| Author |
Message |
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
 Posted:
Mon Jul 19, 2004 7:52 am |
 
|
Well, sorry to here about the dDos atack, but I am glad to hear that your website is safe! |
|
|
   
|
|
jonmcc33
Hangin' Around
Joined: May 17, 2004
Posts: 40
Location: Dayton, OH
|
| Posted:
Mon Oct 04, 2004 11:13 pm |
|
Question:
In PHPNuke 7.5 the auth.php file is no longer used so where would you put the following code in the admin.php file:
| Code: | require_once('myprivatefile.php');
require_once('basicauthfile.php');
|
I've been using your script since PHPNuke 7.1 and it's been awesome. I'd like to continue using it. |
|
|
 |
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
| Posted:
Tue Oct 05, 2004 12:06 am |
|
Actually auth.php is still used - it's just already included in admin.php instead of being an 'included' file. In admin.php, find | Code: | if (ereg("[^a-zA-Z0-9_-]",trim($aid))) {
die("Begone");
}
$aid = substr("$aid", 0,25);
$pwd = substr("$pwd", 0,18); |
which is the beginning of the auth.php code. Place the 2 require_once statments right before the above code like | Code: | require_once('myprivatefile.php');
require_once('basicauthfile.php');
if (ereg("[^a-zA-Z0-9_-]",trim($aid))) {
die("Begone");
}
$aid = substr("$aid", 0,25);
$pwd = substr("$pwd", 0,18); |
Having said that, I would strongly recommend using NukeSentinel instead as it incorporates all of my original script and so much more for protection. |
|
|
|
|
|
mrisis
New Member
Joined: Jan 01, 2005
Posts: 3
|
| Posted:
Sat Jan 01, 2005 2:12 pm |
|
Edited |
Last edited by mrisis on Sun Jan 02, 2005 1:43 am; edited 1 time in total |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
| Posted:
Sat Jan 01, 2005 2:22 pm |
|
HTTPAuth is the default NukeSentinel authorization method. It does not require .htaccess. |
|
|
|
|
|
mrisis
New Member
Joined: Jan 01, 2005
Posts: 3
|
| Posted:
Sat Jan 01, 2005 2:29 pm |
|
Yes, But only when you run it as an apache module |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
| Posted:
Sat Jan 01, 2005 2:31 pm |
|
I understand that. But, that's what your link provides, standard HTTPAuth, so, that's why I responded in kind. |
|
|
|
|
|
mrisis
New Member
Joined: Jan 01, 2005
Posts: 3
|
| Posted:
Sat Jan 01, 2005 2:53 pm |
|
Very good point, dont take me wrong as I use sentinel on my main site |
|
|
|
|
|
MaSePoes
New Member
Joined: Apr 11, 2005
Posts: 21
|
| Posted:
Fri Jul 01, 2005 3:16 am |
|
this is one of the best methods I've used. I use them on all my sites. In fact I didn't use it on one site and that one got hacked. For months I haven't been hacked becuase I use this method with Nuke Sentinel.
okay one can never be 100% secure, but you can try. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
| Posted:
Fri Jul 01, 2005 7:52 am |
|
 Thanks for the testimonial |
|
|
|
|
|
hero
New Member
Joined: Oct 08, 2005
Posts: 4
|
| Posted:
Sat Oct 08, 2005 3:00 am |
|
Hi Raven,
I'm newbie at phpnuke. I have a server with nukesentinel installed. I was actually looking for a very secured HTTP AUTH program for my site. Luckily, I found this topic and follow every single instruction that you wrote here. Fortunately, I made it work on my site without any errors. Thanx dude !!!!
There is one question I wanted to ask..... since you said the beauty about those 2 files ( myprivate.php & basicauthfile.php) are that we can put it any where we want. Right now I placed those 2 files inside my html folder and its working. But, my question is, what if I wanted to put those files outside my html folder ? Are these still gonna work ?
I am running my server through my computer. So, I want my admin can only access to the admin.php from my computer not any other remote computer. How, can I make this work ? Any help will be appriceated.
Thanx in advance |
|
|
|
|
|
hero
New Member
Joined: Oct 08, 2005
Posts: 4
|
| Posted:
Sat Oct 08, 2005 3:55 am |
|
actually I just changed the path of those 2 files which is out of my html folder ...and its working !!!!!!
require_once('c:\Myserver\myprivatefile.php');
require_once('c:\Myserver\basicauthfile.php');
do you think that will do the trick ? do you think people can access to my admin.php file from remote computer ???? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
| Posted:
Sat Oct 08, 2005 7:49 am |
|
That should do the trick. Regardless of where those files are stored, it provides the same protection. The added benefit of moving the files outside of the web root is that there is no way that they can view the files from their browser unless you have bad code elsewhere that allows a hole or access otherwise. |
|
|
|
|
|
CoffeeOD
New Member
Joined: Nov 05, 2005
Posts: 11
|
| Posted:
Mon Jan 16, 2006 2:06 am |
|
Hey Raven, im using phpnuke 7.7 and this script looks nice but (there�s always but, eh?) I dont find this line | Code: | | require("auth.php"); |
I thinked that I could place it before | Code: | | require_once("mainfile.php"); |
, but I wanna be sure.
[admin.php - admin fix] Also, I tried that admin fix you said earlier (http://ravenphpscripts.com/postt345.html), but I cannot find | Code: | require_once("mainfile.php");
get_lang(admin); |
in my include/auth.php and I dont got any other auth.php
[auth.php admin fix] I tried that admin fix you said earlier about auth.php, (http://ravenphpscripts.com/postt349.html), I dont find those two starting lines, my starting lines are | Code: | if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit; |
I didnt see answers in those threads, or maybe I didnt look enough. I use newest Sentinel and thanks for that, it�s great tool and just the thing I have been looking for. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15210
Location: Kansas
|
| Posted:
Mon Jan 16, 2006 8:36 am |
|
As stated above, auth.php was integrated into admin.php in v7.5. But if you use NukeSentinel(tm) this thread is irrellevant. |
|
|
|
|
|
redhairz
Worker
Joined: Nov 17, 2006
Posts: 216
|
| Posted:
Mon Dec 04, 2006 4:01 pm |
|
i think someone hacked my phpmyadmin when i log out exit it promt me wrong user and wrong password could it be hacked? |
|
|
|
|
|
evaders99
Moderator
Joined: Apr 30, 2004
Posts: 2846
|
| Posted:
Mon Dec 04, 2006 4:39 pm |
|
I'm not sure what you mean. You say you cannot log into phpMyAdmin?
Or the saved forms in your browser are incorrect - that just sounds like a browser thing |
|
|
|
|
|
redhairz
Worker
Joined: Nov 17, 2006
Posts: 216
|
| Posted:
Mon Dec 04, 2006 6:13 pm |
|
hey evaders99  i always get this (Wrong username/password. Access denied.) when exiting from phpmyadmin...... i can use the phpmyadmin but when i login out as exit i will get the message above. becos there have been 2 incident when hacker deleted all the DB. the hosting admin restored back eventually. my question is could the hacker edit the user of the phpmyadmin which cause the above message to appear? i login into the phpmyadmin from cpanel mysql. what is your view? i had disable ftp and change pword. could the hacker hack into the nuke portal to do that kind of damage? from admin or folder cmod 777? |
|
|
|
|
|
evaders99
Moderator
Joined: Apr 30, 2004
Posts: 2846
|
| Posted:
Mon Dec 04, 2006 9:17 pm |
|
I don't think so. It may just be its trying to read some login value that is no longer there since you logged out. Don't worry about |
|
|
|
|
|
shock1964
New Member
Joined: Apr 28, 2007
Posts: 1
|
| Posted:
Sat Apr 28, 2007 1:46 pm |
|
hey, i got this md4 bf off of a friend. the creator is matthias fichtner and its supposed to unlock the halo 3 beta on my xbox 360, can anyone tell me what it really does? i can send u the file if u email me or add me on my msn |
|
|
|
|
|
evaders99
Moderator
Joined: Apr 30, 2004
Posts: 2846
|
| Posted:
Sat Apr 28, 2007 11:12 pm |
|
What? This has nothing to do with this thread, or phpNuke for that matter.
Spam? |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
