Support Forums - All Posts - XOOPS Web Application System

21

Re: Version 2.2 Stable Hacked

2005/10/18 1:14
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

@LB: You're technically right, but are missing the point.

Quote:

Only if we speak about (in our case) PHP as Apache's module, which works with Apache privileges... And it is totally incorrect if
- PHP used as CGI (I hate this solution)
- PHP's cgi is suexec'ed

Well, that's exactly what we're speaking of right now. The problems is that some "profesionnals" offer solutions with:
- No suexec
- Safe mode off
- No open_basedir or any similar restriction

Quote:

- give group write access only to files-directories, which (can|have to) be changed by apache user

That's where the problem is... if there is no "jail", then giving group (and thus: apache) write access means you give any other customer write access: you're still f*$=d up.

Quote:

OK, enough for today... I spent more time than I can at this learning course for the thankless listeners

lol
It's just about the way you speak man... "Lie or stupidity..." is not very educative. Maybe having told what you think would have prevented several people to have to waste time here: maybe Herko was wrong when he orginally told that giving write-access to apache meant xx7, but again: on bad configs, without the correct restrictions, whatever mean you choose to enable apache to write (whether it's group or world or your sister in shorts) has the same result: it's deeply insecure.

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

22

Re: Emergency!! Please help!!

2005/10/6 20:07
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Don't panic...

Manually edit mainfile.php and change this line:


define('XOOPS_CHECK_PATH', '1');

so XOOPS_CHECK_PATH is set to O...

However, it's strange this did appear "like this"... Maybe you should check XOOPS_ROOT_PATH and ensure its value is good (if it suddenly broke, it's more likely that your hosting company changed its servers configuration and that you should update XOOPS_ROOT_PATH to reflect you new installation path).

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

23

Re: XOOPS 2.2.3 RC2 Snapshot Release

2005/9/27 9:04
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Quote:

almost everything should be tested (and Jan and I couldn't possibly do this).

Apart from the 2.2.2 bugfixes, we tried to fix the new notices concerning references that appeared with PHP 4.4 and 5.1.0. The problem is that references are over (and wrongly) used throughout all the core (and specially in the XoopsObject / XoopsObjectHandler based classes). Thus, fixing this required modifications on almost every file in the kernel/ folder (which means: users, membership, module, config, comments...)

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

24

Re: Funny reading

2005/9/25 23:35
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Thanks a lot for this information and this educative link you sent us

.

I won't say anything bad about what I saw, also I'm asking anybody who wishes to support us here to do the same: we don't have time to waste with threads like this.

Let's just work and try to enhance things the best we can, support users, learn from our mistakes, and then work more.

That's the best (and only) thing we should spend our time on.

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

25

Re: Question on Xoops Organization

2005/9/25 19:24
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Quote:

Funny to see people saying that he was nothing but a "small" module dev.

Excuse-me, but that's your own (and wrong) interpretation. I didn't write small anywhere, but said very good modules.
I do believe he was one of the best modules writers around, it's just that he was not a core dev. Nothing more.

Maybe the way you see things there is a hierarchy between core devs and module devs, the first ones being on top of the pyramid, and the second ones being the small ones, but again that's your vision, not mine.

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

26

Re: Exporting user login block in an external page?(php or html page)

2005/9/25 17:47
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Yes, just copy the content of the login block, and change the xoops_redirect field value to the real address of your portal homepage:


<form style="margin-top: 0px;" action="https://xoops.org/user.php" method="post">

    Username: <br />

    <input type="text" name="uname" size="12" value="" maxlength="25" /><br />

    Password: <br />

    <input type="password" name="pass" size="12" maxlength="32" /><br />

    <input type="hidden" name="xoops_redirect" value="http://www.mydomain.com/portal/" />

    <input type="hidden" name="op" value="login" />

    <input type="submit" value="User Login" /><br />  

</form>

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

27

Re: Question on Xoops Organization

2005/9/25 17:07
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Well, as dave said Marko left almost one year ago.

Also, as opposed to what is written there he has never been a core developer.
He wrote some very good modules, helped building and managing the dev.xoops.org site, but that's all... Funny to see people saying that open source matters not being aware that open-source is also about not taking credits of what you didn't do.

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

28

Re: Nuke 7.7 to Xoops 2.2.2 user base migration not working

2005/9/22 14:19
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Quote:

None of the scripts I have found are able to do the transfer properly.

I think all the available scripts are for 2.0.x versions, and 2.2 changed the way user info was stored in the db.
IMO you'd better try this: move the users info to a 2.0.13 install, then upgrade this 2.0.13 to 2.2.

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

29

Re: Moved Directory, Not Working Now

2005/9/22 3:09
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Quote:

// Physical path to your main XOOPS directory WITHOUT trailing slash
// Virtual path to your main XOOPS directory WITHOUT trailing slash

Remove the trailing slashes on both XOOPS_ROOT_PATH and XOOPS_URL...


define('XOOPS_ROOT_PATH', '/home/bogie/public_html');

define('XOOPS_URL', '');

If that's not enough, you may want to try to put a full url in XOOPS_URL (that's how it will be in 2.2.3RC2 anyway), to have something like this:


define('XOOPS_URL', 'http://www.film-tycoon.com');

PS: I hope the DB credentials are not your real ones... If they are, please change them ASAP, you never know who is reading those forums.

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

30

Re: XOOPS 2.2.3 RC2 Snapshot Release

2005/9/21 1:16
skalpa
Quite a regular
Posts: 300
Since: 2003/4/16

Quote:

I am very happy to see that our remarks was taken as you list the subject where we focus our tests.

Well, I'm going to be disappointing then. One of the reason that made us ask your help here is that almost everything should be tested (and Jan and I couldn't possibly do this).

Apart from the 2.2.2 bugfixes, we tried to fix the new notices concerning references that appeared with PHP 4.4 and 5.1.0. The problem is that references are over (and wrongly) used throughout all the core (and specially in the XoopsObject / XoopsObjectHandler based classes). Thus, fixing this required modifications on almost every file in the kernel/ folder (which means: users, membership, module, config, comments...)

Also, it looks like the new behavior of the Zend engine can make some parts generate fatal errors (with a message saying "only variables can be passed by reference"), and those can't be fixed easily except by doing a complete audit of the core source files, or by report-and-fix.

So, even if I believe the changes should mostly be OK, the more things are tested, the better (and more specially using PHP 4.4 or 5.1).

Thanks to everybody

skalpa.>

Any intelligent fool can make things bigger, and more complex. It takes a touch of genius, a lot of courage, to move in the opposite direction.
Two things are infinite: the universe and human stupidity; and I'm not sure about the 1st one (A.Einstein)

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Version 2.2 Stable Hacked

Re: Emergency!! Please help!!

Re: XOOPS 2.2.3 RC2 Snapshot Release

Re: Funny reading

Re: Question on Xoops Organization

Re: Exporting user login block in an external page?(php or html page)

Re: Question on Xoops Organization

Re: Nuke 7.7 to Xoops 2.2.2 user base migration not working

Re: Moved Directory, Not Working Now

Re: XOOPS 2.2.3 RC2 Snapshot Release

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}