Mainfile code differences with 7.6 patched 3.1

registered · Worker Joined: Oct 07, 2003 Posts: 211

The core file edits for mainfile.php are like this:

Code:

For Nuke Patched 3.1 in mainfile.php





#


#-----[ FIND ]------------------------------------------


#


if (defined('FORUM_ADMIN')) {


   @require_once("../../../config.php");


   @require_once("../../../db/db.php");


   @require_once("../../../includes/custom_files/custom_mainfile.php");


   @require_once("../../../includes/ipban.php");


} elseif (defined('INSIDE_MOD')) {


   @require_once("../../config.php");


   @require_once("../../db/db.php");


   @require_once("../../includes/custom_files/custom_mainfile.php");


   @require_once("../../includes/ipban.php");


} else {


   @require_once("config.php");


   @require_once("db/db.php");


   @require_once("includes/custom_files/custom_mainfile.php");


   @require_once("includes/ipban.php");


}





#


#-----[ CHANGE TO ]------------------------------------------


#


if (defined('FORUM_ADMIN')) {


   @require_once("../../../config.php");


   @require_once("../../../db/db.php");


   @require_once("../../../includes/custom_files/custom_mainfile.php");


   @require_once("../../../includes/ipban.php");


   @include_once("../../../includes/nukesentinel.php");


} elseif (defined('INSIDE_MOD')) {


   @require_once("../../config.php");


   @require_once("../../db/db.php");


   @require_once("../../includes/custom_files/custom_mainfile.php");


   @require_once("../../includes/ipban.php");


   @include_once("../../includes/nukesentinel.php");


} else {


   @require_once("config.php");


   @require_once("db/db.php");


   @require_once("includes/custom_files/custom_mainfile.php");


   @require_once("includes/ipban.php");


   @include_once("includes/nukesentinel.php");


}





#


#-----[ FIND ]------------------------------------------


#


//Union Tap


//Copyright Zhen-Xjell 2004 http://nukecops.com


//Beta 3 Code to prevent UNION SQL Injections


unset($matches);


unset($loc);


if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {


   die();


}





#


#-----[ COMMENT OUT ]------------------------------------------


#


//Union Tap


//Copyright Zhen-Xjell 2004 http://nukecops.com


//Beta 3 Code to prevent UNION SQL Injections


//unset($matches);


//unset($loc);


//if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {


//   die();


//}








#


#-----[ FIND ]------------------------------------------


#


$queryString = strtolower($_SERVER['QUERY_STRING']);


if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {


header("Location: index.php");


die();


}





#


#-----[ COMMENT OUT ]------------------------------------------


#


//$queryString = strtolower($_SERVER['QUERY_STRING']);


//if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {


//header("Location: index.php");


//die();


//}

My files look like this:

Code:

if (defined('FORUM_ADMIN')) {


   @require_once("../../../config.php");


   @require_once("../../../db/db.php");


   @require_once("../../../includes/sql_layer.php");


   if (file_exists("../../../includes/custom_files/custom_mainfile.php")) { @include_once("../../../includes/custom_files/custom_mainfile.php"); }


   @require_once("../../../includes/ipban.php");


   @include_once("../../../includes/nukesentinel.php");


   if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_head.php")) { @include_once("../../../includes/custom_files/custom_head.php"); }


   if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_header.php")) { @include_once("../../../includes/custom_files/custom_header.php"); }


} elseif (defined('INSIDE_MOD')) {


   @require_once("../../config.php");


   @require_once("../../db/db.php");


   @require_once("../../includes/sql_layer.php");


   if (file_exists("../../includes/custom_files/custom_mainfile.php")) { @include_once("../../includes/custom_files/custom_mainfile.php"); }


   @require_once("../../includes/ipban.php");


   @include_once("../../includes/nukesentinel.php");


   if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_head.php")) { @include_once("../../includes/custom_files/custom_head.php"); }


   if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_header.php")) { @include_once("../../includes/custom_files/custom_header.php"); }


} else {


   @require_once("config.php");


   @require_once("db/db.php");


   @require_once("includes/sql_layer.php");


   if (file_exists("includes/custom_files/custom_mainfile.php")) { @include_once("includes/custom_files/custom_mainfile.php"); }


   @require_once("includes/ipban.php");


   @include_once("includes/nukesentinel.php");


   if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_head.php")) { @include_once("includes/custom_files/custom_head.php"); }


   if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_header.php")) { @include_once("includes/custom_files/custom_header.php"); }


}





#


#-----[ AND ]------------------------------------------


#





//Union Tap


//Copyright Zhen-Xjell 2004 http://nukecops.com


//Code to prevent UNION SQL Injections


//unset($matches);


//unset($loc);


//if(isset($_SERVER['QUERY_STRING'])) {


//  if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {


//    die('Illegal Operation');


//  }


//}





#


#-----[ AND ]------------------------------------------


#





// Additional security (Union, CLike, XSS)


if(!file_exists('includes/nukesentinel.php')) {


  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {


//    $queryString = $_SERVER['QUERY_STRING'];


//    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {


//      die('Illegal Operation');


//    }


  }


}

Is this ok?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Should be.

Client Joined: Jul 19, 2005 Posts: 68

I have the same prob.
so let me get this right, "should be" means...........
1...... do not replace the files
2...... do replace the files
3...... go get very drunk and forget it
Please advise me

Posted: Fri Sep 02, 2005 6:10 pm

LOL - I choose number 3.

But number 2 is the correct answer.

Just BACK UP BEFORE you do the changes.