_name'] .'_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$s_hidden_fields .= '';

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$s_hidden_fields .= ($in_from == 'phpBBSecurity') ? '' : '';
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

FIXES

##############################################################
##
## MOD Title: phpBB Security 1.0.3 fix to
## Integramod 1.4.0 (phpBB v. 2.0.20)
##
## MOD Author: Kate (kate_eryn@hotmail.com)
##
##############################################################

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_ug_auth.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$user_id = intval($user_id);
$group_id = intval($group_id);
$adv = intval($adv);
$mode = htmlspecialchars($mode);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$owner = '2';

if (isset($HTTP_POST_VARS['submit']))
{
if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/index.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$template->set_filenames(array(
"body" => "admin/index_body.tpl")
);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$secfile = @file('http://phpbb-tweaks.com/secver.txt');
$msg = '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '';
$msg .= '
';
$msg .= 'phpBB Security Status';
$msg .= '
';
$msg .= '';
if (!$secfile)
$msg .= 'Sorry, I was unable to get version data at this time. Please try later.';

if ($secfile)
{
$newest_ver = $secfile[0];
$this_ver = $board_config['phpBBSecurity_version'];

if ($newest_ver == $this_ver)
$msg .= 'The newest release is '. $newest_ver .'. The version you are using is
'. $this_ver .'. So I would have to say you are up to date!';
else
$msg .= 'The newest release is '. $newest_ver .'. The version you are using is
'. $this_ver .'. So I would have to say you need to upgrade ASAP!';
}

$msg .= '';
$msg .= '

';
echo $msg;
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/page_header.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.2 =========================================================== |
#====

phpBBSecurity_Cookies();
phpBBSecurity_FinalSet();
phpBBSecurity_DBBackup();

/* removed by PCP Extra :: force_required() below will manage this...
# Only allow them to login & view profile to update it
if ($_SERVER['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
$is_valid = TRUE;
elseif ($_SERVER['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
$is_valid = TRUE;
else
$is_valid = '';

if ( (!$is_valid) && (!$gen_simple_header) )
{
# Make sure they are not a guest
if ($userdata['user_id'] != ANONYMOUS)
{
# Do the check
if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
phpBBSecurity_Force();
}
}*/
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
phpBBSecurity_FinalSet();
phpBBSecurity_DBBackup();

/* removed by PCP Extra :: force_required() below will manage this...
# Only allow them to login & view profile to update it
if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
$is_valid = TRUE;
elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
$is_valid = TRUE;
else
$is_valid = '';

if ( (!$is_valid) && (!$gen_simple_header) )
{
# Make sure they are not a guest
if ($userdata['user_id'] != ANONYMOUS)
{
# Do the check
if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
phpBBSecurity_Force();

if ($userdata['phpBBSecurity_force_pw_update'] != 1)
message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '', ''));
}
}*/
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= |

'; $msg .= 'phpBB Security Status'; $msg .= '
'; $msg .= ''; if (!$secfile) $msg .= 'Sorry, I was unable to get version data at this time. Please try later.'; if ($secfile) { $newest_ver = $secfile[0]; $this_ver = $board_config['phpBBSecurity_version']; if ($newest_ver == $this_ver) $msg .= 'The newest release is '. $newest_ver .'. The version you are using is '. $this_ver .'. So I would have to say you are up to date!'; else $msg .= 'The newest release is '. $newest_ver .'. The version you are using is '. $this_ver .'. So I would have to say you need to upgrade ASAP!'; } $msg .= ''; $msg .= '

Statistics: Posted Author: Kate — Tue May 02, 2006 5:42 am

IntegraMOD

phpbbSecurity_Guests() error & fix

Re: phpbbSecurity_Guests() error & fix

phpbbSecurity_Guests() error & fix