nuke sentinel probs

New Member Joined: Dec 13, 2006 Posts: 6

hi guys, firstly thanks for any helo in advance, i am nearly pulling my hair out with this

i reinstalled my nuke package and everything is fine but when i try to access the forum admin section (by clicking on the admin control panel link i get the following errors

Notice: Undefined variable: aid in /home/martynje/public_html/includes/nukesentinel.php on line 131

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: op in /home/martynje/public_html/includes/nukesentinel.php on line 242

Notice: Undefined variable: name in /home/martynje/public_html/includes/nukesentinel.php on line 289

i think it has something to do with my main file although i cant be sure as i am a newbie to php stuff. if i try to remove the nukesentinel file form the includes directory it just throws up some other errors.

the thing is that this was all working and fine till yesterday then it all went mad.

any help would be appreciated, i would also pay to have this fixed.

regards

Martyn Jeffrey

Posted: Wed Dec 13, 2006 7:47 pm

You have error reporting (notices) turned on. What you are seeing is notice type errors and there are thousands of them scattered all over nuke. We are trying to eliminate them from RN 2.10 but even there some will probably sneak thru.

First place to check is config.php. There should be a line with this code in it:

$display_errors = FALSE; //This should only be used (set to TRUE) when testing locally and not in a production environment

If you have it set to TRUE then it explains your problems. Fix it and try again. If this isn't your problem then post again and we can look in mainfile. What we really need to do is suppress these errors.

Posted: Thu Dec 14, 2006 4:56 am

hello, thanks for your reply. i looked into my config php and their isnt a section called display errors, i am using nuke platinum from PNC and display errors are turned of in my admin section.

i do think it is something to do with my mai file though.

when i used the mainfile from the ravenscript package it let me into the forum admin but my admin.php and index.php pages went white with no text.

this would indicate that it is something in my current mainfile that is doing something strange.

Thanks

Martyn

registered · Posted: Thu Dec 14, 2006 6:52 am

The include path for nukesentinel does not sound like it was done right. Please post about 10 lines above and below within your mainfile.php where nukesentinel.php is included? Thx.

Posted: Thu Dec 14, 2006 9:41 am

hi, thanks for your reply, i their are a few occurences of the sentinel includes in the main file so i have zipped my main file up and you can donwload it here

thanks once again for the help

http://209.85.50.70/~martynje/images/mainfile.rar

Posted: Fri Dec 15, 2006 5:39 am

/************************************************************************/

if(stristr($_SERVER['REQUEST_URI'], ".php/")) {
header("Location: http://".$_SERVER['HTTP_HOST'].str_replace(".php/", ".php", $_SERVER['REQUEST_URI']));
}
define('NUKE_FILE', true);
define('BLOCK_FILE', true);
define('CORE_FILE', true);

if (file_exists("includes/custom_files/custom_mainfile.php")) {
include_once("includes/custom_files/custom_mainfile.php");
}
//sentinel add
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
if(!file_exists('includes/nukesentinel.php')) {
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}
}
if(!file_exists('includes/nukesentinel.php')) {
if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
$queryString = $_SERVER['QUERY_STRING'];
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
die('Illegal Operation');
}
}
}

$phpver = phpversion();

if ($phpver >= '4.0.4pl1') {
ob_start('ob_gzhandler');
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
}
}
}

Posted: Sat Dec 16, 2006 6:57 am

silverknowes, the code snipet you posted is not the section that is needed. However, I have taken a look at your mainfile.php and replace this code here:

Code:







if (defined('FORUM_ADMIN')) {


    require_once("../../../config.php");


    require_once("../../../db/db.php");


} elseif (defined('INSIDE_MOD')) {


    require_once("../../config.php");


    require_once("../../db/db.php");


} else {


    require_once("config.php");


    require_once("db/db.php");


    require_once("includes/sql_layer.php");


    $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);


}

with this code here:

Code:




if (defined('FORUM_ADMIN')) {


    require_once("../../../config.php");


    require_once("../../../db/db.php");


    require_once("../../../includes/nukesentinel.php");


} elseif (defined('INSIDE_MOD')) {


    require_once("../../config.php");


    require_once("../../db/db.php");


    require_once("../../includes/nukesentinel.php");


} else {


    require_once("config.php");


    require_once("db/db.php");


    require_once("includes/sql_layer.php");


    require_once("includes/nukesentinel.php");


    $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);


}

That will invoke NukeSentinel appropriately for your particular mainfile.php.

Sells PC To Pay For Divorce Joined: Posts: 5661

any chance the topic title can be changed?
cause...

Quote:

would appreciate some help

is bad for search results... Wink

Posted: Sat Dec 16, 2006 1:17 pm

I will give silverknowes the first attempt at that... Wink

Posted: Sat Dec 16, 2006 2:35 pm

thanks for the reply

ok when i did the code change the errors about sentinel stopped but their is still a white page with this line at the top of it

Notice: import_request_variables() [function.import-request-variables]: No prefix specified - possible security hazard in /home/martynje/public_html/mainfile.php on line 84

Martyn

P.S i have changed topic title.

Posted: Sat Dec 16, 2006 8:48 pm

I noticed that you are using Nuke Platinum. To be honest, I have no idea what patch level they are using or anything else for that matter. You may need to ask them?

Posted: Tue Dec 19, 2006 10:09 am

right guys

i have some more info.

when i remove the line if (!ini_get("register_globals")) {
import_request_variables('GPC');

from my mainfile.php i can then get to the forum admin page, but with this done the your account module and admin login dont work.

can anyone tell me why removing this line would solve my "white page forum admin" problem but would then cause login problems??

thanks

Martyn