Author Topic: Mod changes after security fix  (Read 12618 times)

0 Members and 1 Guest are viewing this topic.

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Mod changes after security fix
« on: January 10, 2006, 09:34:22 PM »
I was using this mod

http://www.4homepages.de/forum/index.php?topic=4826.0

so visitors could use the lightbox.

I checked to see if the mod code was still in place per the link above and it was.

I haven't made many changes lately to 4images except for the security fixes posted by Jan and V@no. I was wondering if the security fix could of knocked out this mod somehow. If so, does anyone know of a fix?

Thanks

Offline JensF

  • Addicted member
  • ******
  • Posts: 1.028
    • View Profile
    • http://www.terraristik-galerie.de
Re: Mod changes after security fix
« Reply #1 on: January 10, 2006, 10:05:07 PM »
I have do the Fixes, too but the Lightbox Mod works now....
Mit freundlichem Gruß
Jens Funk



-> Sorry for my bad English <-

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #2 on: January 10, 2006, 11:16:51 PM »
JenSF,

Want to be sure I understand.....you made the security fixes and the lightbox was ok for the VISIORS even after the changes made with the security fixes.

I know the lightbox works when you log in as a member, but there is a mod (see my link in my post) so  GUESTS can use the lightbox. This mod does not work since I made the security changes.

Are you saying you have this mod in place and that it works fine, even after the security fixes???

Please clarify


Thanks

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Mod changes after security fix
« Reply #3 on: January 11, 2006, 12:58:47 AM »
Guys/girls, how many times I must repeat that saying "it doesnt work" - does not help us to help you. If you expect any help, please provide more details on what EXACTLY doesnt work, how do you check if it works or not, etc. Also, if possible, a link to the website could help ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #4 on: January 11, 2006, 01:31:15 AM »
Sorry V@NO

I have the mod installed that allows guests to use the lightbox. The mod is located here:


http://www.4homepages.de/forum/index.php?topic=4826.0

When I say it doesn't work, now when a guest clicks on the favorite button or light button, and you click the link to where the pictures are stored, it is empty. It did not save the pictures.

Prior to the security updates, this mod worked. After the secuity updates, the mod for visitors does not work. If something caused it not to function, then I don't know what it is.

Here is the link to the site:

http://www.filipinaeyes.com/4images

thanks





Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Mod changes after security fix
« Reply #5 on: January 11, 2006, 03:11:07 AM »
Please note, images stay "marked" as they already in the favorities after page refresh (or in category view).
So, the images being added into favorities without problem. Something is wrong in lightbox.php. My guess would be you did wrong step 2.1, probably you added the code below instead of above the needed line...

P.S. the fixes could not affect your favorities feature. (unless applyed wrongly ;))
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #6 on: January 11, 2006, 02:18:11 PM »
Hey V@no

Thanks for the quick response.

Here is what I did. I used a fresh copy of lightbox.php (I kept a copyl of 4images without any changes) and made the changes to the lightbox.php per the mod instructions (2.1 area).

Now when I save an image as a favorite, it stores the image however when I go to delete the images from the lightbox, I get the following error:

Code: [Select]
DB Error: Bad SQL Query: SELECT COUNT(image_id) AS images FROM 4images_images WHERE image_active = 1 AND image_id IN (s:19:\"1642, 1181, 1651, 1652\";) AND cat_id IN (0, 51, 53, 50, 45, 40, 8, 34, 7, 54, 2, 3, 4, 5, 6, 48)
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ':19:\"1642, 1181, 1651, 1652\";) AND cat_id IN (0, 51, 53, 50,


And of course it does not delete the images.

It seems we fixed the problem with storing the images in the lightbox, but now when I go to delete the images get the above error.

Any ideas????

Thanks V@no for your support.

Steve

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Mod changes after security fix
« Reply #7 on: January 11, 2006, 03:07:59 PM »
Here is what I did. I used a fresh copy of lightbox.php (I kept a copyl of 4images without any changes) and made the changes to the lightbox.php per the mod instructions (2.1 area).
If you used a fresh lightbox.php then you'll need do the entire Step 2.x not just 2.1
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #8 on: January 11, 2006, 03:58:34 PM »
oops V@no, my mistake....I did do the entire step 2...I just wan't being careful when I wrote my response.

Any idea what is causing the error?


thanks


p.s. I also went back and double checked if I did the fixes correctly and I did.

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #9 on: January 12, 2006, 01:29:02 AM »
Any help....thanks

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Mod changes after security fix
« Reply #10 on: January 12, 2006, 03:05:49 AM »
1) if you are saying you've installed this mod correctly, then why do I get "no permission" message when trying access favorities?
2) uninstall the security fixes and see if it fix the problem. otherwise my guess would be you didnt install this mod properly
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #11 on: January 12, 2006, 03:30:11 AM »
Sorry V@no...

I guess when we are not on the same page, it makes things tough.

Since I was getting errors with the MOD...first error was the images were not being saved and 2nd error was the data base error I put in the above post.....I installed the original lightbox.php until I could find a solution to the errors I outlined above.

If I would of kept the changed lilghtbox.php with the mod changes and errors, customers would of complained so I had to do something. I kept a backup of the lightbox.php with the mod changes. I was hoping the DB error above would give you a clue of what the problem was.

I have done all the things you suggested....to no avail.

Again, sorry, but I'm sure you understand why I would have to put the original lightbox.php in place and not leave the one that was giving me errors in place .. not knnowing if  anyone would get a chance to look at it or how long. I was hoping that by supply the DB error when the lightbox.pph with the  mod was in place would help with a solution.

Want to give it a shot of why I get the DB error when I have the mod in place? If you want me to put it back I will, but customers keep emailing me what is wrong when it is in place.

Thanks

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: Mod changes after security fix
« Reply #12 on: January 12, 2006, 03:45:24 AM »
Oh, well, that make sence ;)
Here is what you can do.
Install lightbox for guests mod (from scratch, make sure you removed this block of code if installed), then in global.php below
Code: [Select]
$site_db = new Db($db_host, $db_user, $db_password, $db_name);insert:
Code: [Select]
$allowip = array(
  "xx.xx.xx.xx",
  "65.35.35.155",
);
if (!in_array($_SERVER['REMOTE_ADDR'], $allowip))
{
  $site_db->no_error = 1;
}
Replace xx.xx.xx.xx with your own IP (65.35.35.155 is my ip ;))
This will privent showing ANY database error messages to visitors not from these IPs.

And please zip your sessions.php and lightbox.php (modifyed) and attach to your reply :)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline steveeyes

  • Full Member
  • ***
  • Posts: 177
    • View Profile
Re: Mod changes after security fix
« Reply #13 on: January 12, 2006, 03:23:58 PM »
Thanks V@no I appreciate your help.