| Author |
Message |
Tekniqal
New Member
Joined: Nov 10, 2004
Posts: 4
|
 Posted:
Sat May 21, 2005 2:14 pm |
|
Hello,
I am having some problems doing this. When I go into my Sentinel options the particular cvar, "Admin Auth:" is unchangeable. I am assuming there should be a drop down menu to select between CGIAuth and HTTPAuth. However, I think it is trying to use HTTPAuth because it just says..."HTTPAuth Requires "register_globals" to be ON" My webhosting provider has already told me they will not turn on register_globals. So I guess I need to either manually turn on CGIAuth through phpMyAdmin or disable the register_globals checking. How should I go about doing this. I am using Nuke 7.7 and Apache/2.0.54. Currently when I try to goto admin.php it asks for my user and password but the user and pass that I set up in the Sentinel admin list arent working here. I have checked the nuke_nsnst_admins table and the correct info is in there. So I am kinda stuck. Your help is much appreciated.
-Chris |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat May 21, 2005 5:38 pm |
|
I am pretty sure that I have installed it on sites that have register_globals off, so I need to investigate that and provide my findings. Let's skip the NS setup and do it this way.
Code:<form method='post'>
Enter password to be encrypted using crypt(EX:EX): <input name='pw'><br /><br />
Enter the 'salt' value for the encryption (8 long): <input name='salt' maxlength='16'><br /><br />
<input type='submit' name='submit' value='Encrypt'><br /><br />
<?
if (isset($_POST['submit'])&&isset($_POST['pw'])&&!empty($_POST['pw'])) {
echo "Password <b>".$_POST['pw']."</b> translated is <b>".crypt($_POST['pw'],$_POST['salt'])."</b>";
}
?>
|
The above script should be saved as a file and then ftp it to your server or just run it locally if you have a PHP setup on your PC (it doesn't require nuke). It will allow you to enter a password in plain text and then it will encode it using the crypt() function. It will produce a line of text like userid:encoded_password. You then place userid:encoded_password in the .staccess file. For instance, let's say your userid is Tekniqal and you want to use a password of ravenscripts. Running it through the script using a salt value of SK (The salt value can be any 2 character code you want) will produce thisCode:Password ravenscripts translated is SKaO7Wem4oeco
|
So, your .staccess should look likeCode:Tekniqal:SKaO7Wem4oeco
|
and your .htaccess should have, at a minimum, this code. The ?????? would be replaced by your userid on your server. If .staccess is in a subfolder, the the subfolder name would go after the public_html folder and before the /.staccessCode:<Files .staccess>
deny from all
</Files>
<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/???????/public_html/.staccess
</Files>
|
|
| |
|
|
|
|
Tekniqal
|
| Posted:
Sat May 21, 2005 5:55 pm |
|
Alright, now I got my username and pass working by encrypting my own pass and placing that code in the .staccess. The next step would be the .htaccess code. This is what I have...
Code:# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>
<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Tekniqal"
AuthType Basic
AuthUserFile /usr/www/ue/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
|
Is this ok? I can log into the admin fine now with how the files are set up. I guess the only thing that is acting up would be the drop down menu for the Auth Type. Should I just not worry about this?
Thanks so much for your help.
-Chris |
| |
|
|
|
|
Raven
|
| Posted:
Sat May 21, 2005 6:07 pm |
|
Don't worry about the NS drop down. I need to investigate the register_globals setup when I get time. As long as this is working you are protected just as if NS was doing it. |
| |
|
|
|
|
Tekniqal
|
| Posted:
Sat May 21, 2005 9:17 pm |
|
Sounds great, thx for your help. Good work on the script. Cant wait to start playin around with it. |
| |
|
|
|
|
counteru
New Member
Joined: Apr 29, 2005
Posts: 4
|
| Posted:
Tue May 24, 2005 4:32 pm |
|
I am tryin to follow these steps.. but im havin problems with my .htaccess file. For the life of me i cannot figure out what i need to put in there. If i use that file it blocks everyone from gettin in my site .. gives me an error that says the site is misconfigured. I only have the sample .htaccess file and sample .stacces file.. havent changed them.. and dont really understand how i am suppose to change them. can someone please explain what I do with these? |
| |
|
|
|
|
Tekniqal
|
| Posted:
Tue May 24, 2005 7:17 pm |
|
Before anything, make your htaccess and staccess blank so that you can get into your site.
Basically, you need to make a .php file named whatever u want with the following code.
Code:
<form method='post'>
Enter password to be encrypted using crypt(EX:EX): <input name='pw'><br /><br />
Enter the 'salt' value for the encryption (8 long): <input name='salt' maxlength='16'><br /><br />
<input type='submit' name='submit' value='Encrypt'><br /><br />
<?
if (isset($_POST['submit'])&&isset($_POST['pw'])&&!empty($_POST['pw'])) {
echo "Password <b>".$_POST['pw']."</b> translated is <b>".crypt($_POST['pw'],$_POST['salt'])."</b>";
}
?>
|
Now goto that file in your webbrowser ie. www.yourdomain.com/pass.php
Put your desired password in the first textbox. And put a "salt" value in the second. You can just use SK as Raven said. Once you get the encrypted password, place that in the .staccess (this file holds your admin users). Your .staccess file will look like:
Code:<desired username here>:<encrypted password from pass.php here>
|
Now, to get your needed code for the .htaccess there is a easy way to have Sentinel generate it for you. First goto your admin panel in nuke and then goto the nukesentinel section. Ont hat page scroll down and look at the option, "htaccess Path:" Make sure this is filled in. You should be able to just use the path that they give you right below it. This is what mine said and it is correct "Normally: /usr/www/ue/.htaccess". Do the same for staccess. Now click "CGIAuth Setup" which is right below the staccess path. You will see that it displays a generated htaccess file for ya. It will look something like:
Code:# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>
<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /usr/www/ue/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
|
Just replace the "Restricted by NukeSentinel(tm)" with the username you placed in staccess. Place the code in htaccess and you are set.
Hope this helps. Its exactly how I did it. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
