Jump to content

mo418

Members
  • Content Count

    12
  • Joined

  • Last visited

    Never

Community Reputation

0 Neutral

About mo418

  • Rank
    Member

Profile Information

  • Gender
    Not Telling
  1. I installed rev 2.2.6 instead, and got no problem at all. I guess there is an issue with 2.2.7. I don't know why though! I think it is due to the php version. Thanks again for your help, I'll probably need more as my site grows!
  2. Here is what they say. ==IMPORTANT: AFTER INSTALLATION OR UPGRADE== DELETE update.php, update1_0.php, update1.x-2.0.php, update2_2_1.php, update2_2_2.php, update2_2_3.php,update2_2_4.php, update2_2_5.php,complete_update.php and install.php, they are a security risk When you talk of security holes, what kind of security problems could I encounter? Nothing important will be stored on that forum... And is there a difference between 0777 and 777? From my search, I think it is the same, one is octal, the other decimal. Am I right? I just want to be sure. Thanks again!
  3. Ok, finally 110mb problems solved. Everything is back on track. So I deleted evrything concerning myupb and I'm actually starting all over. Here is what I've done. 1-Redownloaded the zip files. 2-Uploaded the zip file to my web host account in a directory called forum. I directly extracted the zip in this folder. FYI, My website has an index.htm file with a few folders at the same level. One of these folder is my "forum" folder I referred to. 3- Here are the installation instruction for myupb website: == INSTALLATION== Upload all the files from upb2.2.7.zip or upb2.2.7.tar.gz CHMOD the root UPB directory to 0777 Execute the install.php Follow the directions in the installer 4-So, on my host, I need to change forum folder permission to 0777. Though, my host uses r-w-x config. I have 6 possible boxes to tick. I referred to the FAQ and from what I can understand, I need to tick r-w-x boxes for group only, and not user. (There is a converter in the FAQ section, there is an example with 777, telling that it'S a common permission. Is 0777 and 777 the same thing, because I do not get the same result in the converter. I'm stuck here at the moment. Is everything I'm doing alright for now? Thanks!
  4. ok! I kinda realized this while surfing to find another one lol I will be ready to pay if my site gets a little more serious and really work out! Thanks. Anyway I can't log to 110mb, so maybe there changing server to fix the actual bug.
  5. ok, there is a problem with 100mb web hosting. Box18 server is acting weird and I can't upload anything anymore. I think I will get a new host, to continue my website. What is the best free web hosting. I don't want the ending to be too complicated. Thanks for your help. Thanks in advance.
  6. I will redownload it, change permission as I discovered I have to do, and will try from scratch. I'll try to give feedback during the day! Hope it works!
  7. I found a file in forum/includes/inc/ called func.inc.php In it, I found this: function timezonelist($current=0, $timezone_field_string="u_timezone") { $timezones = array(); $timezones["-12"] = "(GMT -12:00) Eniwetok, Kwajalein"; $timezones["-11"] = "(GMT -11:00) Midway Island, Samoa"; $timezones["-10"] = "(GMT -10:00) Hawaii"; $timezones["-9"] = "(GMT -9:00) Alaska"; $timezones["-8"] = "(GMT -8:00) Pacific Time (US & Canada)"; $timezones["-7"] = "(GMT -7:00) Mountain Time (US & Canada)"; $timezones["-6"] = "(GMT -6:00) Central Time (US & Canada), Mexico City"; $timezones["-5"] = "(GMT -5:00) Eastern Time (US & Canada), Bogota, Lima"; $timezones["-4"] = "(GMT -4:00) Atlantic Time (Canada), Caracas, La Paz"; $timezones["-3"] = "(GMT -3:00) Brazil, Buenos Aires, Georgetown"; $timezones["-2"] = "(GMT -2:00) Mid-Atlantic"; $timezones["-1"] = "(GMT -1:00 hour) Azores, Cape Verde Islands"; $timezones["0"] = "(GMT) Western Europe Time, London, Lisbon, Casablanca"; $timezones["1"] = "(GMT +1:00) Brussels, Copenhagen, Madrid, Paris, Rome"; $timezones["2"] = "(GMT +2:00) Kaliningrad, South Africa"; $timezones["3"] = "(GMT +3:00) Baghdad, Riyadh, Moscow, St. Petersburg"; $timezones["3.5"] = "(GMT +3:30) Tehran"; $timezones["4"] = "(GMT +4:00) Abu Dhabi, Muscat, Baku, Tbilisi"; $timezones["4.5"] = "(GMT +4:30) Kabul"; $timezones["5"] = "(GMT +5:00) Ekaterinburg, Islamabad, Karachi, Tashkent"; $timezones["5.5"] = "(GMT +5:30) Bombay, Calcutta, Madras, New Delhi"; $timezones["6"] = "(GMT +6:00) Almaty, Dhaka, Colombo"; $timezones["7"] = "(GMT +7:00) Bangkok, Hanoi, Jakarta"; $timezones["8"] = "(GMT +8:00) Beijing, Perth, Singapore, Hong Kong"; $timezones["9"] = "(GMT +9:00) Tokyo, Seoul, Osaka, Sapporo, Yakutsk"; $timezones["9.5"] = "(GMT +9:30) Adelaide, Darwin"; $timezones["10"] = "(GMT +10:00) Eastern Australia, Guam, Vladivostok"; $timezones["11"] = "(GMT +11:00) Magadan, Solomon Islands, New Caledonia"; $timezones["12"] = "(GMT +12:00) Auckland, Wellington, Fiji, Kamchatka"; $output = "\n<select name='".$timezone_field_string."' id='u_timezone'>\n"; $set = (float) $current; //convert to a float for comparison with keys foreach ($timezones as $key => $places) { $diff = (float) $key; //set type to float to convert some array keys which are strings. $output .= "<option value='".(float)$diff."'"; if ($set == $diff) $output .= " selected='selected'"; $output .= ">$places</option>\n"; } $output .= "</select>\n"; return $output; This was just to let you know. From what I understand, I do not think it help at all since I don't see any link.
  8. I'm sorry guys to bug you with this. It's just, I really want a forum, do not want to us mySQL since it will cost me something and I build my website as a hobby, and frankly there is a lot to learn. Experienced people over forums are kind of my only possibility to get this working. I know this type of forum is shitty for you because I think it do not use secure Database management and can easily be hacked. But once again, it will be a simple forum, with no personnal infos. Someone hacking this would simply have WAY too much time to loose. If you feel I'm a desperate case, you don't have to help if I discourage you (which I think is the case) Sorry for my "Newbieness". I you decide to help me go through this, It would be more than appreciated! Thanks for your incredibly fast answers! Almost real time PS: I talk french so sorry for my English, I may make some mistakes
  9. I unzipped the myupb zip file. Couldn't find anything. From what I can read from the script, it is looking for this function, IF IT EXISTS. // This makes UPB's timezone functions obsolete (but we need them for backwards compadibility with PHP4) Should I delete this part of the script, concerning the timezone? Oh and I just notice on the myupb website Upload all the files from upb2.2.7.zip or upb2.2.7.tar.gz CHMOD the root UPB directory to 0777 Execute the install.php Follow the directions in the installer What is CHMOD....0777? http://sourceforge.net/projects/textmb/files/UPB/UPB%202.2.7/
  10. Ok, now I have access to my forum. I can't login though. When I try, I get Fatal error: Call to undefined function timezone_name_from_abbr() in /www/110mb.com/m/k/7/4/j/e/e/p/mk74jeep/htdocs/forum/includes/upb.initialize.php on line 124 I know there was a mistake for Americe/Montreal. I changed it to America/Montreal // PHP5.1.0 new timezone req's // This has to be here, because some date() functions are called before user is verified // This makes UPB's timezone functions obsolete (but we need them for backwards compadibility with PHP4) if(function_exists("date_default_timezone_set")) { $timezone = "America/Montreal"; if(isset($_COOKIE["timezone"]) && $_COOKIE["timezone"] != "") $timezone = timezone_name_from_abbr("", (int)$_COOKIE["timezone"]*3600, 0); date_default_timezone_set($timezone); } Thanks again!
  11. First of all, thanks for your quick replies! It's really appreciated. Here is the complete script. I now have Parse error: syntax error, unexpected T_STRING in /www/110mb.com/m/k/7/4/j/e/e/p/mk74jeep/htdocs/forum/includes/upb.initialize.php on line 198 FYI, I proceeded this way. I downloade a zip file from myupb website uncompressed it to a folder called "forum" on my host. On my website, I linked the word "forum" to the forum page of my website (mk74jeep.110mb.com/forum). I went through all the steps online adding /install after the forum adress line (example mk74jeep.110mb.com/forum/install). Is it normal to get some errors like this, since it's a "plug and play" code. I don't wanna get in a neverending loop and correct line after line. <?php function RemoveXSS($val) { $before_val = $val; // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java&#65533;script> // note that you have to handle splits with n, r, and t later since they *are* allowed in some inputs //echo "COMMA COUNT: ".substr_count($val,'x2C')."<br>"; $val = preg_replace('/([x00-x08x0b-x0cx0e-x19])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // &#x0040 @ search for the hex values $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // &#00064 @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are t, n, and r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(&#0{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; // TJH: Removing <x> insertion, this isn't actually needed to protect against XSS attacks // and it just creates headaches... $replacement = substr($ra[$i], 0, 2).''.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } $after_val = $val; // TJH: DEBUGING //$f = fopen(dirname( __FILE__ )."/../requestlog.log", "a"); //fwrite($f, "nbefore: "$before_val", after: "$after_val""); //fclose($f); return $val; } $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME']; if(basename($_SERVER['PHP_SELF']) == 'upb.initialize.php') die('This is a wrapper script!'); //Start session for all upb pages session_start(); //prevents some problems with IIS Servers if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'],1 ); if (isset($_SERVER['QUERY_STRING']) AND $_SERVER['QUERY_STRING'] != "") { $_SERVER['REQUEST_URI'] .= "?".$_SERVER['QUERY_STRING']; } } //php registered_global off //prevent exploits for users who have registered globals on foreach($GLOBALS["_GET"] as $varname => $varvalue) { if(isset($$varname)) unset($$varname); if (((strpos($varname, 'id') !== FALSE) || $varname == 'page') && (!ctype_digit($varvalue) && !empty($varvalue))) die('Possible XSS attack detected'); $_GET[$varname] = RemoveXSS($varvalue); } reset($GLOBALS["_GET"]); foreach($GLOBALS["_POST"] as $varname => $varvalue) { $_POST[$varname] = RemoveXSS($varvalue); if(isset($$varname)) unset($$varname); } reset($GLOBALS["_POST"]); //var_dump($GLOBALS["_POST"]); foreach($GLOBALS["_COOKIE"] as $varname => $varvalue) { if(isset($$varname)) unset($$varname); } reset($GLOBALS["_COOKIE"]); foreach($GLOBALS["_SERVER"] as $varname => $varvalue) { if(isset($$varname)) unset($$varname); } reset($GLOBALS["_SERVER"]); if(!empty($GLOBALS['_ENV'])) foreach($GLOBALS["_ENV"] as $varname => $varvalue) { if(isset($$varname)) unset($$varname); } reset($GLOBALS["_SERVER"]); foreach($GLOBALS["_FILES"] as $varname => $varvalue) { if(isset($$varname)) unset($$varname); } reset($GLOBALS["_FILES"]); if(!empty($GLOBALS['_ENV'])) { foreach($GLOBALS["_REQUEST"] as $varname => $varvalue) { if(isset($$varname)) unset($$varname); } reset($GLOBALS["_REQUEST"]); } // PHP5.1.0 new timezone req's // This has to be here, because some date() functions are called before user is verified // This makes UPB's timezone functions obsolete (but we need them for backwards compadibility with PHP4) if(function_exists("date_default_timezone_set")) { $timezone = "Americe/Montreal"; if(isset($_COOKIE["timezone"]) && $_COOKIE["timezone"] != "") $timezone = timezone_name_from_abbr("", (int)$_COOKIE["timezone"]*3600, 0); date_default_timezone_set($timezone); } require_once("./includes/inc/defines.inc.php"); require_once("./includes/class/error.class.php"); $errorHandler = &new errorhandler(); //set_error_handler(array(&$errorHandler, 'add_error')); error_reporting(E_ALL ^ E_NOTICE); //Verify that we're not using a ver. 1 database, otherwise prompt the admin to run the updater if (!file_exists("./db/main.tdb") && file_exists("./db/config2.php")) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Update Available:', str_replace('__MSG__', 'An update has not been run yet. Please follow the directions in the readme file to run it to continue.', ALERT_MSG)).MINIMAL_BODY_FOOTER); if (file_exists("config.php")) { require_once("config.php"); } //Verify that a database exists, otherwise prompt the admin to run the installer if (!defined('DB_DIR')) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', ALERT_GENERIC_TITLE, str_replace('__MSG__', 'The installer has not been run it. Please <a href="install.php">run this</a> to continue.', ALERT_MSG)).MINIMAL_BODY_FOOTER); if(!is_dir(DB_DIR)) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Fatal:', str_replace('__MSG__', 'The data directory is missing.', ALERT_MSG)).MINIMAL_BODY_FOOTER); if (UPB_VERSION != "2.2.7" && (FALSE === strpos($_SERVER['PHP_SELF'], 'update') && FALSE === strpos($_SERVER['PHP_SELF'], 'upgrade'))) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Update Available:', str_replace('__MSG__', 'An update has not been run yet. Please follow the directions in the readme file to run it to continue.', ALERT_MSG)).MINIMAL_BODY_FOOTER); //Check to see if User is banned if(file_exists(DB_DIR.'/banneduser.dat')) { $banned_addresses = explode("n", file_get_contents(DB_DIR.'/banneduser.dat')); if((isset($_COOKIE["user_env"]) && in_array($_COOKIE["user_env"], $banned_addresses)) || in_array($_SERVER['REMOTE_ADDR'], $banned_addresses)) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Notice:', str_replace('__MSG__', 'You have been banned from this bulletin board.<br>'.ALERT_GENERIC_MSG, ALERT_MSG)).MINIMAL_BODY_FOOTER); } require_once("./includes/class/tdb.class.php"); require_once("./includes/class/config.class.php"); require_once("./includes/class/func.class.php"); require_once('./includes/inc/post.inc.php'); require_once("./includes/inc/func.inc.php"); require_once("./includes/inc/date.inc.php"); require_once("./includes/inc/encode.inc.php"); require_once("./includes/inc/privmsg.inc.php"); //whos_online.php included at last line //installation precausion //globalize resource $tdb to prevent multiple occurances if(!file_exists(DB_DIR."/main.tdb")) { echo "File missing"; die(); } if(file_exists(DB_DIR."/main.tdb")) { $tdb = new functions(DB_DIR.'/', 'main.tdb'); //$tdb->define_error_handler(array(&$errorHandler, 'add_error')); $tdb->setFp('users', 'members'); $tdb->setFp('forums', 'forums'); $tdb->setFp('cats', 'categories'); $tdb->setFp('getpass', 'getpass'); $tdb->setFp("uploads", "uploads"); //UPB's main Vars $config_tdb = new configSettings(); $config_tdb->setFp("config", "config"); $config_tdb->setFp("ext_config", "ext_config"); $_CONFIG = $config_tdb->getVars("config"); $_REGISTER = $config_tdb->getVars("regist"); $_REGIST = &$_REGISTER; $_STATUS = $config_tdb->getVars("status"); //integrate into admin_config $_CONFIG["where_sep"] = "<b>></b>"; $_CONFIG["table_sep"] = "<b>::</b>"; define('SKIN_DIR', $_CONFIG['skin_dir'], true); if (!defined('DB_DIR')) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Fatal Error:', str_replace('__MSG__', 'The DB_DIR constant is undefined.<br>Please go to <a href="http://myupb.com/" target="_blank">MyUPB.com</a> for support.', ALERT_MSG)).MINIMAL_BODY_FOOTER); if (!is_array($_CONFIG)) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Fatal Error:', str_replace('__MSG__', 'Unable to correctly access UPB's configuration.<br>Please go to <a href="http://forum.myupb.com/" target="_blank">forum.myupb.com</a> for support.', ALERT_MSG)).MINIMAL_BODY_FOOTER); if (SKIN_DIR == '' || !defined('SKIN_DIR')) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Fatal Error:', str_replace('__MSG__', 'The SKIN_DIR constant is undefined.<br>This may be an indication UPB was unable to correctly access its configuration.<br>Please go to <a href="http://forum.myupb.com/" target="_blank">forum.myupb.com</a> for support.', ALERT_MSG)).MINIMAL_BODY_FOOTER); require_once('./includes/whos_online.php'); } ?> MANY MANY thanks once again! Best Regards, Edit: I'm not sure, but I think line 198 is this one if (SKIN_DIR == '' || !defined('SKIN_DIR')) die(MINIMAL_BODY_HEADER.str_replace('__TITLE__', 'Fatal Error:', str_replace('__MSG__', 'The SKIN_DIR constant is undefined.<br>This may be an indication UPB was unable to correctly access its configuration.<br>Please go to <a href="http://forum.myupb.com/" target="_blank">forum.myupb.com</a> for support.', ALERT_MSG)).MINIMAL_BODY_FOOTER);
  12. Hi All! I'm totally new to website design and do not know much about it. I installed a MYUPB forum on my website, but I got an error concerning timezone in the file upb.initialize.php on line 124. It was to Europe/London so I changed it to Americe/Montreal. (I'm in GMT-5) After this modification, I get this error when trying to access my forum. Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /www/110mb.com/m/k/7/4/j/e/e/p/mk74jeep/htdocs/forum/includes/upb.initialize.php on line 21 I tried to correct for any mistake but could not find any since I do not know much. I need your help please. Here is the file section. BTW, Is line 1 <?php ??? <?php function RemoveXSS($val) { $before_val = $val; // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <javaA533;script> // note that you have to handle splits with n, r, and t later since they *are* allowed in some inputs //echo "COMMA COUNT: ".substr_count($val,'x2C')."<br>"; $val = preg_replace('/([x00-x08x0b-x0cx0e-x19])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|''; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are t, n, and r Etc etc etc... Please, let me know what is wrong! My website location is mk74jeep.110mb.com/forum I have no problem starting all over again and reinstalling it, if someone feel like helping me step by step with this. This would be really appreciated. Thanks in advance!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.