Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Problems getting module to work with register_globals Off.
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Converting/Creating Modules
Author Message
dkrager
New Member
New Member



Joined: Jun 16, 2005
Posts: 22
Location: San Diego CA
PostPosted: Sat Nov 21, 2009 6:27 pm Reply with quote
Recently I disabled register_globals in my php configuration to accommodate a script that absolutely needed those settings. Of course now I have another script (easyup nuke) that has stopped functioning with the error. ERROR 01: The file already exist on the server!

It appears that what is happening is that form variable for the filename ($nomfichier_name) is no longer being passed to the functions within the script.

This was discussed in a previous post without resolution because the OP switched to a different script. http://www.ravenphpscripts.com/postt15970.html

I have tried to access the variable via the $_POST "superglobal" but that appears to be blank as well.

Has anyone got any ideas what might be causing this? I realize this is a very old script but there is simply nothing out there with the same functionality so I am hoping to massage the existing script to work with register_globals off

Here is the code.

Any tips would be greatly appreciated. Thanks in advance,

Dave

Code:



<?php





/************************************************************************/


/* PHP-NUKE: Web Portal System                                          */


/* ===========================                                          */


/*                                                                      */


/* Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com)         */


/* http://phpnuke.org                                                   */


/*                                                                      */


/* This program is free software. You can redistribute it and/or modify */


/* it under the terms of the GNU General Public License as published by */


/* the Free Software Foundation; either version 2 of the License.       */


/************************************************************************/


//


//  EASYUP-NUKE


//


// module created by HI-Lab based on EasyUp of Amine Ouelhadj                                                                         *


// Copyright (c) 2002 by cooperativa sociale l'Utopia a r.l.


// released under GPL licence


//


// www.hi-lab.net


//


/***************************************************************************/





//


// upload html form


//





if (!eregi("modules.php", $PHP_SELF)) {


        die ("Non puoi accedere a questo file direttamente...");


}


require_once("mainfile.php");


$module_name = basename(dirname(__FILE__));


get_lang($module_name);


$pagetitle = "- "._TITLEASYUP."";








    global $user, $cookie, $prefix, $dbi, $user_prefix;


    include ("header.php");


    title("<img src='modules/Easyup/EASYUP-NUKE.jpg' width='248' height='123' alt='logo EASYUP-NUKE'>");


    OpenTable();


    echo "<center><font class=\"content\"><b>"._TITLEASYUP."</b></font></center><br><br>"


                . "<i>"._INSTRUCTIONEASYUP."</i><br>"


        ."<form ENCTYPE=\"multipart/form-data\" action=\"modules.php?mop=modload&name=Easyup&file=index\" method=\"post\">"


        ._FILETYPE.":<br><SELECT  name=\"percorso\" title=\"Tipo di file\">\n"


        ."<OPTION value=\"1\">"._FILETODISPLAY."</OPTION>\n"


        ."<OPTION value=\"2\">"._FILETODOWN."</OPTION></SELECT><br><br>\n"


        ._FILEPOSITION.":<br><input name=\"nomfichier\" type=\"file\" size=\"30\"><br><br>\n"


        ._ALTTAG.":<br><input name=\"alt\" type=\"text\" size=\"30\" maxlength=\"40\"><br><br>\n"


        ._BGCOLORSWF.":<br># <input name=\"bgcolorswf\" type=\"text\" size=\"6\" maxlength=\"6\"><br><br>\n"


        ."<input type=\"submit\" name=\"Submit\" value=\""._SEND."\">\n"


        ."</form><br>\n";








//----------------------------------------------------------------


// upload engine


//----------------------------------------------------------------








// parameters





// choose directory of upload files


$imagesdir="images/upload";


$downloaddir="images/materiali";


// Allow or not executable files adding an extension - yes="si" no="no"


$execution = "no";


// Allow or not upload of index files - yes="si" no="no"


$index_autorisation = "no";





$alertdimension=array(


// Alert dimension for images files in Kb integer


                   img=>150,


// Alert dimension for swf files in Kb integer


                   swf=>150,


// Alert dimension for other files in Kb integer


                   other=>500


                   );





// check folder permissions


function checkperms($dir)


         {


         $permsdir=decoct(fileperms($dir));


         $perms=substr("$permsdir",-3);


         if ($perms!="777")


             {


             echo "<div align=\"center\"><font color=\"#cc0000\"><h3>"._ERRORPERM." &quot;$dir&quot; "._ERRORPERM2."<br>"


                  ._PERMISSION." $perms. "._PERMISSION2."</h3></font></div><br>";


             }


         }











checkperms($imagesdir);


checkperms($downloaddir);





switch ($percorso)


        {


        case "1":


              $chemin=$imagesdir;


              break;


        case "2":


              $chemin=$downloaddir;


              break;


        }





$testotoobig=array(_TOOBIG,_TOOBIG1,_TOOBIG2,_TOOBIG3,_TOOBIG4,_TOOBIG5);





$nom_fichier_name = strtolower($nomfichier_name);








// check extension of file





function check_extension($nomfichier_name)


        {


        $extension = end(explode(".", $nomfichier_name));


        if ($extension == "php" || $extension == "php3" || $extension == "php4" || $extension == "pl" || $extension == "phtml" || $extension == "asp" || $extension == "cgi")


                {


                return true;


                }


        }








// Verifie si le nom ne se nomme pas index.extension





function verif_index($nomfichier_name)


        {


          $pointeur = strrpos($nomfichier_name, ".");


          $nom  = substr($nomfichier_name, 0, $pointeur);


        if (ereg ("^index$", $nom)) return true;


                }











// Verifie si le fichier existe sur le serveur.


function presence_file($nomfichier_name)


        {


        global $chemin;


        if (file_exists("$chemin/$nomfichier_name")) return true;


                }








// Calculate dimensions of files and print alert message


function dimensionefiles($chemin,$nomfichier_name,$testotoobig1,$testotoobig2,$max)


         {


         $dimensione=filesize("$chemin/$nomfichier_name");


         $fdimensione=number_format($dimensione, 0, ',', '.');


         $kdimensione=number_format(($dimensione/1024), 1, ',', '.');


         $mdimensione=number_format(($kdimensione/1024), 1, ',', '.');


         if ($dimensione<=1023)


             {


             echo "<center>"._FILEIS." $dimensione "._BYTES.".</center><br>";


             }


         elseif (($dimensione>1023)&&($dimensione<=1048575))


             {


             echo "<center>"._FILEIS." $kdimensione Kb ($fdimensione "._BYTES.").</center><br>";


             if ($kdimensione>$max) {echo "<center><font color=\"#ff0000\"><h3>$testotoobig1</h3></font>$testotoobig2</center><br><br>";}


             }


         elseif (($dimensione>1048575))


             {


             echo "<center>"._FILEIS." $mdimensione Mb ($fdimensione "._BYTES.").<br>"


                 ."<font color=\"#ff0000\"><h3>$testotoobig1</h3></font>$testotoobig2</center><br><br>";


             }


         }





// Calculate dimensions of image and print related html tag


function imagetag($chemin,$nomfichier_name,$alt)


         {


         global $testotoobig,$alertdimension;


         $misura=getimagesize("$chemin/$nomfichier_name");


         $htmlimgstring="<img src=\"$chemin/$nomfichier_name\" alt=\"$alt\" ".$misura[3].">";


         echo "<center><h2>"._TITLETAG."</h2>\n".


              "<i>"._INSTRUCTIONTAG." "._IMAGE.". "._INSTRUCTIONTAG2."</i><br>\n";


         echo "<font color=\"#000066\"><h2><blockquote>&lt;img src=\"$chemin/$nomfichier_name\" alt=\"$alt\" ".$misura[3]."&gt;</h2></font></center><br><br>";


         echo "<center><h2>"._TITLEDIMENSION."</h2></center><br>\n";


         dimensionefiles($chemin,$nomfichier_name,$testotoobig[0],$testotoobig[1],$alertdimension[img]);


         echo "<center><h2><br>"._PREVIEW."</h2>\n".


              "<i>"._SUBPREVIEW." "._IMAGE." "._SUBPREVIEW2."</i>:<br><br>\n";


         echo "".$htmlimgstring."</center>";





         }








// Calculate dimensions of swf file and print related html tag


function swftag ($chemin,$nomfichier_name,$alt,$bgcolorswf)


         {


         global $testotoobig,$alertdimension;


         $misura=getimagesize("$chemin/$nomfichier_name");


         $htmlswfstring="<embed ALT=\"$alt\" src=\"$chemin/$nomfichier_name\" quality=high bgcolor=\"#$bgcolorswf\" ".$misura[3]." type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash\">";


         echo "<center><h2>"._TITLETAG."</h2>\n".


              "<i>"._INSTRUCTIONTAG." "._MOVIE.". "._INSTRUCTIONTAG2."</i><br>\n";


         echo "<font color=\"#000066\"><h2><blockquote>&lt;embed ALT=\"$alt\" src=\"$chemin/$nomfichier_name\" quality=high bgcolor=\"#$bgcolorswf\" ".$misura[3]." type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash\"&gt;</h2></font></center><br><br>";


         echo "<center><h2>"._TITLEDIMENSION."</h2></center><br>\n";


         dimensionefiles($chemin,$nomfichier_name,$testotoobig[2],$testotoobig[3],$alertdimension[swf]);


         echo "<center><h2><br>"._PREVIEW."</h2>\n".


              "<i>"._SUBPREVIEW." "._MOVIE." "._SUBPREVIEW2."</i>:<br><br>\n";


         echo "".$htmlswfstring."</center>";


         }








// Check dimension of file and print alert message


function otherfiles ($chemin,$nomfichier_name)


         {


         global $testotoobig,$alertdimension,$nukeurl;


         echo "<center><h2>"._TITLEDIMENSION."</h2></center><br>\n";


         dimensionefiles($chemin,$nomfichier_name,$testotoobig[4],$testotoobig[5],$alertdimension[other]);


         echo "<center><h2>"._TITLEDOWNLOAD."</h2></center><br>\n";


         echo "<center>"._INSTRUCTIONDOWN."</center><br>".


         _FILEURL.": <font color=\"#000066\">$nukeurl/$chemin/$nomfichier_name</font><br>\n";


         $dimensione=filesize("$chemin/$nomfichier_name");


         echo ""._FILESIZE.": <font color=\"#000066\">$dimensione</font> "._BYTES."<br>\n";


         echo ""._HOMEPAGE.": <font color=\"#000066\">$nukeurl</font><br>";


         }








// Chmod le fichier pour en 644 pour le rendre non executable.


function chmod_no_execution($nomfichier_name)


        {


        global $chemin;


        chmod ("$chemin/$nomfichier_name", 0644);


        }








if ($nomfichier!="")


         {





if ($index_autorisation == "no")


                {


                if (verif_index($nomfichier_name)) {


                        echo "<hr>";


                        echo ""._ERROR." 02: "._YOURFILE." &quot;$nomfichier_name&quot; "._REFUSE."<br>";


                        echo "<hr>";


                        exit;


                        }


                }


if ($execution == "no"){


                                if(check_extension($nomfichier_name)){


                                                                                $nomfichier_name = "$nomfichier_name.txt";


                                                                                        }


                }





if (presence_file($nomfichier_name) == "true") {


                echo "<hr>";


                echo ""._ERROR." 01: "._YOURFILE." $nomfichier_name "._EXIST."<br>";


                echo "<hr>";


                exit;


                }





if (copy($nomfichier, "$chemin/$nomfichier_name"))


        {


        echo ""._YOURFILE." $nomfichier_name "._SUCCESS."<br><p>\n";





// check file type


        $imgextension = end(explode(".", $nomfichier_name));


        switch ($imgextension)


                        {


                        case ("swf"):


                        swftag($chemin,$nomfichier_name,$alt,$bgcolorswf);


                        break;


                        case ("gif"):


                        imagetag($chemin,$nomfichier_name,$alt);


                        break;


                        case ("jpg"):


                        imagetag($chemin,$nomfichier_name,$alt);


                        break;


                        case ("png"):


                        imagetag($chemin,$nomfichier_name,$alt);


                        break;


                        default:


                        otherfiles($chemin,$nomfichier_name);


                        }





        chmod_no_execution($nomfichier_name);


        }


else


        {


        //echo ""._ERRORPERM."<br>";


        //echo ""._PERMISSION."<p>";


        //exit;


        }





}





    echo "<p align=\"right\"><A href=\"http://www.hi-lab.net\"><img src='modules/Easyup/hilab.gif' width='70' height='30' alt='HI-Lab - The Social Technology'></A><p>";


    CloseTable();


    include ("footer.php");





?>
 
View user's profile Send private message Visit poster's website
nuken
RavenNuke(tm) Development Team



Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina
PostPosted: Sat Nov 21, 2009 6:46 pm Reply with quote
You could enable error reporting and find out what variables are not set. To be honest with you, I would not use an upload script that will not work with register globals off. That is a good sign that the script has security issues.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
dkrager
PostPosted: Sun Nov 22, 2009 3:36 am Reply with quote
I understand which variables are not set as I mentioned in my post. My question is how to pass those form variables under php5 with register_gobals disabled.

Thanks,

Dave
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Sun Nov 22, 2009 9:25 am Reply with quote
You could try adding the following lines of code into the module's index.php script up near the top:

Code:



if (!ini_get('register_globals')) {


   @import_request_variables('GPC', '');


}

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
nuken
PostPosted: Sun Nov 22, 2009 9:50 am Reply with quote
Also, if you are just using it for images, here is an easy to use image hosting script for nuke. It give the link code for the images after they upload. http://trickedoutnews.com/nuken/ImageHost.zip
 
dkrager
PostPosted: Sun Nov 22, 2009 1:58 pm Reply with quote
montego wrote:
You could try adding the following lines of code into the module's index.php script up near the top:

Code:



if (!ini_get('register_globals')) {


   @import_request_variables('GPC', '');


}


No joy on that one but I do appreciate the suggestion. I have actually tried a couple of different approaches at emulating register_globals but for some reason none have worked with this particular script. Confused
 
dkrager
PostPosted: Sun Nov 22, 2009 2:02 pm Reply with quote
nuken wrote:
Also, if you are just using it for images, here is an easy to use image hosting script for nuke. It give the link code for the images after they upload. http://trickedoutnews.com/nuken/ImageHost.zip


Nice script. Really nice! I actually already have it running on the site for evaluation. The problem is it could easily turn into a management nightmare with every user having their own folder and also having the ability to delete images which would result in red X's all over the forums.

The beauty of easyup is its simplicity. It's a one way trip and all of the photos go into a single uploads directory where they cannot be deleted by the users so you don’t have the problem of red X's in the forums. It’s also easy to do mass photo resizing if things start getting a little fat.

If I were running a small gaming clan site or something along those lines I would be all over imagehost. Unfortunately my audience is about 7,000 motorcyclists between the ages of 40-70 with almost zero computer skills and no concept of file management so the simpler I keep things, the better.

I do appreciate the suggestion though. Very Happy
 
Palbin
Site Admin



Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania
PostPosted: Sun Nov 22, 2009 5:43 pm Reply with quote
Is this script running on a RN 2.4 site?

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
Palbin
PostPosted: Sun Nov 22, 2009 8:04 pm Reply with quote
I should say are you attempting to sue this on an RN 2.4. Smile
 
Palbin
PostPosted: Sun Nov 22, 2009 10:40 pm Reply with quote
There was more than a few problems here, but I have done what I could. If this is not going on a RN 2.4 site you will need to comment out the csrf_check() in the index. It should be xhtml compliant as well.

I tested jpg, swf, and tar files.

http://www.phpnuke-guild.org/downloads/easyup-nuke_RN2.4.zip

Note: I got the original script form this site. http://freshmeat.net/projects/easyup-nuke/
 
dkrager
PostPosted: Mon Nov 23, 2009 2:39 pm Reply with quote
You sir, are amazing! RavensScripts That is so far beyond the call of duty it is not even funny. It is working perfectly now. I think you just made a whole lot of vintage motorcycle enthusiasts very happy. I know it is not much and does not make up for your time but I made a $50.00 towards the site operating costs as a small token of my appreciation.

Thanks once again I am simply blown away by this.

Dave
 
Palbin
PostPosted: Mon Nov 23, 2009 4:02 pm Reply with quote
Raven and the rest of the staff thank you for your donation! Very Happy
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Converting/Creating Modules


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©