Support Forums - All Posts - XOOPS Web Application System

31

Re: Where is the Submit News template.

2004/7/28 14:42
spiff
Just popping in
Posts: 47
Since: 2003/4/16

It would be great to have an admin-accessible template for that form, similar to that used for the mylinks module (mylinks_submit.html). It's a little cumbersome to have to modify a php file when simply trying to add a disclaimer such as: "Please note your news submission will be reviewed for relevance to our site."

Any plans of doing that? The list of tweaks I have to re-implement on every upgrade is starting to lenghthen

.

As a help to others, here's what you have to do in /modules/news/include/storyform.inc.php (under 2.0.7) to include a disclaimer just before the bottom form buttons:


include XOOPS_ROOT_PATH."/class/xoopsformloader.php";

$sform = new XoopsThemeForm(_NW_SUBMITNEWS, "storyform", xoops_getenv('PHP_SELF'));

$sform->addElement(new XoopsFormText(_NW_TITLE, 'subject', 50, 80, $subject), true);

ob_start();

$xt->makeTopicSelBox(0);

$sform->addElement(new XoopsFormLabel(_NW_TOPIC, ob_get_contents()));

ob_end_clean();

$sform->addElement($topic_select);

$sform->addElement(new XoopsFormDhtmlTextArea(_NW_THESCOOP, 'message', $message, 15, 60), true);

$option_tray = new XoopsFormElementTray(_OPTIONS,'<br />');

if ($xoopsUser) {

    if ($xoopsConfig['anonpost'] == 1) {

        $noname_checkbox = new XoopsFormCheckBox('', 'noname', $noname);

        $noname_checkbox->addOption(1, _POSTANON);

        $option_tray->addElement($noname_checkbox);

    }

    $notify_checkbox = new XoopsFormCheckBox('', 'notifypub', $notifypub);

    $notify_checkbox->addOption(1, _NW_NOTIFYPUBLISH);

    $option_tray->addElement($notify_checkbox);

    if ($xoopsUser->isAdmin($xoopsModule->getVar('mid'))) {

        $nohtml_checkbox = new XoopsFormCheckBox('', 'nohtml', $nohtml);

        $nohtml_checkbox->addOption(1, _DISABLEHTML);

        $option_tray->addElement($nohtml_checkbox);

    }

}

$smiley_checkbox = new XoopsFormCheckBox('', 'nosmiley', $nosmiley);

$smiley_checkbox->addOption(1, _DISABLESMILEY);

$option_tray->addElement($smiley_checkbox);

$sform->addElement($option_tray);

[b][color=FF0000]$sform->addElement(new XoopsFormLabel('Disclaimer', 'Check your spelling'));[/color][/b]

$button_tray = new XoopsFormElementTray('' ,'');

$button_tray->addElement(new XoopsFormButton('', 'preview', _PREVIEW, 'submit'));

$button_tray->addElement(new XoopsFormButton('', 'post', _NW_POST, 'submit'));

$sform->addElement($button_tray);

$sform->display();

?>

Eric

32

Re: Why are some uploaded Modules not showing up in Xoops 2.0.6?

2004/5/11 8:28
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Quote:

Another way to go is to delete adminmenu.php in the cache folder. Next time you go in to admin you get a "this is your first visit" etc, then XOOPS rebuilds your admin display.

Aaah, that sounds like a good workaround. And it makes me wonder about something: whenever a new module is added, it is given a weight of 1; could this be considered to be conflicting with the news module, which already has a weight of 1, or with some other installed module with an equal weight? Just thinking aloud...

Eric

33

Re: Erratic behavior in add-on module administration

2004/5/10 20:39
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Well, proficiencies in PHP/MySQL/server are not lacking, but as said earlier, my troubleshooting session fell short

I've had this issue come up on a couple of random occasions.

I'm wondering whether other people have been able to solve this by turning the site off. I'll have to take a look at what the script file does after saving the preferences...

Next time I meet the issue, I'll take a snapshot of the database and try to run a copy of it on a different server running the same XOOPS script set. Not knowing is unbearable

Eric

34

Erratic behavior in add-on module administration

2004/5/10 14:43
spiff
Just popping in
Posts: 47
Since: 2003/4/16

The darnest thing...

I installed the myAds module and noticed that despite the module icon's absence, I was able to access all the admin functions by manually typing the links into the address bar.

That wasn't very convenient. Tried reinstalling, refreshing the system module, turning the admin rights off and back on. No cigar.

I resolved to get this figured out once and for all, and proceeded to turn off the site while I investigated the issue. Guess what? As soon as the site was turned off ("Your changes were saved successfully" screen), I was brought back to the admin section, and bingo, the module icon shows up! (Not at the proper place, mind you, I gave it #9 but it shows up at #2, just below the System icon...).

I'm still on 2.0.5.1. Would an upgrade to 2.0.6 fix this erratic behavior?

Eric

35

Re: Xoops doesn't like ZoneAlarm Pro

2004/3/14 18:20
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Quote:

m0nty wrote:

where do you draw the line between compromising security and users that don't read instructions on how to use the software they have installed correctly?

everyone who has posted this thread raises some important issues, but to me the http referrer issue is entirely down to the users and not xoops..

Yep, it would be tragic to do without the security just because some users haven't learned how to use their tools.

On the other hand, it's important to stay polite with users. A fair proportion of those who purchase a firewall product do so after having been infected by a virus, or are concerned by spam issues; they don't necessarily have the time, or the skills, to look into configuring it properly. They need to be encouraged to do so.

That's why, in my opinion, the current error message isn't satisfying; it needs to point out that the problem has to do with referrers not being accessible, which in most cases is due to a firewall being configured too rigidly.

Does it also appear to you that rewriting the message is the right way to go? From your experience, does the above draft address all the issues, or would you improve it?

Eric

36

Re: Xoops and Firewalls

2004/3/12 11:40
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Quote:

I like this idea...but is there an easy way to hack XOOPS to make such a message display ?

I thought the easiest way to do it would be to replace the error message's variable with a complete message similar to the one I've posted.

_US_REGISTERNG variable is defined around line 37 in /language/english/user.php:


define('_US_REGISTERNG','Your last request failed because it seems your computer is set up behind a firewall, which blocks sending information to {SITE_NAME}.<br /><br />Our site uses Referrer-checking to secure contents being posted; this method prevents improperly identifiable users from placing undue content on the site.<br /><br />When you click a Web page, your browser notes the current page that you are on and sends that information to the server before accessing a new page. This way, the server knows the address of the last Web page you viewed.<br /><br />Some firewalls block this information by default.  It appears this is the case for your connection, which means we were unable to ascertain that the data you submitted before accessing this page was typed on a page belonging to this website.  That's a security issue for us.<br /><br />If you are using a firewall such as Norton Internet Security (NIS), ZoneAlarm Pro, etc., please modify your settings accordingly.  (For an example of firewall setup, see https://xoops.org/modules/xoopsfaq/index.php?cat_id=13#25).<br /><br />Additionally, your browser must be set up to accept cookies from {SITE_NAME}.<br /><br />These simple steps are necessary for us to keep this site secure; it prevents untrustworthy users from accessing it.  Please check your firewall and cookie settings, then try again.');

I'm not sure whether the SITE_NAME variable requires the brackets to be rendered, or whether it needs to be specified as "$SITE_NAME". From the looks, register.php doesn't do any templating on the variable, so SITE_NAME and the http link may need to handled differently.

Some other variables may need to be modified as well (upon failed login, failed post, etc.)

Another possibility is to leave the message alone, and modify register.php (login.php, post.php?) to redirect to another page, like so:


Lines 206 & 212:

CHANGE: echo _US_REGISTERNG;

TO: redirect_header('firewall.php', 4, _US_REGISTERNG);

I'll try setting myself behind a firewall to test this if I have the time.

Eric

37

Re: The Firewall blocking referrers problem - revisited

2004/3/11 17:18
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Blocking the referrers makes your site prone to Cross-Site Scripting attacks, as mentioned in this thread.
Just posted on coming to a more descriptive error message on the same HTTP_REFERER blocking issue in this thead.
Eric

38

Re: Could not post

2004/3/11 17:04
spiff
Just popping in
Posts: 47
Since: 2003/4/16

The problems your users are facing are likely due to an improperly-set firewall blocking the HTTP_REFERER.
Just posted on the same issue here, to try and come to a better error message.
Eric

39

Re: Trouble Registering

2004/3/11 17:01
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Just posted on the same HTTP_REFERER blocking issue here.
Eric

40

Re: Xoops doesn't like ZoneAlarm Pro

2004/3/11 16:29
spiff
Just popping in
Posts: 47
Since: 2003/4/16

Hello everyone,

We just ran into this problem this week, although it's likely a number of users simply didn't bother to contact us about a failed registration earlier on, and gave up.

It's nice to know that XOOPS is secure, and that the problem comes from improperly set up firewalls. However, as previously mentioned, not all users have the patience to set up a rule in their firewalls, or even know how to enable cookies for a specific site.

For the sake of security and user-friendliness, I think it would be nice if the error message that comes up after a failed registration actually explained what the problem is, in replacement for the blunt "Cannot register new user."

This could take the form of a special XOOPS page that could be linked to whenever a failed referrer-checking occurs, which would encourage the user to tackle his/her firewall installation.

Quote:

Your last request failed because it seems your computer is set up behind a firewall, which blocks sending information to {SITE_NAME}.

Our site uses Referrer-checking to secure contents being posted; this method prevents improperly identifiable users from placing undue content on the site.

When you click a Web page, your browser notes the current page that you are on and sends that information to the server before accessing a new page. This way, the server knows the last Web page that you viewed.

Some firewalls block this information by default. It appears this is the case for your connection, which means we were unable to ascertain that the data you submitted before accessing this page was typed on a page belonging to this website. That's a security issue for us.

If you are using a firewall such as Norton Internet Security (NIS), ZoneAlarm Pro, etc., please modify your settings accordingly. (For an example of firewall setup, seehttps://xoops.org/modules/xoopsfaq/index.php?cat_id=13#25)

Additionally, your browser must be set up to accept cookies from {SITE_NAME}.

These simple steps are necessary for us to keep this site secure; it prevents untrustworthy users from accessing it. Please check your firewall and cookie settings, then try again.

Is this complete enough? Anything missing? Let's try and work on a page that would address all the basic issues, until the Core team fixes the problem in a more elegant way.

A comprehensive response would address XOOPS users' questions and not deter them (and webmasters) from using the XOOPS CMS.

Eric

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Where is the Submit News template.

Re: Why are some uploaded Modules not showing up in Xoops 2.0.6?

Re: Erratic behavior in add-on module administration

Erratic behavior in add-on module administration

Re: Xoops doesn't like ZoneAlarm Pro

Re: Xoops and Firewalls

Re: The Firewall blocking referrers problem - revisited

Re: Could not post

Re: Trouble Registering

Re: Xoops doesn't like ZoneAlarm Pro

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}