| Author |
Message |
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
 Posted:
Wed Jan 12, 2005 7:48 pm |
|
I've just uploaded Chat's latest patches and when I go into Admin and try to do anything I get a plain white page with Access Denied top left corner.
I had edited admin.php here where required:
| Quote: |
// Uncomment the following block of code after editing the next line to match your site domain
$domainname = "www.minicitymag.com/nuke/html";
if ($_SERVER['SERVER_NAME'] != $domainname ) {
echo "Access denied";
die();
}
/************************************************************************/
|
Here's the original block:
| Quote: |
// Uncomment the following block of code after editing the next line to match your site domain
/*$domainname = "www.yourdomainname.com";
if ($_SERVER['SERVER_NAME'] != $domainname ) {
echo "Access denied";
die();
}*/
/************************************************************************/
|
If I leave the block commented I can get into Admin but not with it commented out and my domain name entered. Have I taken out something other than I should have? |
_________________
Classic Mini rules the bends & bends the rules!
[img] |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Jan 12, 2005 7:50 pm |
|
Have you tried
$domainname = "www.minicitymag.com";
instead of
$domainname = "www.minicitymag.com/nuke/html"; |
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 7:52 pm |
|
Yes I put that first and still got the access denied page Raven.
Thanks for the fast reply |
| |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 7:56 pm |
|
Save the following code and call it whatever you want. Then. upload it to your web server and execute it. Let's see what it showsCode:<?
echo $_SERVER['SERVER_NAME'];
die();
?>
|
|
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 7:58 pm |
|
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:01 pm |
|
minicitymag.com
so do I leave the www off the domain name? lol |
| |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 8:03 pm |
|
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:05 pm |
|
Yup that did it Raven I had to just put minicitymag.com and leave the www. off the front
Thanks Raven
I'm still getting html tags arent allowed when I try to change anything in preferences tho, so uploading the latest patches didnt resolve that mystery.
The error page that tells me the html tags are not allowed when I look at the page source it says
| Quote: |
<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href="javascr ipt:history.go(-1)"><b>Go Back</b></a> ]
|
and it's showing an image from my shop on the top, but the url in the searchbar says the site url and admin.php on the end.
Weird. |
| |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 8:13 pm |
|
Did you add the if (is_admin($admin)) logic like I suggested? |
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:17 pm |
|
No I had a look through the forums and couldn't find it Raven.
I didnt really know what I was looking for sorry.
Can you give me a link please? |
| |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 8:22 pm |
|
Do a search for ALL terms on
is_admin($admin) |
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:37 pm |
|
OK I found it in this thread
http://www.ravenphpscripts.com/posts3934-highlightisadmin.html+admin
edited my mainfile very carefully as instructed in that thread and got this error page
Parse error: parse error, unexpected $ in /home/minicity/public_html/nuke/html/mainfile.php on line 1153
Line 1153 is a blank line above the closing ?> |
Last edited by Muffin on Wed Jan 12, 2005 8:41 pm; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 8:40 pm |
|
Did you add the closing brace at the end? |
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:47 pm |
|
ermmm pass lol
Here's what my block of code looks like in my mainfile:
| Quote: |
if (!is_admin($admin)) {
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $var_name)) ||
(eregi("inside_mod", $var_name))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javasc ript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) |
should there be another ) on this line after the last 2?
[quote](eregi("\"", $secvalue)) || |
Last edited by Muffin on Wed Jan 12, 2005 8:51 pm; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 8:49 pm |
|
A couple of things wrong. Your code, before, looks something like thisCode:foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
|
You need to change it to thisCode:if (!is_admin($admin)) {
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
}
|
|
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:55 pm |
|
ok thanks for your patience Raven.
Why do I have extra lines in my code?
| Quote: | (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $var_name)) ||
(eregi("inside_mod", $var_name))) {
|
This is the latest patch mainfile so is that why? |
Last edited by Muffin on Wed Jan 12, 2005 8:58 pm; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 8:57 pm |
|
Mine is from 6.9 so those were probably added in the later releases/patches  |
| |
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 8:58 pm |
|
Oh I see, I was worried there for a moment lol
Thanks Raven, sorry for being a slow learner (its my age lol) |
| |
|
|
|
|
Raven
|
| Posted:
Wed Jan 12, 2005 9:00 pm |
|
|
|
|
|
Muffin
|
| Posted:
Wed Jan 12, 2005 9:08 pm |
|
Thank you Raven it works perfectly, and for your time, much appreciated.
xxxxx |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
