|
|
|
phpBB2 by Przemo
Support forów phpBB2 modified by Przemo
|
|
|
|
login.php and config.php |
| Autor |
Wiadomość |
spacegoose
Posty: 22
|
 Wysłany: 17-03-2007, 15:14 login.php and config.php
|
|
|
What does this code from login.php do:
$config_content = @file_get_contents($phpbb_root_path . 'config.'.$phpEx);
if ( strpos($config_content, 'dbuser') && (substr($config_content, 0, 5) != '<?php' || substr($config_content, -2) != '?>') )
{
print('• You have <u>damaged</u>: <b>config.'.$phpEx.'</b> file !<br />• File must begin with: <b><?php</b> and finish with <b>?></b> with any other chars (spaces, tabs or new line) before <?php and after ?><br />• You must correct the file !<br />• Remember <u>it is not mistake</u>, if your text editor can not see this space, tab or new line, use other editor with operating multi (CR/LF) format or create new file with clean content.<br />• Forum will not work correctly with damaged config.php file.<hr /><br />');
}
I had to remove it for my upgrade install from 1.8 to 1.12.5 to work normally ... have I lost any security? This code might be a problem - perhaps it should be looked into? It complained about my config.php file - when there was nothing wrong with it.
Thanks,
sg |
|
 |
|
 |
Gadatliwa Kasia 
|
|
|
|
|
chelloPL
Pomógł: 413 razy
Posty: 2544
|
| Wysłany: 20-03-2007, 23:07
|
|
|
spacegoose, this code is required.
If you got an (above) error, remove any trailing characters (including spaces and new lines) from config.php.
If you can't edit it with your editor, use dbloader to generate and replace config.php
dbloader you can find at http://your_forum_address/dbloader/dbloader.php
If this file will be damaged (incorrect), no one will login (because cookies will not be send to the browser). You have to fix this. |
|
 |
|
|
spacegoose
Posty: 22
|
| Wysłany: 21-03-2007, 03:23 thanks - still having problem
|
|
|
i removed just the OR from the code:
|| substr($config_content, -2) != '?>'
and the error went away - so it doesn't like the end of the file? when i echo substr($config_content,
it prints only prints > with no ? before ... what does this mean?
i tried dbloader but could not understand it (cant' understand the polish language).
however - it seems to report config.php is ok -
config.php
istnieje Ok
rozmiar poprawny Ok
also - if i remove this check - it seems to work, i can post, etc. are you sure it will break cookies?
!!!
actually there seems to be an invisible space after the ending >
but i can't see it - when i echo substr($config_content, -2) it's '> ' (single quotes to indicate trailing space).
how can i get rid of? why does it pass dbloader test? could the space be coming from outside the file? anything to do with magic quotes? or other php stuff?
thanks again
sg |
|
|
|
|
|
chelloPL
Pomógł: 413 razy
Posty: 2544
|
| Wysłany: 21-03-2007, 22:06
|
|
|
| spacegoose napisał/a: | | it prints only prints > with no ? before ... what does this mean? |
It mean, that 2 last chars is ">" and a whitespace char (which is not printable, eg. space, new line or EOF char).
| spacegoose napisał/a: | | i tried dbloader but could not understand it (cant' understand the polish language). |
Oh god... sorry - I didn't know dbloader is only in polish.
English version of dbloader (dumploader) is here: http://www.przemo.org/php...pic.php?t=24841
Open again: http://your_forum_address...mode=makeconfig
Click: "Generuj" (generate) - it virtually creates config file
Click: "Ściągnij plik" (download file) - save your config.php file and override existing file on server.
OR
save the following file into main forum directory:
| Kod: | <?php
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
// Start session management
$userdata = session_pagestart($user_ip, PAGE_PROFILE);
init_userprefs($userdata);
// End session management
if ($userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, $lang['Not_Authorised']);
}
function make_download($dbms, $dbhost, $dbname, $dbuser, $dbpasswd, $table_prefix)
{
$config_file = '<?php' . "\n\n";
$config_file .= '//' . "\n";
$config_file .= '// phpBB 2.x auto-generated config file' . "\n";
$config_file .= '// Do not change anything in this file!' . "\n";
$config_file .= '//' . "\n\n";
$config_file .= '$dbms = \'' . $dbms . '\';' . "\n\n";
$config_file .= '$dbhost = \'' . $dbhost . '\';' . "\n";
$config_file .= '$dbname = \'' . $dbname . '\';' . "\n";
$config_file .= '$dbuser = \'' . $dbuser . '\';' . "\n";
$config_file .= '$dbpasswd = \'' . $dbpasswd . '\';' . "\n\n";
$config_file .= '$table_prefix = \'' . $table_prefix . '\';' . "\n\n";
$config_file .= 'define(\'PHPBB_INSTALLED\', true);' . "\n\n";
$config_file .= '?>';//<?
return $config_file;
}
include $phpbb_root_path . 'config.' . $phpEx;
header('Pragma: no-cache');
header('Content-Type: text/x-delimtext; name="config.php"');
header('Content-disposition: attachment; filename=config.php');
echo make_download($dbms, $dbhost, $dbname, $dbuser, $dbpasswd, $table_prefix);
exit;
?> |
and run it from your browser. Then save fixed config.php file and upload it via FTP to server.
After all, delete above code from server.
| spacegoose napisał/a: | | are you sure it will break cookies? |
Yes, I'm sure. config.php is included in every page. When it contains white character (at the beginning or at the end of file) this white char is send to the browser. Next script will try to send headers (using header() function). This function detects that page content was already send, and will not sent headers (eg. cookies).
It is quite complicated to explain.
| spacegoose napisał/a: | however - it seems to report config.php is ok -
config.php
istnieje Ok
rozmiar poprawny Ok |
Yes, dbloader checks only if file exists ("istnieje") and have correct size ("rozmiar poprawny"). But it doesn't check if file contains any leading or trailing white chars. I will suggest the author to add this check and to translate it also to english  |
|
|
|
|
|
spacegoose
Posty: 22
|
| Wysłany: 22-03-2007, 17:39
|
|
|
thanks - your script to generate the config.php worked! at first it did not.
also - the english dbloader would not work for me ... could not find libraries like pear, etc.
no probs now - phpbb seems to work (with unmodified login.php) - and i can prepare to upgrade the production machine.
thanks again,
spacegoose.
ps. when i removed the || or to check ?> - it worked too - i got no header already sent errors ... |
|
|
|
|
|
|
|
Nie możesz pisać nowych tematów
Nie możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Możesz załączać pliki na tym forum
Możesz ściągać załączniki na tym forum
|
Dodaj temat do Ulubionych
Wersja do druku
|
Kopiowanie wszelkich treści zawartych na forum, modyfikacji oraz instrukcji bez zgody administracji i autorów tematów/postów zabronione!
Powered by phpBB modified by Przemo © 2003 phpBB
| | Strona wygenerowana w 0,06 sekundy. Zapytań do SQL: 11 |
|
 |
|
FAQ - PIERWSZA POMOC!!
REGULAMIN
SZUKAJ
Użytkownicy
Grupy
Statystyki
Rejestracja
Zaloguj
Download
Katalog Forów
