21
m0nty
Re: style="clear: both; & FireFox problems
  • 2006/11/20 21:02

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


<div style="clear: both;">&nbsp;</div>


doesn't invoke that .clear css class it's a style setting itself..

<div class="clear">&nbsp;</div>


would use the css class .clear



22
m0nty
Re: using SHA-256 instead of md5
  • 2006/11/20 20:23

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


Quote:

Suppose the hacker finds a file include vuln. he'll be able to read the content of mainfile.php, connect to the database and find the md5 passwords no?


couldn't he do that even if it was sha-256 encrypted aswell though?

either way, even if he has your md5 key, it's unlikely he'll be able to find out what password you actually use.. he might be able to find a key sequence that gives the same md5 key.. & if the hacker as got as far as a file include vulnerability then he could literally destroy the db or whatever regardless of what encryption method your site uses. he could also change the keys to some that he has produced anyway, so he could literally change your password to a password key that he knows. after all he has access to the DB itself.

stop the source of the exploitation rather than trying to solve an issue that could have been prevented at the source.

prevention is better than cure.



23
m0nty
Re: General procedure to add new fields to user profile
  • 2006/11/20 20:00

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


as you didn't actually say why it didn't work, it's hard to diagnose..

but a likely candidate is in kernel/user.php

find this (around line 625 in my hacked version) line numbers will be different in unhacked XOOPS version.

// RMV-NOTIFY
        //  m0nty added 16 fields > user_photo, user_birth, user_love, user_nolove, user_music1, user_music2, user_music3, user_music4, user_music5, user_film1, user_film2, user_film3, user_film4, user_film5, user_gender, user_starsign
        
if ($user->isNew()) {
            
$uid $this->db->genId($this->db->prefix('users').'_uid_seq');
            
$sql sprintf("INSERT INTO %s (uid, uname, name, email, url, user_avatar, user_photo, user_regdate, user_icq, user_from, user_sig, user_viewemail, actkey, user_aim, user_yim, user_msnm, pass, posts, attachsig, rank, level, theme, timezone_offset, last_login, umode, uorder, notify_method, notify_mode, user_occ, bio, user_intrest, user_mailok, user_birth, user_love, user_nolove, user_music1, user_music2, user_music3, user_music4, user_music5, user_film1, user_film2, user_film3, user_film4, user_film5, user_gender, user_starsign) VALUES (%u, %s, %s, %s, %s, %s, %s, %u, %s, %s, %s, %u, %s, %s, %s, %s, %s, %u, %u, %u, %u, %s, %.2f, %u, %s, %u, %u, %u, %s, %s, %s, %u, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)"$this->db->prefix('users'), $uid$this->db->quoteString($uname), $this->db->quoteString($name), $this->db->quoteString($email), $this->db->quoteString($url), $this->db->quoteString($user_avatar), $this->db->quoteString($user_photo), time(), $this->db->quoteString($user_icq), $this->db->quoteString($user_from), $this->db->quoteString($user_sig), $user_viewemail$this->db->quoteString($actkey), $this->db->quoteString($user_aim), $this->db->quoteString($user_yim), $this->db->quoteString($user_msnm), $this->db->quoteString($pass), $posts$attachsig$rank$level$this->db->quoteString($theme), $timezone_offset0$this->db->quoteString($umode), $uorder$notify_method$notify_mode$this->db->quoteString($user_occ), $this->db->quoteString($bio), $this->db->quoteString($user_intrest), $user_mailok$this->db->quoteString($user_birth), $this->db->quoteString($user_love), $this->db->quoteString($user_nolove), $this->db->quoteString($user_music1), $this->db->quoteString($user_music2), $this->db->quoteString($user_music3), $this->db->quoteString($user_music4), $this->db->quoteString($user_music5), $this->db->quoteString($user_film1), $this->db->quoteString($user_film2), $this->db->quoteString($user_film3), $this->db->quoteString($user_film4), $this->db->quoteString($user_film5), $this->db->quoteString($user_gender), $this->db->quoteString($user_starsign));
        } else {
            
$sql sprintf("UPDATE %s SET uname = %s, name = %s, email = %s, url = %s, user_avatar = %s, user_photo = %s, user_icq = %s, user_from = %s, user_sig = %s, user_viewemail = %u, user_aim = %s, user_yim = %s, user_msnm = %s, posts = %d,  pass = %s, attachsig = %u, rank = %u, level= %u, theme = %s, timezone_offset = %.2f, umode = %s, last_login = %u, uorder = %u, notify_method = %u, notify_mode = %u, user_occ = %s, bio = %s, user_intrest = %s, user_mailok = %u, user_birth = %s, user_love = %s, user_nolove = %s, user_music1 = %s, user_music2 = %s, user_music3 = %s, user_music4 = %s, user_music5 = %s, user_film1 = %s, user_film2 = %s, user_film3 = %s, user_film4 = %s, user_film5 = %s, user_gender = %s, user_starsign = %s WHERE uid = %u"$this->db->prefix('users'), $this->db->quoteString($uname), $this->db->quoteString($name), $this->db->quoteString($email), $this->db->quoteString($url), $this->db->quoteString($user_avatar), $this->db->quoteString($user_photo), $this->db->quoteString($user_icq), $this->db->quoteString($user_from), $this->db->quoteString($user_sig), $user_viewemail$this->db->quoteString($user_aim), $this->db->quoteString($user_yim), $this->db->quoteString($user_msnm), $posts$this->db->quoteString($pass), $attachsig$rank$level$this->db->quoteString($theme), $timezone_offset$this->db->quoteString($umode), $last_login$uorder$notify_method$notify_mode$this->db->quoteString($user_occ), $this->db->quoteString($bio), $this->db->quoteString($user_intrest), $user_mailok$this->db->quoteString($user_birth), $this->db->quoteString($user_love), $this->db->quoteString($user_nolove), $this->db->quoteString($user_music1), $this->db->quoteString($user_music2), $this->db->quoteString($user_music3), $this->db->quoteString($user_music4), $this->db->quoteString($user_music5), $this->db->quoteString($user_film1), $this->db->quoteString($user_film2), $this->db->quoteString($user_film3), $this->db->quoteString($user_film4), $this->db->quoteString($user_film5), $this->db->quoteString($user_gender), $this->db->quoteString($user_starsign), $uid);


it's likely that you may have not added the new fields correctly here. also make sure you also add an exta %s for every new field you add.

as for formulize, you also need the registration codes hack aswell you can find that at http://www.freeformsolutions.ca/formulize/



24
m0nty
Re: File Manager Cant upload or CD
  • 2006/11/18 19:04

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


which filemanager?


also, there may be restrictions that are set on your actual server, that may prevent it's use.



25
m0nty
Re: Need to improve the "users module" to make it more actual
  • 2006/11/18 18:59

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


search engines can read the url's as they are, they have improved lots. so that kind of optimisation isn't totally necessary anymore (IMO), altho a better looking url is nicer for the user to look at.

blocks admin etc, altho this can be done at moment in xoops. XOOPS 2.3 will i believe have a lot better blocks admin function similar to GIJOES blocksadmin module/hack.

there is a hack also for autologin with either username/email. I believe also this functionality will be present in 2.3 also.

there are many improvements gonna be made with XOOPS 2.3 onwards, i would suggest reading the 2.3 roadmap and info regarding new features.

you are suggesting things that have already been suggested many times previous, and some of the suggested features/improvements will be included in future versions..

but these things can't happen overnight, they have to be looked at and explored. but they are being looked at and worked on, that's for definite. Even the admin interface will be overhauled and made better.

how long as drupal been working on their system to make it web 2.0 compliant? probably a long time. in essence they jumped on the 2.0 bandwagon early to implement those standards.. other CMS haven't yet, but that's not to say they aren't being looked at and worked on as we speak.

But these things can't just be done and appear in the next release in a matter of days or weeks. but be assured the issues are and will be addressed.



26
m0nty
Re: File Manager Cant upload or CD
  • 2006/11/18 16:44

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


chmod it 777

or if your server is in phpsuexec (CGI) mode, then chmod 755



27
m0nty
Re: add new fields for member registration
  • 2006/11/18 16:40

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i wouldn't recommend my own photo & profiles hack which you may find.

it DOES work with 2.0.15, but i am no longer developing or maintaining it as there's better solutions available now.



28
m0nty
Re: add new fields for member registration
  • 2006/11/18 16:39

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


do a search for editing registration form or userinfo pages.

try formulize 2.2rc1 & registration codes hack.

also there's a few member profile modules knockin about.

http://www.freeformsolutions.com/formulize/



29
m0nty
Re: Need a answer to the following question please!
  • 2006/11/18 1:37

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i can't see anything in there that deals with permissions..

also a few other pointers >

you should use include_once() instead of require_once for mainfile.php

instead of having $uname = ..........

you could omit that and use >

'uname'=> xoops_getLinkedUnameFromId($this->getVar('uid'));

i'm not that experienced with PHP, but i think you would need to have someone look at the whole module code itself to figure out the issue. i can't tell just from looking at that.



30
m0nty
Re: blank admin page after transfer
  • 2006/11/18 1:02

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


are the templates_c & cache folders writable?

have you edited mainfile.php to reflect your new servers paths?

maybe some of the files were corrupted during your transfer.. you could try reuploading them from the XOOPS 2.2.3 package.. (don't forget to remove mainfile.php from the package before uploading as you Don't want to overwrite it)




TopTop
« 1 2 (3) 4 5 6 ... 289 »



Login

Username:
Password:

Lost Password? Register now!

Who's Online

55 user(s) are online (36 user(s) are browsing Support Forums)


Members: 0


Guests: 55


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits