| Author |
Message |
Dauthus
Worker
Joined: Oct 07, 2003
Posts: 211
|
 Posted:
Mon Jul 10, 2006 3:45 pm |
|
I take it all I have to do is
1. Overwrite the files with the ones in the new download
2. Update the includes/javas cript.php file
3. Update the mainfile.php file
3. Run the install file "nsnst.php
4. Update the IP2Country tables
I didn't see any update instructions.
The only thing I see to change in the includes/javascript.php file is to remove the following:
Code:global $sentineladmin;
if($sentineladmin > 0) {
echo "<script type=\"text/javas cript\" src=\"includes/overlib.js\"><!-- overLIB (c) Erik Bosrup --></s cript>\n";
echo "<s cript type=\"text/javas cript\" src=\"includes/overlib_hideform.js\"><!-- overLIB (c) Erik Bosrup --></s cript>\n";
}
|
The only thing I see to change in the mainfile.php is to remove the following:
Code:if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
die('Illegal Operation');
}
}
}
|
I do have a question about this line of code in the mainfile.php. I added it in an earlier version of sentinel and haven't seen where it should be removed in any of the upgrades. There is no mention of this code in the new install, so should it stay or go?
Code://Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
if(!file_exists('includes/nukesentinel.php')) {
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}
}
|
|
_________________
Only registered users can see links on this board! Get registered or login!
Vivere disce, cogita mori
Last edited by Dauthus on Mon Jul 10, 2006 4:13 pm; edited 2 times in total |
|
 
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Jul 10, 2006 6:18 pm |
|
1. Overwrite the files with the ones in the new download
2. Remove all NukeSentinel(tm) from includes/javascript.php file. The needed code is now in the admin folder.
3. Run the install file "nsnst.php"
4. Update the IP2Country tables
I was not aware of any changes to mainfile.php but have asked Bob to comment on it. |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Mon Jul 10, 2006 7:08 pm |
|
This section should not be removed only commented out as shown:
Code:#
#-----[ FIND ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}
#
#-----[ COMMENT OUT ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
//unset($matches);
//unset($loc);
//if(isset($_SERVER['QUERY_STRING'])) {
// if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
// die('Illegal Operation');
// }
//}
|
Even though this section is designed to shut off when nukescripts is detected I recommend commenting it out to prevent conflicts.
Code:#
#-----[ FIND ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
die('Illegal Operation');
}
}
}
#
#-----[ COMMENT OUT ]------------------------------------------
#
//if(!file_exists('includes/nukesentinel.php')) {
// if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
// $queryString = $_SERVER['QUERY_STRING'];
// if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
// die('Illegal Operation');
// }
// }
//}
|
This is the only real code change suggested for mainfile.php:
Code:in function function online() {
#
#-----[ FIND ]------------------------------------------
#
function online() {
global $user, $cookie, $prefix, $db;
$ip = $_SERVER['REMOTE_ADDR'];
#
#-----[ CHANGE TO ]------------------------------------------
#
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}
|
This will then cause the sessions table to have the true ip not a false one.
On that last section you talked about, you can leave it as is or comment it out like so:
Code://Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
//if(!file_exists('includes/nukesentinel.php')) {
// unset($matches);
// unset($loc);
// if(isset($_SERVER['QUERY_STRING'])) {
// if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
// die('Illegal Operation');
// }
// }
//}
|
if(!file_exists('includes/nukesentinel.php')) { will stop it from using it when it finds the includes/nukesentinel.php file. |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
|
|
Dauthus
|
| Posted:
Tue Jul 11, 2006 12:02 am |
|
Thanks for the information. Update went without a single problem. |
| |
|
|
|
|
frisp
Hangin' Around
Joined: Apr 02, 2005
Posts: 29
Location: Penicuik, Scotland
|
| Posted:
Tue Jul 11, 2006 7:23 am |
|
Thanks from me also, all went painlessly. |
_________________
Regards
[_]frisp |
|
|
|
|
utssace
Worker
Joined: Feb 18, 2006
Posts: 155
Location: Virginia
|
| Posted:
Mon Jul 24, 2006 8:05 pm |
|
I just installed RavenNuke 2.02.02. Is Sentinel 2.5 solid/stable enough to use at this point, or would it be prudent to wait a little longer?
Where can I find updated Sentinel for RavenNuke? |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 24, 2006 10:00 pm |
|
Yes on the stability and RavenNuke(tm) uses standard NukeSentinel(tm). |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Tue Jul 25, 2006 9:05 am |
|
... and NukeSentinel(tm) can be downloaded from nukescripts.net |
| |
|
|
|
|
utssace
|
| Posted:
Sat Jul 29, 2006 7:37 pm |
|
The upgrade went good. No problem with that.
Two other questions please:
Is the Sentinel default settings in the admin sufficient. I don't quite understand what they all do?
Is it ok to delete the nsnst_installer folder after upgrading?
Thanks  |
| |
|
|
|
|
Raven
|
| Posted:
Sat Jul 29, 2006 8:09 pm |
|
Delete that folder and the nsnst.php file. See the Only registered users can see links on this board! Get registered or login! for an explanation of the different settings. The manual is not up to date, but I believe it will provide you with what you need. |
| |
|
|
|
|
utssace
|
| Posted:
Tue Aug 01, 2006 4:46 pm |
|
One more thing to be clear on something:
I have RavenNuke 2.02.02 installed. I have followed the steps above to install Sentinel 2.50. I also made the mainfile edits suggested by BobMarion above.
I have NOT made any of the Core Edits mentioned in the NS Guide or the readme file. I am assuming that these edits are not necessary since I'm running RN.
Am I right on this? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Aug 01, 2006 6:06 pm |
|
Partly. In 2.5.0 we made some changes to files in the includes folder and it seems one more place. You need to read the instructions to see which files to remove. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
