Latest release creeping towards v7.0. Don't use on a production site - Please! To keep the harvesters away, you must be a registered user to d/l this one.

I have updated my Site Info block to honor the v6.9 configuration options for displaying or not displaying the security code in the user login area. The block will now be in accordance with the $gfx_chk setting.

10/23/2003: Please note that I have now added a README (in addition to the INSTALL) that has special instructions for users using this with nuke versions prior to v6.9.

In searching out the exploits of Nuke this month, I came across another one that Nuke Cops was not aware of. I reported it to ChatServ and he graciously and expeditiously supplied yet another patch. Interestingly enough, although the hole is in the admin.php logic, it is repaired in auth.php. Read this post for the fix.

Admin Note: I have updated the v6.9 download pack, from this site, as of 10/14/2003 22:25 to include this patch.

From NukeCops: "Recently a security hole was announced in reference to an admin.php exploit where anyone can obtain PHP-Nuke administrator access."

I have added a few lines to the suggested fix to make it a bit easier to know which function call to use. Please see this post for the fix.

Admin Note: I have updated the v6.9 download pack, from this site, as of 10/14/2003 17:25 to include this patch.

From ChatServ at Nuke Cops

Recently a sql injection vulnerability has been reported that relates to the Downloads and Web Links modules where an admin account can be created by passing a sql line through the $cid variable, i have patched both modules not only to block this code to be passed through the $cid variable but on all similar variables as well, patch your websites.
Download for PHP-Nuke 6.5-6.9
Download for PHP-Nuke 6.0

Admin Note:I have updated the v6.9 download pack, from this site, as of 10/9/2003 18:25 to include these patches.

These files have been updated since this message was posted! You need to download them again by clicking on the pertinent link above!!

As you know, I offer a hack to the Downloads module that allows you to protect/restrict certain files to registered users only. Well, what if you want to allow all visitors to see the downloads but only registered users to actually download them? See this post.