| Author |
Message |
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
 Posted:
Tue Nov 29, 2005 4:57 pm |
|
Just one thing:
A stable and secure Photo Gallery |
| |
|
 
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Tue Nov 29, 2005 5:41 pm |
|
I'm working on a similar custom distribution, but that is much farther off... Here are the modules I'd include (leaving out all the previously mentioned Raven mods, tweaks, enhancements, blocks; forum enhancements; and the NSN modules, security, etc.):
CNB Your Account
Contact Plus
DisError
Fancy Newsletter
FCKeditor
MSAnalysis
mSearch
nukeSEO (coming soon with Google and regular Sitemaps)
NuCalendar (until something better comes along)
NukeStyles Docs
NukeWrap
I'm looking at replacements for Web Links and Downloads...and a photo gallery. I like Coppermine because it has some features the others do not. But I'd prefer something stable, secure and supported... |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Tue Nov 29, 2005 6:31 pm |
|
This is a tuff question to answer because really it depends on what you invision your release to be?
Do you want it to be a good starting point for people?
Do you want it to be for a group of individuals like clans/gammers, or business?
Do you want it to be a swiss army knife of Nuke?
Do you want it to be everything but the kitchen sink?
We went through and still are with Evo. We even broke our types into 4 different categories. But its hard to define where do you draw the line? Why not include this module or that module? Why not this mod or hack?
Its an endless cycle really unless you define what you are going for. Everyone is going to have different wants and needs. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Nov 29, 2005 9:30 pm |
|
My desire is to not replace phpnuke. It's hard to explain, but I want to leave nuke as much as possible, as nuke. Secure it, yes. But, I am trying to leave a distribution in place that if I leave the scene, for whatever reason, the people who are using it will be able to continue upgrading on their own if/when the next stable release comes out. I also want to make the upgrade path as easy as possible. I also am trying to stay away from addons that you can add on your own with little hardship. I am endeavoring to not alter the base nuke tables as this impacts other addons and/or upgrades. I do not want other aurhors to have to code around what I am supplying, other than for the security features.
For right now, that's the scope of my work. |
| |
|
|
|
|
technocrat
|
| Posted:
Wed Nov 30, 2005 9:10 am |
|
Hmm, well if you want to leave the upgrade path clear then that seems to knock out adding any mods to the package, right? |
| |
|
|
|
|
Raven
|
| Posted:
Wed Nov 30, 2005 9:16 am |
|
| technocrat wrote: | | Hmm, well if you want to leave the upgrade path clear then that seems to knock out adding any mods to the package, right? |
Not necessarily. I assume you're referring to Forum mods? I'm trying to not modify the tables. Any mod that alters as opposed to adds on will be looked at very carefully. |
| |
|
|
|
|
technocrat
|
| Posted:
Wed Nov 30, 2005 9:23 am |
|
|
|
|
|
Raven
|
| Posted:
Wed Nov 30, 2005 9:37 am |
|
Thanks for the permission. Curt's handling the Forum stuff so I know he'll read this. |
| |
|
|
|
|
technocrat
|
| Posted:
Wed Nov 30, 2005 10:13 am |
|
Its not a forum mod, its admin ip lock. It will allow users to lock the forum and nuke admin areas by IP. Just one more level of security you can add.
Also feel free to use anything you want from the Evo package. |
| |
|
|
|
|
benson
Worker
Joined: May 15, 2004
Posts: 119
Location: Germany
|
| Posted:
Fri Dec 02, 2005 10:25 am |
|
Hi,
one thing very important for me is a 'paging' patch for the News Module to be able to offer all News on my site fore easy access. What I mean is, that the user should be able to go forward and backward, page by page to see all the articles.
I do it by my own (simple) code but everytime I update the News module I have to add it again.
Can you add something like this in the News, no additional module?
Regards, Norbert |
| |
|
|
|
|
FiLiUsEvAe
Hangin' Around
Joined: Nov 24, 2005
Posts: 36
Location: Netherlands
|
| Posted:
Fri Dec 02, 2005 2:26 pm |
|
I'd love a gallery but my webhosting doesn't open up safe mode on PHP so I can't use Gallery how about maybe Coppermine? A FlashChat feature would be nice too and yes yes yes I love the Site Visitor block with all the colourful icons (sorry dudes I'm a dudette LOL)
Also for the nuke phpBB it would be nice if the languages were already in there.
Something else that would be nice is a split up sql file. The large SQL file always times out with me so I have to manually take out the country inserts so I can add them later bit by bit. |
| |
|
|
|
|
technocrat
|
| Posted:
Fri Dec 02, 2005 2:32 pm |
|
Coppermine would be a no no. The current ported modules are < 1.3.5 that I know of. Anything less than that has a pretty bad whole in it. In fact one of the nastier script kiddies sites is telling members how to hack it in a step by step manaul. Plus telling them to use search engines to find sites that have it.  |
| |
|
|
|
|
FiLiUsEvAe
|
| Posted:
Fri Dec 02, 2005 2:33 pm |
|
gawd those scriptkiddies make me puke. Are there any other galleries? |
| |
|
|
|
|
technocrat
|
| Posted:
Fri Dec 02, 2005 2:40 pm |
|
|
|
|
|
FiLiUsEvAe
|
| Posted:
Fri Dec 02, 2005 2:41 pm |
|
My webhosting offers stuff like one click site ... they give 3 gallery options (all standalone of course)
- Singapore
- TFT Gallery
- JBC Explorer (more like an explorer than a gallery)
I don't know if they're in PHP but if they are maybe they can be ported / embedded whatever you call it into nuke. Well as I write this I just realise such a thing would be one heck of a job and not just an hour work. Still I believe it's time for new and more galleries for nuke. I only know about Gallery (which doesn't work with everyone depending on the webhosting) and Coppermine (which obviously became one huge security hole). |
| |
|
|
|
|
FiLiUsEvAe
|
| Posted:
Fri Dec 02, 2005 3:27 pm |
|
I'm just wondering ... Technorat wrote that it's hard to draw a line since everyone wants something else;
I really like the idea of a basic ... with a few basic modules and blocks. Next to that it would be nice to have extended packs that totally integrate into the basic.
Like an extended pack for the techies, for the media freaks, for the housewife, for the collector. I don't know ... I know most ppl want their own theme and recreate it or change some pictures and colours. They add modules and blocks they'd like themselves. I think the best you can do is to offer packs which are a little "group" related.
Basically every site running nuke all look the same. Same counts for sites running postnuke or xoop, mambo name one .... It's the themes and added modules that make a slight difference. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Dec 03, 2005 10:14 am |
|
I have received permission to include any NSN (free) scripts that I want to include. Support will be handled here. |
| |
|
|
|
|
technocrat
|
| Posted:
Sat Dec 03, 2005 10:21 am |
|
Ok good.
You had me a bit worried when you said Bob Marion does not allow any of his NSN scripts to be bundled with nuke bundles. Because he gave me the same ok.  |
| |
|
|
|
|
Raven
|
| Posted:
Sat Dec 03, 2005 10:27 am |
|
It was meant as more of a generalized statement. I knew if I asked him he would allow me. I just wanted to wait until I had his explicit permission. |
| |
|
|
|
|
VinDSL
Life Cycles Becoming CPU Cycles
Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
|
| Posted:
Mon Dec 05, 2005 2:40 am |
|
| Raven wrote: | | My desire is to not replace phpnuke. It's hard to explain, but I want to leave nuke as much as possible, as nuke. Secure it, yes. But, I am trying to leave a distribution in place that if I leave the scene, for whatever reason, the people who are using it will be able to continue upgrading on their own... |
Heh! I was hoping you would say that... 
This thread was starting to give me a headache! Maybe it's just me. I basically work 24 hours a day from Oct-Feb, with a few hours of sleep, here n' there. I know! Poor, baby! But, that's the way it is... This is the first time I've had a chance to cruise around the web since Thursday night, and as I 'speak', this is Sunday night... I think... 
In this state of chaos, I've been putting together a 'Secure Feedback DSL' module, if you will, in the back of my mind. I've started hacking the 'Feedback' code, and it's coming along well enough, all things considered. Once, I get it nailed down, securing the 'Recommend Us' module will be a piece of cake.
If you don't know what I'm talking about, 'Email Injection' is all the rage right now, with the 'script kiddy' crowd. The 'play' is for them to use your 'Feedback' and 'Recommend Us' mail() forms to launch Spam from your site. Many, many, proggies, including PHP-Nuke are susceptible to these attacks, since everyone basically uses the same generic PHP mail scripts, blah, blah, blah...
So, in view of your statement(s) above, I think 'we' should come up with secure 'Feedback' and 'Recommend Us' modules. I'm 90% done with the 'Feedback' module, and was thinking about:- Rounding out the hacks and releasing them, or...
- Starting a thread to discuss these matters and letting everyone participate, e.g. a community thing, you know?
However, as I said, I'm a little short on time right now, so I'm basically working on 'this' alone, as time allows, in the shadows...
Here's a snippet, to whet your appetite, if anyone's interested...
Code:<?php
/************************************************************************/
/* PHP-NUKE: Web Portal System
/* ===========================
/*
/* Copyright (c) 2002 by Francisco Burzi
/* http://phpnuke.org
/*
/************************************************************************/
/* Based on php Addon Feedback 1.0
/* Copyright (c) 2001 by Jack Kozbial
/* http://www.InternetIntl.com
/* jack@internetintl.com
/************************************************************************/
/* This program is free software. You can redistribute it and/or modify
/* it under the terms of the GNU General Public License as published by
/* the Free Software Foundation; either version 2 of the License.
/************************************************************************/
/* Additional security & Abstraction layer conversion
/* 2003 chatserv
/* http://www.nukefixes.com -- http://www.nukeresources.com
/************************************************************************/
/* Secure Feedback DSL 0.2 beta - A VinDSL Hack
/* Copyright (c) 2005 by VinDSL
/* http://www.Lenon.com
/* perfect.pecker@lycos.co.uk
/*
/*Validation code/concept: http://www.ilovejackdaniels.com
/************************************************************************/
if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
die ("You can't access this file directly...");
}
require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
define("_SUBJECT","Subject");
define("_FBENTERSUBJECT","ERROR: Please enter a subject!");
define("_FBRENTEREMAIL","ERROR: Please enter a valid Email!");
/**********************************/
/* Configuration
/*
/* You can change this:
/* $index = 0; (right side off)
/**********************************/
$index = 1;
/**********************************/
include("header.php");
function check_email_address($sender_email) {
// <<MOVE THIS OUT OF THE VALIDATION SECTION>>>
// Check for bad input, such as linefeed and carriage return characters et cetera
if (eregi("(Content-Type)|(MIME-Version)|(Content-Disposition)|(\n)|(%0A)|(0x0A)|(\r)|(0x0D)|(%0D)|(to:)|(cc:)|(bcc:)", $sender_email)) {
// Email invalid because of bad input
die("bad address");
// return false;
}
// First, we check that there's only one @ symbol, and that the lengths are right
if (!ereg("[^@]{1,64}@[^@]{1,255}", $sender_email)) {
// Email invalid because of wrong number of characters in one section, or wrong number of @ symbols
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $sender_email);
$local_array = explode(".", $email_array[0]);
// Check for allowed characters and lengths for parts before the @ symbol
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
// Check if domain is IP. If not, it should be valid domain name
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
// Email invalid because there are not enough parts to domain
return false;
}
// Check for allowed characters and lengths for parts after the @ symbol
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
$cookie[0] = intval($cookie[0]);
if ($cookie[1] != "") {
$row = $db->sql_fetchrow($db->sql_query("SELECT name, username, user_email FROM ".$user_prefix."_users WHERE user_id='$cookie[0]'"));
if ($row['name'] != "") {
$sender_name = $row['name'];
} else {
$sender_name = $row['username'];
}
$sender_email = $row['user_email'];
}
|
I guess I don't fit the mold. If I see something I like, I'll take the bull by the horns and turn it into a PHP-Nuke module or block myself. It's more fun that way, but since you asked, I think you ought to add secure 'Feedback' and 'Recommend Us' modules. That's what I plan on doing...
Anyway, just an idea...  |
_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. |
|
 |
|
technocrat
|
| Posted:
Mon Dec 05, 2005 9:04 am |
|
Might find this helpful, as it should remove your loops. You can use it in a preg_match.
Code: //Email defines from bobocop at bobocop dot cz at http://us3.php.net/REGEXPi
define('REGEXP_EMAIL_ATOM','/[-a-z0-9!#$%&\'*+\/=?^_`{|}~]/i');
define('REGEXP_EMAIL_DOMAIN','/([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)/i');
define('REGEXP_EMAIL','/^'.REGEXP_EMAIL_ATOM.'+(\.'.REGEXP_EMAIL_ATOM.'+)*@('.REGEXP_EMAIL_DOMAIN.'{1,63}\.)+'.REGEXP_EMAIL_DOMAIN.'{2,63}$/i');
|
|
| |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Mon Dec 05, 2005 1:57 pm |
|
To VinDSL: Wouldn't using SMTP with authentification be a better approach ie using phpmailer so that several options were available. Rather then reinventing the mail() ? |
_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 |
|
|
|
|
VinDSL
|
| Posted:
Mon Dec 05, 2005 2:50 pm |
|
| sixonetonoffun wrote: | | To VinDSL: Wouldn't using SMTP with authentification be a better approach ie using phpmailer so that several options were available. Rather then reinventing the mail() ? |
Absolutely!
There's no reason to 'reinvent' the Feedback/Recommend Us modules, IMHO. It's simply a matter of validating the data to make sure the email address(es) conform to RFC 2822. The trick is to 'reinvent' the validator itself, so it recognizes new domains such as '.museum', et cetera.
The only *new* feature I added to the Feedback module was the ability to add info to the 'Subject' line. This, of course, requires that the data be checked for 'bad words', such as "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:", and so forth.
Anyway, like Raven said, the idea should be to take existing code, make it secure from header injections, and be easily updateable in the future, independent of whether or not any of us are still around to support these changes...  |
| |
|
|
|
|
wraith
Client
Joined: Sep 13, 2003
Posts: 6
|
| Posted:
Tue Dec 06, 2005 4:04 pm |
|
Ok heres my list, kinda late maybe.
1. NSN Groups
2. NSN Your Account
3. Calender
4. Sommaire Parametable Menu
5. Photo Gallery
6. SPAW
7. Shoutbox
8. IRC chat ( http://www.pjirc.com )
9. HTML Newsletter ( http://www.nukeworks.biz )
10. Autotheme light
atm those 2 at the top, nsn groups and your account are the most important/urgent ones for me, the 3rd and 4th are kinda important too, and the rest would be really nice to have.
//wraith
EDIT: added sommaire parametable menu
EDIT2: removed jpilot.com for pjirc.com which is free (if I'm wrong again I will delete no 8 ) |
Last edited by wraith on Fri Dec 09, 2005 6:17 am; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Tue Dec 06, 2005 4:23 pm |
|
#8 isn't open source if I remember right. I have installed it for a few clients and they have always had to purchase it. Or am I zoning again? |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
