| Author |
Message |
tangoman
Involved
Joined: Aug 06, 2005
Posts: 301
|
 Posted:
Mon Aug 15, 2005 10:37 am |
|
I am running Nuke 7.6 with patch 3.0.
I note that in the Account 'Home Configuration' page, a registered user can create a customized Block that appears in the users home page.
The notation with this reads:
(Check this option and the following text will appear in the Home)
(You can use HTML code to put links, for example)
I thought users are not able to post HTML, (for security reasons).
Is this function limited to the HTML tags defined in the config.php file?
If so, should I worry?
I would like to give users the option to create their own Block with links.
Any advice appreciated. |
| |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Mon Aug 15, 2005 12:40 pm |
|
My advice is to test it to see what it is and how it works. I haven't used it myself and usually disable or delete the block. |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 12:43 pm |
|
I did originally delete the block Kevin...But that still leaves the option in the subscribers account 'Home Configuration' Page..... |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 1:04 pm |
|
This IS strange.
Although they are not allowed in my config.php file, I am able to use href HTML tages in the users customised menu block option.
I am assuming this is allowed because the code is only relivant and displayed on the posting users account. ...Correct? |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 1:12 pm |
|
That sounds correct.
I don't think the Home Configuration shows if you disallow it using CNB YA...do you see a trend here? |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 1:27 pm |
|
Errrrr.....Trend?....You mean that PHP-Nuke only works when someone has taken the trouble to rebuild whatever it is you are trying to use? |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 2:34 pm |
|
No. I mean that CNB YA resolves most of the problems with user accounts, registration.
Remember that PHP-Nuke is free. It and the support you are receiving are provided by volunteers with no warranty. A LOT of time has gone into both development and support. It's easy to knock services like your Yahoo hosting because you're paying for that, but not receiving good service. |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 2:39 pm |
|
Kevin, I have just finished the installation of CNB YA...Looks 'Fresh' and good in appearance.
I am now unable to use the main admin link because I had renamed it from admin.php to something else. How do I reconfigure the CNB YA link URL?
Also, I note that on the main admin panel, I am no loger able to see or administer the Blocks, Modules, or anything etc and the message 'Access Denied' is displayed above the content icon. |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 3:04 pm |
|
I can understand the issue with accessing CNB YA administration as it's really written for Nuke 7.5 and earlier where the admin file can't be renamed.
But I see no reason that you cannot access anything ELSE in admin (i.e. blocks, modules, etc.). |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 3:14 pm |
|
Did you make any changes to the mainfile specified in the install.txt ? |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 3:32 pm |
|
What should I change in mainfile.php ?
All I have done is added the following code at the end, (just before the final ?>
if ($forum_admin == 1) {
include("../../../modules/Your_Account/includes/mainfileend.php");
} elseif ($inside_mod == 1) {
include("../../modules/Your_Account/includes/mainfileend.php");
} else {
include("modules/Your_Account/includes/mainfileend.php");
}
In section 5. SECUTIRY, I could not see the correct directory modules/includes/constants.php on my sever, so no change has been made here yet...Thats where I am now at.
But I still cannot see or administer the blocks, modules or anything etc and the message 'Access Denied' is displayed above the content icon. |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 3:38 pm |
|
That change to the mainfile.php is the only change there.
Instead of "Open modules/includes/constants.php" the documentation should say "Open modules/Your_Account/includes/constants.php" |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 3:54 pm |
|
Kevin,
I have now updated the Security file with my site URL.
I am still continuing to have the previosuly mentioned problems on the 'regular' PHP nuke Admin Panel, (which is the page that was orignally displayed using admin.php after my domail URL, but which I have renamed for security).
In addition, Theonyl way I appear to be able to access the new CNB YA panel, is to type my website URL, followed by: modules.php?name=Your_Account&file=admin&op=UsersConfig
How are you supposed to go between the two admin pages easily and instead of having to type the new URL modules.php?name=Your_Account&file=admin&op=UsersConfig ?
Also, what is causing me to no longer see anything below the 10 'Modules Administration' displayed on the Administration Menu page? |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 4:14 pm |
|
Ok Kevin,
I fixed the main problem.
It was caused because I had previosuly renamed my admin.php file to increase security...Remeber now?!
So my problem now is that I do want to rename the admin.php file so what do I need to do once I rename it, to allow PHP-Nuke and CNB YA to run OK?
Bye the way, I now see that CNB YA is acccessible from the Main Admin panel and vice versa.
I guess that when I do rename the admin.php file, I can rename the URL that links the CNB YA panel to the Main Admin page....(That is, unless you advise me that I am not going to be able to rename the admin.php file). |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 4:29 pm |
|
Kevin,
In addition to the last message, as I previosuly explained to Raven, I have the User Info block visible to all users on my website. Because of this, when you view the user account log in module page, you see the log fields displayed in the User Info Block and the Moduletogether.
I want to keep things this way, but I do notice that the security code is different in appearence on both. Can I make the user info block security code look the same as the one in the module?
I do also believe that if I continue with the block being visible with the module, if I adjust the length of the security code in CNB YA, the length of the security code in the user info block will not be affected and will stay the same as it was. Am I correct? |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 7:22 pm |
|
There are 5 files that need to change for CNB YA to work with the renamed admin.php file Nuke 7.6.
In /blocks/block-Login.php,
replace:
Code: $content = "<center>"._ADMIN."<br>[ <a href=\"admin.php?op=logout\">"._LOGOUT."</a> ]</center>";
|
with
Code:// $content = "<center>"._ADMIN."<br>[ <a href=\"admin.php?op=logout\">"._LOGOUT."</a> ]</center>";
global $admin_file;
$content = "<center>"._ADMIN."<br>[ <a href=\"".$admin_file."?op=logout\">"._LOGOUT."</a> ]</center>";
|
In these files:
/modules/Your_Account/admin/case.php
/modules/Your_Account/admin/index.php
/modules/Your_Account/admin/links.php
Replace
Code:if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied."); }
|
with
Code://if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied."); }
global $admin_file;
if(!defined('ADMIN_FILE')) {
Header("Location: ../../".$admin_file.".php");
die();
}
|
In /modules/Your_Account/includes/cookiecheck.php
Replace:
Code:if ( (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) AND (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) ) {
|
with:
Code://if ( (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) AND (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) ) {
global $admin_file;
if(!defined('ADMIN_FILE')) {
|
|
Last edited by kguske on Mon Aug 15, 2005 8:20 pm; edited 1 time in total |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 7:57 pm |
|
Kevin,
I have changed the 5 files and ALMOST everything apears to be working OK.
Firstly, can you confirm that you did make a typo in the last post...
You wrote:
In these files:
/modules/Your_Account/admin/case.php
/modules/Your_Account/admin/index.php
/modules/Your_Account/admin/links.php
/modules/Your_Account/admin/
Replace
I think the last '/modules/Your_Account/admin/ ' was erronious....Correct?
Next, the reason I explain that ALMOSt everything is OK is because I have now lost the 'Edit Users' icon in the Administration Panel.
Finally please can you confirm if the 2 slashes at the begining of the following code are needed or not:
// $content = "<center>"._ADMIN."<br>[ <a href=\"admin.php?op=logout\">"._LOGOUT."</a> ]</center>";
global $admin_file;
$content = "<center>"._ADMIN."<br>[ <a href=\"".$admin_file."?op=logout\">"._LOGOUT."</a> ]</center>";
Some of the code you provided and that I often see has the 2 slashes and some does not...I do not know the significants of this or if I can eliminate them from any code that I post.
Thanks. |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 8:17 pm |
|
Yes, the last was an error.
Not sure what would cause the Edit Users icon not to appear.
The 2 slashes are how you comment out a line of PHP code. Basically, you're turning off the first line and adding the next 2 lines. |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 8:18 pm |
|
Kevin,
In addition to the last posting concerning the admin.php file renaming, I am now also not able to visit the 'My Account' link, which used to be at the following URL:
account.html
All I now get it the standard 'The page cannot be found', akin to what you get when you open up IE but have no internet connection. |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 8:24 pm |
|
My guess is that there is something wrong with the /modules/Your_Account/includes/cookiecheck.php file. Please email the current copy. |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 8:28 pm |
|
I think you are correct because I note that the icon that is missing has the url modules.php?name=Your_Account&op=gfxadminimage&cnbyaversion=4.4.2 and isnt being displayed.
Added to this is the fact that the 'Your Account' module isnt displaying and my limited knowlege tells me that these two are related....I'll PM you the code |
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 8:30 pm |
|
Never mind.. Change this:
Code://if ( (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) AND (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) ) {
global $admin_file;
if(!defined('ADMIN_FILE')) {
|
to this:
Code://if ( (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) AND (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) ) {
global $admin_file;
if(!defined('ADMIN_FILE') and (!eregi("modules.php", $_SERVER['SCRIPT_NAME']))) {
|
|
| |
|
|
|
|
kguske
|
| Posted:
Mon Aug 15, 2005 8:31 pm |
|
In the /modules/Your_Account/includes/cookiecheck.php file, that is... |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 8:34 pm |
|
OK Kevin...Was I correct in thinking the missing icon problem was related to the account.html file not displaying?
I think I was because your last set of code has rectified both problems!...You genius! |
| |
|
|
|
|
tangoman
|
| Posted:
Mon Aug 15, 2005 8:35 pm |
|
| kguske wrote: | | In the /modules/Your_Account/includes/cookiecheck.php file, that is... |
I guess that was the case....Al sorted! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
