[Tool] phpBB 2.0.15 to phpBB 2.0.16 Code Changes

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in here. No new MODs will be accepted into the MOD Database for phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.

Rating:

Excellent!
71
80%
Very Good
9
10%
Good
2
2%
Fair
2
2%
Poor
5
6%
 
Total votes: 89

NightriderXP
Registered User
Posts: 1418
Joined: Sat Oct 09, 2004 8:17 am
Location: Florida, US
Contact:

Post by NightriderXP » Mon Sep 26, 2005 6:16 pm

Did you read back a few pages to see if this problem has been discussed here before? I have heard of the problem, but I don't remember if it was ever resolved. What version of EM are you using???

:?:

crossfire39
Registered User
Posts: 61
Joined: Thu Jan 27, 2005 1:43 am

Post by crossfire39 » Mon Sep 26, 2005 10:58 pm

Just looked through all 19 pages and no one has had thier problem (like mine) fixed. Also most of them are having errors or redirects, but for me its just a blank screen.


To say the truth I am not sure what easymod version I have. The closest thing to a version number would be this that I found in the directory.
$Id: easymod_install.php,v 0.1.1


Also the pagestart code:
<?php
/***************************************************************************
* pagestart.php
* -------------------
* begin : Thursday, Aug 2, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: pagestart.php,v 1.1.2.7 2004/03/24 14:43:31 psotfx Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

if (!defined('IN_PHPBB'))
{
die("Hacking attempt");
}

define('IN_ADMIN', true);
// Include files
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//

if (!$userdata['session_logged_in'])
{
redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));

}
else if ($userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, $lang['Not_admin']);
}

if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
{
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
$url = str_replace('//', '/', $url);
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];

redirect("index.$phpEx?sid=" . $userdata['session_id']);
}



//if (!$userdata['session_admin'])

//{

redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));



//}

if (empty($no_page_header))

{
// Not including the pageheader can be neccesarry if META tags are
// needed in the calling script.
include('./page_header_admin.'.$phpEx);
}

?>


The part about the admin login is made into comments (//) because when I upgraded last time from .14 to .15 I had this same problem and a member advised me to do that.

crossfire39
Registered User
Posts: 61
Joined: Thu Jan 27, 2005 1:43 am

Post by crossfire39 » Mon Sep 26, 2005 11:01 pm

Ok, I am sorry for all the fuss, after really carefully reviewing the code it seems the update took out one part that the other member told me to put in:
// redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));



//}


Does this pose any security leaks?

NightriderXP
Registered User
Posts: 1418
Joined: Sat Oct 09, 2004 8:17 am
Location: Florida, US
Contact:

Post by NightriderXP » Tue Sep 27, 2005 2:20 am

crossfire39 wrote: To say the truth I am not sure what easymod version I have. The closest thing to a version number would be this that I found in the directory.

To find the version of EM, you can look at the top of the page that lists all the MODs that you plan to install. You can also look in MOD Settings in the MOD Center. The EM version should be in the top right corner and the bottom center of the page. It could be important to know which version you are using, so it would be nice if you can find it and let me know...

The Update doesn't create any security problems, but the manual modifications might...

:?

BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook » Tue Sep 27, 2005 8:45 am

crossfire39 wrote: Ok, I am sorry for all the fuss, after really carefully reviewing the code it seems the update took out one part that the other member told me to put in:
// redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));



//}


Does this pose any security leaks?


If you don't have any MODs to that file (other than the 'fix' -- and it doesn't look like you do) then the best bet would be to get a fresh version of that file from a new download and replace it. Then test.

crossfire39
Registered User
Posts: 61
Joined: Thu Jan 27, 2005 1:43 am

Post by crossfire39 » Tue Sep 27, 2005 10:58 pm

Well, the reason I couldn't check the EM version at the time was because I couldn't get into the admin cp. But now that i can I have updated to the latest version. I will try to put a fresh copy of the pagestart today, and from what I can recal none of the mods I installed modded the pagestart file. Just in case I will compare the two before I try this. Thanks

crossfire39
Registered User
Posts: 61
Joined: Thu Jan 27, 2005 1:43 am

Post by crossfire39 » Tue Sep 27, 2005 11:07 pm

Well I downloaded a fresh copy of phpbb, extracted the pagestart file, put it into my directory... and... same thing, when I try to get into admin panel it's a blank screen. My geuss is it could always somehow be my server, but I can live without the added protection. I am goign to upgrade to .17 now so wish me luck lol. Btw again thank you for the help.

NightriderXP
Registered User
Posts: 1418
Joined: Sat Oct 09, 2004 8:17 am
Location: Florida, US
Contact:

Post by NightriderXP » Wed Sep 28, 2005 4:34 am

Good Luck crossfire39...

:lol:

Peter_E
Registered User
Posts: 78
Joined: Mon Sep 08, 2003 2:25 pm
Location: Reichenborn, Germany
Contact:

Post by Peter_E » Wed Nov 16, 2005 4:36 pm

vossen wrote: ok i got it, i changed this:

Code: Select all

redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); 
to this

Code: Select all

redirect(append_sid("../login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); 
regards


That change did it for me too.

Danke Vossen.

But I suppose for the upgrade to 2.0.17 the same problem will happen.

BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook » Wed Nov 16, 2005 6:06 pm

It's been awhile since I did that upgrade but I think they may have made some fixes to that section of code since a number of users were having issues with it. I'm not positive though. If so, then the fixes implemented there should work fine.

Peter_E
Registered User
Posts: 78
Joined: Mon Sep 08, 2003 2:25 pm
Location: Reichenborn, Germany
Contact:

Post by Peter_E » Thu Nov 17, 2005 5:00 pm

BlueRook wrote: It's been awhile since I did that upgrade but I think they may have made some fixes to that section of code since a number of users were having issues with it. I'm not positive though. If so, then the fixes implemented there should work fine.


The upgrade to 2.0.17 brought no 404 problem but I always need to login in every new session (not automatical though set) and always need to re-authentificate as admin.

BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook » Thu Nov 17, 2005 7:18 pm

Peter_E wrote: The upgrade to 2.0.17 brought no 404 problem but I always need to login in every new session (not automatical though set) and always need to re-authentificate as admin.


That is a new security feature back-ported from the "Olympus" code-base.

Peter_E
Registered User
Posts: 78
Joined: Mon Sep 08, 2003 2:25 pm
Location: Reichenborn, Germany
Contact:

Post by Peter_E » Thu Nov 17, 2005 8:03 pm

BlueRook wrote: That is a new security feature back-ported from the "Olympus" code-base.

"Olympus code-base"?

BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook » Thu Nov 17, 2005 10:48 pm

Peter_E wrote:
BlueRook wrote:That is a new security feature back-ported from the "Olympus" code-base.

"Olympus code-base"?


:D

Check out this topic. "Olympus" is just the code-name of it.

Peter_E
Registered User
Posts: 78
Joined: Mon Sep 08, 2003 2:25 pm
Location: Reichenborn, Germany
Contact:

Post by Peter_E » Fri Nov 18, 2005 6:35 pm

BlueRook wrote: Check out this topic. "Olympus" is just the code-name of it.


That was interesting. Glad to know there is an ongoing development.

Post Reply

Return to “[2.0.x] MOD Database Releases”