1
mouacy
Re: captcah works but spam bot still gets through
  • 2010/7/14 15:49

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


thanks for the reply.

I simply add a few more fields from the profile module and make the fields required. That seems to stop the autobot for the moment. Will know more after a few days.



2
mouacy
captcah works but spam bot still gets through
  • 2010/7/13 18:29

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


I recently upgrade to the latest xoops 2.4.5 and have enable captcha and protector. I did a test on registration, but the captcha works fine. It wouldn't let me get pass without the correct confirmation code.

The problem is: I still get spam bot openning new accounts every 5 to 10 minutes.

Any idea how I can track and troubleshoot this problem?



3
mouacy
Re: List your Bug / Fix after upgrade to Xoops 2.0.17
  • 2007/8/28 1:12

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


cannot reply to post on cbb 308. got blank page.



4
mouacy
has this security been resolved?
  • 2007/5/4 4:33

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


I found this through google and it bothers me.

http://securityvulns.com/Pdocument969.html

From: Omid
Date: 05.02.2007
Subject: Sql injection bugs in XOOPS 2.0.16 + Weblinks module

Hi,

These bugs were published in full-disclosure about 2 weeks ago (CVE-2007-0377).

There is a sql injection bug in XOOPS 2.0.16 core (and maybe other versions) in
admin section:

The 'id' parameter in "get()" function is not checked against sql injections :

File kernel/group.php, Line 94 :
:: function &get($id)
:: {
:: $group = false;
:: if (intval($id) > 0) {
** $sql = 'SELECT * FROM '.$this->db->prefix('groups').' WHERE groupid='.$id;

This one doesnt seem to be critical .


In "Weblinks" module :

The 'lid' parameter in "deleteByLid()" function is not
checked against sql injections :

File class/table_broken.php, Line 58 :
:: function deleteByLid($lid)
:: {
** $sql = "DELETE FROM $this->table WHERE lid=$lid";
:: return $this->query_false($sql);
:: }

Also 3 other sql injections exist which can be exploitable and are not
discribed here . The new version is not released yet .

The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/festival.txt


- Omid



5
mouacy
Re: CBB 308 Forum Manager problem
  • 2007/4/23 12:05

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


Quote:

phppp wrote:
Potential solutions:

1 wait for a XOOPS 2.017 if possible

2 replace XOOPS/class/xoopsform/formselectuser.php with /Frameworks/xoops22/class/xoopsform/formselectuser.php

3 modify: /Frameworks/xoops22/class/xoopsformloader.php

//if(!@include_once XOOPS_ROOT_PATH."/class/xoopsform/formselectuser.php") {
require_once dirname(__FILE__)."/xoopsform/formselectuser.php";
//}


After this replacement and modification, I can not access the preference page in CBB, although other pages work fine. I have to restore the old formselectuser.php back to xoops/class/xoops...



6
mouacy
code to delete deleted user's avatar
  • 2007/4/22 21:53

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


I have deleted many users from my database, but their avatars have not been deleted along with the username. Appearantly I can't spend days removing each of the over 2000 avatars. I want to be able to delete them with little time as possible.

Here is the idea:

Check avatar_name against username.
If username not exist, delete avatar file and remove link from database.

Can anyone help?



7
mouacy
Re: CBB 308 Forum Manager problem
  • 2007/4/22 17:16

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


Today I did an Old Account Clean up and my user accounts are under 2000 members. Surprising, the forum manager works again. I can update the forum, change permission, etc...

So I guess there is some limit to how many users the CBB 3.0.8 can handle. Is there a way to fix this so I can have more register users?



8
mouacy
mail users in HTML format
  • 2007/3/29 15:25

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


Is there a place in XOOPS where I can enable or disable HTML email? I want to be able to send email to members in HTML like this:



To show them the news update.



9
mouacy
Admin pop-up and page hack
  • 2007/3/16 4:03

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


I want to let a group 4 moderate the xcgal, but only to approve the uploaded pictures, and not those other options.

I want something like:
if (user is admin && username == "webmaster" or user is admin && userid == "webmaster id") {
menu 1
menu 2
menu 3
}
menu 4 (assign to moderator group which has admin access to the specific module).


This will block the first three menus from the admin pop-up and also from displaying on the admin page when view by the assign group.

What is the simplest code that I can use?



10
mouacy
Can't edit forum in CBB 3.0.8
  • 2007/3/9 22:14

  • mouacy

  • Not too shy to talk

  • Posts: 138

  • Since: 2002/11/2


Everytime I click the edit button to edit a forum, the browser always ask me to save the admin_forum_manager.php file. Other options such Delete works fine, just the Edit option that doesn't work.

Can anyone help?

PHP5.0.4
MySQL unknown
Apache2




TopTop
(1) 2 3 4 ... 14 »



Login

Who's Online

624 user(s) are online (66 user(s) are browsing Support Forums)


Members: 0


Guests: 624


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits