Support Forums - All Posts - XOOPS Web Application System

21

Re: style="clear: both; & FireFox problems

2006/11/20 21:02
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24


<div style="clear: both;">&nbsp;</div>

doesn't invoke that .clear css class it's a style setting itself..


<div class="clear">&nbsp;</div>

would use the css class .clear

22

Re: using SHA-256 instead of md5

2006/11/20 20:23
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

Quote:

Suppose the hacker finds a file include vuln. he'll be able to read the content of mainfile.php, connect to the database and find the md5 passwords no?

couldn't he do that even if it was sha-256 encrypted aswell though?

either way, even if he has your md5 key, it's unlikely he'll be able to find out what password you actually use.. he might be able to find a key sequence that gives the same md5 key.. & if the hacker as got as far as a file include vulnerability then he could literally destroy the db or whatever regardless of what encryption method your site uses. he could also change the keys to some that he has produced anyway, so he could literally change your password to a password key that he knows. after all he has access to the DB itself.

stop the source of the exploitation rather than trying to solve an issue that could have been prevented at the source.

prevention is better than cure.

23

Re: General procedure to add new fields to user profile

2006/11/20 20:00
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

as you didn't actually say why it didn't work, it's hard to diagnose..

but a likely candidate is in kernel/user.php

find this (around line 625 in my hacked version) line numbers will be different in unhacked XOOPS version.


// RMV-NOTIFY

        //  m0nty added 16 fields > user_photo, user_birth, user_love, user_nolove, user_music1, user_music2, user_music3, user_music4, user_music5, user_film1, user_film2, user_film3, user_film4, user_film5, user_gender, user_starsign

        if ($user->isNew()) {

            $uid = $this->db->genId($this->db->prefix('users').'_uid_seq');

            $sql = sprintf("INSERT INTO %s (uid, uname, name, email, url, user_avatar, user_photo, user_regdate, user_icq, user_from, user_sig, user_viewemail, actkey, user_aim, user_yim, user_msnm, pass, posts, attachsig, rank, level, theme, timezone_offset, last_login, umode, uorder, notify_method, notify_mode, user_occ, bio, user_intrest, user_mailok, user_birth, user_love, user_nolove, user_music1, user_music2, user_music3, user_music4, user_music5, user_film1, user_film2, user_film3, user_film4, user_film5, user_gender, user_starsign) VALUES (%u, %s, %s, %s, %s, %s, %s, %u, %s, %s, %s, %u, %s, %s, %s, %s, %s, %u, %u, %u, %u, %s, %.2f, %u, %s, %u, %u, %u, %s, %s, %s, %u, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", $this->db->prefix('users'), $uid, $this->db->quoteString($uname), $this->db->quoteString($name), $this->db->quoteString($email), $this->db->quoteString($url), $this->db->quoteString($user_avatar), $this->db->quoteString($user_photo), time(), $this->db->quoteString($user_icq), $this->db->quoteString($user_from), $this->db->quoteString($user_sig), $user_viewemail, $this->db->quoteString($actkey), $this->db->quoteString($user_aim), $this->db->quoteString($user_yim), $this->db->quoteString($user_msnm), $this->db->quoteString($pass), $posts, $attachsig, $rank, $level, $this->db->quoteString($theme), $timezone_offset, 0, $this->db->quoteString($umode), $uorder, $notify_method, $notify_mode, $this->db->quoteString($user_occ), $this->db->quoteString($bio), $this->db->quoteString($user_intrest), $user_mailok, $this->db->quoteString($user_birth), $this->db->quoteString($user_love), $this->db->quoteString($user_nolove), $this->db->quoteString($user_music1), $this->db->quoteString($user_music2), $this->db->quoteString($user_music3), $this->db->quoteString($user_music4), $this->db->quoteString($user_music5), $this->db->quoteString($user_film1), $this->db->quoteString($user_film2), $this->db->quoteString($user_film3), $this->db->quoteString($user_film4), $this->db->quoteString($user_film5), $this->db->quoteString($user_gender), $this->db->quoteString($user_starsign));

        } else {

            $sql = sprintf("UPDATE %s SET uname = %s, name = %s, email = %s, url = %s, user_avatar = %s, user_photo = %s, user_icq = %s, user_from = %s, user_sig = %s, user_viewemail = %u, user_aim = %s, user_yim = %s, user_msnm = %s, posts = %d,  pass = %s, attachsig = %u, rank = %u, level= %u, theme = %s, timezone_offset = %.2f, umode = %s, last_login = %u, uorder = %u, notify_method = %u, notify_mode = %u, user_occ = %s, bio = %s, user_intrest = %s, user_mailok = %u, user_birth = %s, user_love = %s, user_nolove = %s, user_music1 = %s, user_music2 = %s, user_music3 = %s, user_music4 = %s, user_music5 = %s, user_film1 = %s, user_film2 = %s, user_film3 = %s, user_film4 = %s, user_film5 = %s, user_gender = %s, user_starsign = %s WHERE uid = %u", $this->db->prefix('users'), $this->db->quoteString($uname), $this->db->quoteString($name), $this->db->quoteString($email), $this->db->quoteString($url), $this->db->quoteString($user_avatar), $this->db->quoteString($user_photo), $this->db->quoteString($user_icq), $this->db->quoteString($user_from), $this->db->quoteString($user_sig), $user_viewemail, $this->db->quoteString($user_aim), $this->db->quoteString($user_yim), $this->db->quoteString($user_msnm), $posts, $this->db->quoteString($pass), $attachsig, $rank, $level, $this->db->quoteString($theme), $timezone_offset, $this->db->quoteString($umode), $last_login, $uorder, $notify_method, $notify_mode, $this->db->quoteString($user_occ), $this->db->quoteString($bio), $this->db->quoteString($user_intrest), $user_mailok, $this->db->quoteString($user_birth), $this->db->quoteString($user_love), $this->db->quoteString($user_nolove), $this->db->quoteString($user_music1), $this->db->quoteString($user_music2), $this->db->quoteString($user_music3), $this->db->quoteString($user_music4), $this->db->quoteString($user_music5), $this->db->quoteString($user_film1), $this->db->quoteString($user_film2), $this->db->quoteString($user_film3), $this->db->quoteString($user_film4), $this->db->quoteString($user_film5), $this->db->quoteString($user_gender), $this->db->quoteString($user_starsign), $uid);

it's likely that you may have not added the new fields correctly here. also make sure you also add an exta %s for every new field you add.

as for formulize, you also need the registration codes hack aswell you can find that athttp://www.freeformsolutions.ca/formulize/

24

Re: File Manager Cant upload or CD

2006/11/18 19:04
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

which filemanager?

also, there may be restrictions that are set on your actual server, that may prevent it's use.

25

Re: Need to improve the "users module" to make it more actual

2006/11/18 18:59
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

search engines can read the url's as they are, they have improved lots. so that kind of optimisation isn't totally necessary anymore (IMO), altho a better looking url is nicer for the user to look at.

blocks admin etc, altho this can be done at moment in xoops. XOOPS 2.3 will i believe have a lot better blocks admin function similar to GIJOES blocksadmin module/hack.

there is a hack also for autologin with either username/email. I believe also this functionality will be present in 2.3 also.

there are many improvements gonna be made with XOOPS 2.3 onwards, i would suggest reading the 2.3 roadmap and info regarding new features.

you are suggesting things that have already been suggested many times previous, and some of the suggested features/improvements will be included in future versions..

but these things can't happen overnight, they have to be looked at and explored. but they are being looked at and worked on, that's for definite. Even the admin interface will be overhauled and made better.

how long as drupal been working on their system to make it web 2.0 compliant? probably a long time. in essence they jumped on the 2.0 bandwagon early to implement those standards.. other CMS haven't yet, but that's not to say they aren't being looked at and worked on as we speak.

But these things can't just be done and appear in the next release in a matter of days or weeks. but be assured the issues are and will be addressed.

26

Re: File Manager Cant upload or CD

2006/11/18 16:44
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

chmod it 777

or if your server is in phpsuexec (CGI) mode, then chmod 755

27

Re: add new fields for member registration

2006/11/18 16:40
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

i wouldn't recommend my own photo & profiles hack which you may find.

it DOES work with 2.0.15, but i am no longer developing or maintaining it as there's better solutions available now.

28

Re: add new fields for member registration

2006/11/18 16:39
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

do a search for editing registration form or userinfo pages.

try formulize 2.2rc1 & registration codes hack.

also there's a few member profile modules knockin about.

http://www.freeformsolutions.com/formulize/

29

Re: Need a answer to the following question please!

2006/11/18 1:37
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

i can't see anything in there that deals with permissions..

also a few other pointers >

you should use include_once() instead of require_once for mainfile.php

instead of having $uname = ..........

you could omit that and use >

'uname'=> xoops_getLinkedUnameFromId($this->getVar('uid'));

i'm not that experienced with PHP, but i think you would need to have someone look at the whole module code itself to figure out the issue. i can't tell just from looking at that.

30

Re: blank admin page after transfer

2006/11/18 1:02
m0nty
XOOPS is my life!
Posts: 3337
Since: 2003/10/24

are the templates_c & cache folders writable?

have you edited mainfile.php to reflect your new servers paths?

maybe some of the files were corrupted during your transfer.. you could try reuploading them from the XOOPS 2.2.3 package.. (don't forget to remove mainfile.php from the package before uploading as you Don't want to overwrite it)

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: style="clear: both; & FireFox problems

Re: using SHA-256 instead of md5

Re: General procedure to add new fields to user profile

Re: File Manager Cant upload or CD

Re: Need to improve the "users module" to make it more actual

Re: File Manager Cant upload or CD

Re: add new fields for member registration

Re: add new fields for member registration

Re: Need a answer to the following question please!

Re: blank admin page after transfer

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}