Author |
Message |

Joined: Dec 03, 2005
Posts: 153
Mon Jul 24, 2006 3:15 pm |
Hi all
We have followed how to setup the CGIAuth setup, we have created the God Username and Password for the Admin and for the NukeSentinel Core Functionlity we have set up a separate username and password.
When we click on the CGIAuth Setup it gives us the following information that we copied and pasted into the .htaccess file
# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
<Files admin.php>
require valid-user
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/www/ourwebsitename/.staccess
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# ------------------------------------------
The login box (restricted by nukesentinel) appears asking for the username and password, we enter the username and password and after 3 attempts we are taken to a page with the following on
This server could not verify that you are authorized to access the URL "/admin.php". You either supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
We have checked the user name and password and they are correct.
Any help on this would be appreciated.
We cannot get httpauth thats why we are using the CGIAuth.
Many thanks
Scorp |
Site Admin

Joined: Jun 04, 2004
Posts: 6437
Mon Jul 24, 2006 8:28 pm |
Maybe it's a dumb question, but did you create the .staccess file? |
_________________ I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |

Tue Jul 25, 2006 1:58 am |
Hi Kguske
No its not a dumb question, We have a .staccess file in side is the following information:
Username:<<hash was removed by admin>>.
I have replaced the login name with username, or was that dumb to say, lol you have to laugh about it or you be jumping out the window, its like with this at the moment.
Many thanks
Scorp |
Site Admin

Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
Tue Jul 25, 2006 6:17 am |
Guys, I removed the hash from your post. It looked valid, kguske, just so you know.
I am just paranoid when it comes to anything remotely related to passwords, paths, etc. Depending on the password you gave it, this hash could be more easily cracked than you might think. Sorry, just paranoid... been reading too much lately...  |
_________________ Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |

Tue Jul 25, 2006 7:03 am |
Hi montego
The hash was the old one, since then we have tried 3 other passwords, lol
Any help would be great
Many thanks
Scorp |
The Mouse Is Extension Of Arm

Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
Tue Jul 25, 2006 10:34 am |
Have you verified that the path is valid to the .staccess?
save this to a text file and run it
$test= realpath('.staccess');
echo "$test";
That will show you the exact path to the .stacess but be sure to upload it to the SAME directory that your .staccess is in.
Its recomended that the .staccess also be in the same directory as index.php of your site so if you run, The .staccess should be in path/to/your/domain/nuke. But it does not need to be. Replace /home/www/ourwebsitename/.staccess with whatever that script outputs. |
_________________ For those who stand shall NEVER fall and those who fall shall RISE once more!! |

Tue Jul 25, 2006 11:45 am |
Yes the path is valid, we checked it a few times.
However, it will not recognise either the username or password that we have given for Nuke Sentinel in the setup/Configuration for NukeSentinel Core Functionality of Raven76.
Scorpious |

Tue Jul 25, 2006 12:38 pm |
Weird, Your positive its written in the correct place? and it all seems valid. Can you do me a favor and contact me via yahoo or msn? |

Tue Jul 25, 2006 2:55 pm |
Hi Darklord
PMed you on Yahoo but u never got back to me, scorpious_m was my user name
Scorp |

Tue Jul 25, 2006 3:00 pm |
My apologies but dealing with a server that I am feeling more or less left hangin in the wind with and this problem will not go away. |

Tue Jul 25, 2006 3:55 pm |
Ok just to fill everyone in here whats going on, I tried to remake.staccess, didnt help.
I verified pathname, didnt help.
I wrote in a working username and pass manually with encryption of course, didnt help.
I did more variations of the same thing, Only thing that has me curious if this could be a problem. In the path, there is his sites name like /home/www/
Could the .com make any problems like to verify its not a url sentinel strips it? |

Tue Jul 25, 2006 4:07 pm |
Depends on whether .com is in the root path. Usually, it's not, but is on some servers. Typically, that is the account name, rather than the domain, e.g.
/home/www/account/.staccess |

Tue Jul 25, 2006 4:45 pm |
Many thanks to all that has helped with this problem. Darklord, Thank you for your time and help
Its 23.46 umm time for bed
Scorp |

Tue Jul 25, 2006 5:06 pm |
kguske normally is correct, But I have never seen this and according to the function realpath, it displays a instead of username unless that is his username.
Any ideas on if it tests it? |

Thu Jul 27, 2006 3:40 am |
Hi All
Has we cannot get CGIAuth towork could this be a problem with the website Hoster??. Our website is for a little Clan and a module I wish to use is called SQuery, the new version has been patched due to a security hole in the code, however the new version requires the following:
php_flag register_globals Off
We was told in the SQuery forum the following:
the new files will read a 4.5c and it takes care of the secruity hole in php 5, also it locks down phpnuke and turns off globals
Could this affect the CGIAUth login? once installed.
Scorp |

Thu Jul 27, 2006 8:22 am |
It was either one of the later 2.4.2 plX patches or the latest 2.5.0 of NukeSentinel where I thought that I had saw notes about it fixed an issue for sites where register globals is turned off. However, CGIAuth, if your host allows it, should have worked just fine.
Yes, I would check if your host allows CGIAuth.
Also, had you by chance changed the NukeSentinel crypt salt field? One should be allowed to change this and re-generated the .staccess file, but I had problems with this in a previous release of NukeSentinel. (However, not 100% if it was MY issue vs. NS.) If you did, you might want to change it back to N$, regenerate and see if you can get it to work then (just a "shot in the dark"). |

Thu Jul 27, 2006 12:25 pm |
Hi Montego
No, the NukeSentinel crypt salt field is set at N$ and has not been changed, I have asked my provider about this and is awaiting a reply.
I have been in touch with my provider: this is what was said by ticket.
I am trying to activate CGIAuth in phpnuke, its another securty layer for the admin. We are unable to get this too work. Do you allow CGIAuth?
For your first question could you please provide us with some more information and explain if you get any particular error while trying to use the module or while installing it?
'Module, lol' <<< thats me when reading it.
Reply from Me:
Please find attached a txt file explaining CGIAuth setup, I copied and pasted the instructions into a text file and sent it too them.
I reasd that instruction but I could not quite understand your concern - can you please provide me with some more details about what exctly do you need in order for the NukeSentinel to run properly.
By the way - ther is something that you need to correct in the provided lines that go in the .htaccess:
# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
<Files admin.php>
require valid-user
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/www/xxxxxxxxxxxx/.staccess
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
Best Regards,
The lines above are exact as me and darkload had got.
my last reply was:
Do you allow this on the server as we can not get it to work, when we try to login to the admin section using the CGIAuth it does not allow us and stops us after 3 attempts, so, do you allow this, is there something stopping it from working on the serverside.
Phew!! lets see what they say
Reply from provider:
I have checked with our administrators and they reported that there should be no problem with using these functions in your .htaccess file.
Raven has e-mailed me, he is now having a look for us. Finger crossed.
Scorp |
Site Admin/Owner

Joined: Aug 27, 2002
Posts: 17088
Thu Jul 27, 2006 9:24 pm |
Just got involved with this and it is resolved. John, I also updated your NukeSentinel(tm) version to 2.5
For everyone's edification, you need to be aware that many hosts use alias' for the paths. realpath() will show the alias but for real access you have to know the real path (not the alias). The simplest way to verify what the host system uses/needs is to use their own control panel to password protedt a folder. Then just look at the .htaccess file to get the REAL path
In this case it was
and not
/home/www/USER_DOMAIN/.staccess |
Last edited by Raven on Fri Jul 28, 2006 8:18 am; edited 1 time in total |

Thu Jul 27, 2006 9:54 pm |
Glad to see this resolved and thank you for the lesson RAVEN.

Fri Jul 28, 2006 1:01 am |
Morning All
Its a lovely Morning here (UK) sun is out, blue sky, what a great start to the day. I am going to stick my head out the window and shout "MORNING ALL, RAVEN DID IT AGAIN", Umm better not just incase they come and take me away.
Many thanks to all that have helped and given advise over the past few days.
Raven we will be making a donation within the week.
NUMBER 1 Help and support
Right better have a shower then get too work.
Many thanks
Scorp |

Fri Jul 28, 2006 7:17 am |
Ditto that Raven! You Da Man!
Site Admin

Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
Fri Jul 28, 2006 11:47 am |
OK who was the smart Alec that woke me up this morning shouting out his bedroom window?
Sheesh, as if it isn't hard enough to sleep in this heat. Am I glad I'm moving to Germany! |

Fri Jul 28, 2006 7:07 pm |
Guardian2003 wrote: | OK who was the smart Alec that woke me up this morning shouting out his bedroom window?
Sheesh, as if it isn't hard enough to sleep in this heat. Am I glad I'm moving to Germany! | So how much more of a time zone difference will we now have? |

Sat Jul 29, 2006 1:29 am |
That will take me to about GMT +1 hour instead of GMT -1 hour (if my calculation is correct, it essentially brings me 2 hours closer to 'your' time). |

Sat Jul 29, 2006 12:04 pm |
I know your 1 hour ahead of the uk in Germany, just thought I pop that in, lol
West Midlands here Guardian, You ?
Scorp |