1
trollix
(HACK) Prevent Firewall no-login
  • 2002/8/2 11:01

  • trollix

  • Just popping in

  • Posts: 7

  • Since: 2002/1/9 1


As I can't log behind my firewall (zone Alarm or Norton), I had to write a little hack to do that. When XOOPS tests the $HTTP_REFERER var and find it empty (function myRefererCheck) connection is not allowed.

To avoid that, I have written this little hack:
file html/class/mysql.php, line 147, you have:
...
if (myRefererCheck($errstr)) {
...

REPLACE by:
...
if (myRefererCheck($errstr) || ALLOW_FROM_PROXY)
...

and in include/common.php file, line 40, ADD:
define("ALLOW_FROM_PROXY", TRUE); // Disactivate referercheck for SQL requests

If you want to return back to the normal settings, then just put FALSE instead of TRUE.

Trollix - HQCH (Hope Que Ca Helpe)

2
Herko
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 11:20

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


Thanks, this is a great hack Now I won't have to configure ZA everytime I visit a XOOPS site (IF everyone includes this hack into their site, and/or it will be added into the next release?)

Herko

3
kitsou
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 13:00

  • kitsou

  • Just popping in

  • Posts: 50

  • Since: 2002/3/19


If you would be a girl Trollix, I would give you a big kiss, but let's keep it at a big THANK YOU !

This hack was overdue und most necessary. It works for me like a charm.

I never understood why XOOPS RC3 came out without this feature.

Again: Trollix this is great stuff !

4
xtremdj
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 13:30

  • xtremdj

  • Just popping in

  • Posts: 68

  • Since: 2002/1/12


Quote:
If you would be a girl Trollix, I would give you a big kiss, but let's keep it at a big THANK YOU !


maybe he want ( joke )

Anyway excellent hack !

5
Pitiless
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 14:00

  • Pitiless

  • Just popping in

  • Posts: 14

  • Since: 2002/5/16


trollix
... I mean, you make so a security hole for your MySQL and XOOPS ... think about it ...

HerkoCoomans
Quote:
... Now I won't have to configure ZA everytime I visit a XOOPS site ...

... even ... but only, when you visit trollix page or another XOOPS page with this hack
... by all another you must configure your firewall

6
xtremdj
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 14:03

  • xtremdj

  • Just popping in

  • Posts: 68

  • Since: 2002/1/12


Quote:

Pitiless wrote:
trollix
... I mean, you make so a security hole for your MySQL and XOOPS ... think about it ...


hmmm where ?

7
Pitiless
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 14:06

  • Pitiless

  • Just popping in

  • Posts: 14

  • Since: 2002/5/16


function myRefererCheck prevents that nobody can make link from his site to your site with XOOPS ...

8
schwim
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 16:53

  • schwim

  • Just popping in

  • Posts: 11

  • Since: 2002/7/25


What am I missing?

Why wouldn't I want a link from another's site? Do you mean pulling content from my site and showing it as theirs? If so, it's worth it to me as many users were leaving the site because of the inability to use the script.

Jason

9
trollix
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 20:04

  • trollix

  • Just popping in

  • Posts: 7

  • Since: 2002/1/9 1


Why do you consider that as a security hole ?
As I know, others CMS as PostNuke or PhpNuke don't use that feature...

10
smackdaddy
Re: (HACK) Prevent Firewall no-login
  • 2002/8/2 20:28

  • smackdaddy

  • Just popping in

  • Posts: 14

  • Since: 2002/3/28


So what's the deal with this hack? is it good or not?

What's the problem people say with security? I guess I do not understand....

What about regarding cookies and tracking of PIDs from banner ads (for those of us using banner ads which use a PID)

Login

Who's Online

199 user(s) are online (156 user(s) are browsing Support Forums)


Members: 0


Guests: 199


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits