Re: (HACK) Prevent Firewall no-login [XOOPS Core Hacks]

1

(HACK) Prevent Firewall no-login

2002/8/2 11:01
trollix
Just popping in
Posts: 7
Since: 2002/1/9 1

As I can't log behind my firewall (zone Alarm or Norton), I had to write a little hack to do that. When XOOPS tests the $HTTP_REFERER var and find it empty (function myRefererCheck) connection is not allowed.

To avoid that, I have written this little hack:
file html/class/mysql.php, line 147, you have:
...
if (myRefererCheck($errstr)) {
...

REPLACE by:
...
if (myRefererCheck($errstr) || ALLOW_FROM_PROXY)
...

and in include/common.php file, line 40, ADD:
define("ALLOW_FROM_PROXY", TRUE); // Disactivate referercheck for SQL requests

If you want to return back to the normal settings, then just put FALSE instead of TRUE.

Trollix - HQCH (Hope Que Ca Helpe)

2

Re: (HACK) Prevent Firewall no-login

2002/8/2 11:20
Herko
XOOPS is my life!
Posts: 4238
Since: 2002/2/4 1

Thanks, this is a great hack

Now I won't have to configure ZA everytime I visit a XOOPS site

(IF everyone includes this hack into their site, and/or it will be added into the next release?)

Herko

3

Re: (HACK) Prevent Firewall no-login

2002/8/2 13:00
kitsou
Just popping in
Posts: 50
Since: 2002/3/19

If you would be a girl Trollix, I would give you a big kiss, but let's keep it at a big THANK YOU !

This hack was overdue und most necessary. It works for me like a charm.

I never understood why XOOPS RC3 came out without this feature.

Again: Trollix this is great stuff !

4

Re: (HACK) Prevent Firewall no-login

2002/8/2 13:30
xtremdj
Just popping in
Posts: 68
Since: 2002/1/12

Quote:

If you would be a girl Trollix, I would give you a big kiss, but let's keep it at a big THANK YOU !

maybe he want

( joke

)

Anyway excellent hack !

5

Re: (HACK) Prevent Firewall no-login

2002/8/2 14:00
Pitiless
Just popping in
Posts: 14
Since: 2002/5/16

trollix
... I mean, you make so a security hole for your MySQL and XOOPS ... think about it ...

HerkoCoomans
Quote:

... Now I won't have to configure ZA everytime I visit a XOOPS site ...

... even ... but only, when you visit trollix page or another XOOPS page with this hack

... by all another you must configure your firewall

6

Re: (HACK) Prevent Firewall no-login

2002/8/2 14:03
xtremdj
Just popping in
Posts: 68
Since: 2002/1/12

Quote:

Pitiless wrote:
trollix
... I mean, you make so a security hole for your MySQL and XOOPS ... think about it ...

hmmm where ?

7

Re: (HACK) Prevent Firewall no-login

2002/8/2 14:06
Pitiless
Just popping in
Posts: 14
Since: 2002/5/16

function myRefererCheck prevents that nobody can make link from his site to your site with XOOPS ...

8

Re: (HACK) Prevent Firewall no-login

2002/8/2 16:53
schwim
Just popping in
Posts: 11
Since: 2002/7/25

What am I missing?

Why wouldn't I want a link from another's site? Do you mean pulling content from my site and showing it as theirs? If so, it's worth it to me as many users were leaving the site because of the inability to use the script.

Jason

9

Re: (HACK) Prevent Firewall no-login

2002/8/2 20:04
trollix
Just popping in
Posts: 7
Since: 2002/1/9 1

Why do you consider that as a security hole ?
As I know, others CMS as PostNuke or PhpNuke don't use that feature...

10

Re: (HACK) Prevent Firewall no-login

2002/8/2 20:28
smackdaddy
Just popping in
Posts: 14
Since: 2002/3/28

So what's the deal with this hack? is it good or not?

What's the problem people say with security? I guess I do not understand....

What about regarding cookies and tracking of PIDs from banner ads (for those of us using banner ads which use a PID)

Stats
Goal:	$100.00
Due Date:	Dec 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

(HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Re: (HACK) Prevent Firewall no-login

Login

Search

Recent Posts

Re: xoops_redirect

Re: XOOPS MyMenus 1.54.0 Beta 10

Re: xoops_redirect

Vulnerability in xmnews, xmsocial and xmarticle modules

xoops_redirect

Re: XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 10

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}