| Author |
Message |
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
 Posted:
Wed Apr 30, 2008 10:03 pm |
 
|
Upgraded to .17 and for some reason Admin/Auth is OFF and no way to turn it ON. The only choices are OFF and Admin CGI/Auth.
What happened to ON ?? I don't remember doing anything to change anything. My .staccess file is "good" and contains the user/pass previously used.
Cheers, Jay |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15221
Location: Kansas
|
| Posted:
Wed Apr 30, 2008 10:47 pm |
|
If Admin CGI/Auth is the only option then that means that your host is not running PHP as an Apache module and is instead running PHP as a CGI script. This is explained in the Installation guide. Verify with your host how PHP is being loaded. |
|
|
  
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Thu May 01, 2008 6:11 am |
|
It was working with previous versions of Sentinel - .16 and so forth and nothing has changed at my host. The only thing that I've done is to change:
register_globals to OFF
Which I should have done a long time ago but nonetheless I just now did it. I'll try turning it back on to see if that somehow affects it. I doubt it but worth a try anyway.
Cheers, Jay |
|
|
|
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Thu May 01, 2008 6:21 am |
|
Well, guess what, that was it. Turning "register_globals" back to ON and then doing an apache restart caused the HTTP ADMIN/AUTH to appear once again and work as intended.
So now what? I turned it back OFF. Better protection with it OFF rather than ON and using ADMIN/AUTH ? Interesting to say the least.
Cheers, Jay |
|
|
|
|
|
fkelly
Moderator
Joined: Aug 30, 2005
Posts: 2182
Location: near Albany NY
|
| Posted:
Thu May 01, 2008 6:29 am |
|
Just be aware that mainfile does this:
| Code: |
if (!ini_get('register_globals')) {
@import_request_variables('GPC', '');
}
|
So you are effectively going to have register globals on whenever you are running Nuke. And you need it cause a lot of the code relies on it. The RN team is explicitly posting variables as we go through the code but it is far from all done. |
|
|
|
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Thu May 01, 2008 6:37 am |
|
Ok, I'm sure you know what my next question is. 
If the mainfile effectively turns it back on then why doesn't HTTP ADMIN/AUTH work when I have "register_globals OFF" in PHP.INI ?
Cheers, Jay |
|
|
|
|
|
fkelly
Moderator
Joined: Aug 30, 2005
Posts: 2182
Location: near Albany NY
|
| Posted:
Thu May 01, 2008 6:44 am |
|
I suspect that http admin/auth doesn't know anything about mainfile. It is only effectively on within the scope of a page load within RN. If you wrote a stand alone program that didn't access mainfile it would not be on. |
|
|
|
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Thu May 01, 2008 6:49 am |
|
| Quote: | | I suspect that http admin/auth doesn't know anything about mainfile. |
I would assume so since turning register_globals to OFF affects admin/auth regardless of mainfile.
I guess if I wanted the added securiy of admin/auth I can accomplish it using the .htaccess file authentication instead.
Cheers, Jay |
|
|
|
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Thu May 01, 2008 7:37 am |
|
Uncommenting the authentication section in .htaccess and using that works just fine. Now I can keep register_globals off and still rely on the advantages of the mainfile. Enough brain-cell usage for one day.
Cheers, Jay |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15221
Location: Kansas
|
| Posted:
Thu May 01, 2008 2:16 pm |
|
This has been documented in the forums just as an fyi  .
HTTP Authentication, which is a function of the browser, is not available when register_globals is off. You can't turn register_globals on in a script (mainfile.php) because by the time the PHP interpreter has started the script processing the setting is already activated and can't be changed via script settings.
For security, you really should leave it off, especially with older *nuke scripts, and just use CGI Authentication. The piece of code that Frank mentions is not the same as register_globals. The purpose of import_request_variables has a more limited scope. Here is the intended usage/purpose taken from the PHP manual:
: imports GET/POST/Cookie variables into the global scope. It is useful if you disabled register_globals, but would like to see some variables in the global scope. |
|
|
|
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Thu May 01, 2008 6:22 pm |
|
I only run RN (latest) on my three and soon to be fourth sites and up to date with Sentinel. I am quite happy where I am and really appreciate the continuing education. Hmmm, sounds like another donation coming soon.
Cheers, Jay |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 15221
Location: Kansas
|
| Posted:
Thu May 01, 2008 6:36 pm |
|
Got it - Thanks!
Also, the warning I gave about older *nuke scripts applies to all 3rd party addons |
|
|
|
|
|
dad7732
Worker
Joined: Mar 18, 2007
Posts: 224
|
| Posted:
Sat May 03, 2008 8:36 am |
|
Followup to turning "register_globals" OFF as applies to older scripts.
I came across an addtion to the .htaccess file that will modify the behavior of "register_globals":
php_value register_globals 1
Where 1 = ON 0 = OFF
I have it turned off in my PHP.INI file and adding the above line to .htaccess in my one and only old PHP site turns it back ON for just that site.
Now that the value is OFF in the PHP.INI file, I simply uncommented the lines in .htaccess to use HTTP ADMIN/AUTH even tho not visible in Sentinel.
Now I can have the best of both worlds. All tested and works as intended.
Cheers, Jay |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
