Big Admin Memberlist problem.: PHPFusion 6 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Hi to all

First sorry for my English. it's not my language.

I've updated one of my PHPFusion sites from version 6.00.307 to version 6.01.6
Now I can't get into de memberlist in the Admin arrea. When I try, it brings me to the index.
The same when I try to go into the Submisions.

I've lookt into the files an think I've found the possible problem.

Code Download source

if (!checkrights("SU") || !defined("iAUTH") || $aid != iAUTH) fallback("../index.php");

I want to know if it's a problem or somthing like that when I remove the red stuff?

Code Download source


if (!checkrights("SU")[color=red] || !defined("iAUTH") || $aid != iAUTH) [/color]fallback("../index.php");

Can anyone tell me please what is going on?

0 replies

Well yes, it is there for security reasons. to make it even harder to access the page or alike, (for those that shouldnt have access)

0 replies

Ok I get it.

But I'm Superadmin and can't get access to the Admin / memberslist and the Submissions.
Do I missing somthing or is something else wrong?

Seems to me the SuperAdmin must have access at all times to those pages.

Can anyone give me some advice and tell me what I must do?

Edited by J_Bear on 23-11-2006 16:05, 18 y

0 replies

the url u r clicking on to take u to the memberslist or submission page ... check to see if its as follows,

http://www.YOURDOMAIN.com/admin/members.php?aid=adslfkjadf45r4325

its the last part, the aid=adslfkjadf45r4325 that is important, its what allows the php script to know that you are authorized (its what the red part in ur post above checks before allowing access). from the old fusion versions the aid (authorization id) is new so u have to make sure that its been used to access anything in the admin panel!

Adnan.

0 replies

Acctualy, The aid link is your user password placed into a string with the numbers 16 and 32. Its almost impossible to crack.

0 replies

So if I understand correctly, this string is almost impossible to crack, but for me as the SuperAdmin it's impossible to access that page because somewhere that code doesn't work correct on my site.

So I believe the security is killing the website. How is this possible.

Is there anyone who can give me THE solution!!!

0 replies

so u r going to the user admin panel, clicking on members and its not letting u in, is that right?

did u check that ur members.php file in the admin folder was properly uploaded? maybe just upload it again overwriting it to make sure its up to date.

also make sure ur maincore.php is upto date ... its from there that the code is set, so even if its being called properly and all but if the function is missin it won't work.

lastly, check again the url there's got to be the aid=adfaldf2525qqfa there!

Adnan.

0 replies

I'm sure the files are ok. The original files from version 6.01.6

I don't see somthing like "aid=adfaldf2525qqfa"

Not when I click the memberlist-button and not in the 'URL-box' of the browser.

At the moment I'm almost loosing my mind :o

0 replies

can you post ur index.php from the administration folder?

0 replies

This is my index from the Admin folder.

Code Download source

<?php
/*---------------------------------------------------+
| PHPFusion 6 Content Management System
+----------------------------------------------------+
| Copyright © 2002 - 2006 Nick Jones
| http://www.php-fusion.co.uk/
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
require_once "../maincore.php";
require_once BASEDIR."subheader.php";
require_once ADMIN."navigation.php";

if (!iADMIN || $userdata['user_rights'] == "" || !defined("iAUTH") || $aid != iAUTH) fallback("../index.php");
if (!isset($pagenum) || !isNum($pagenum)) $pagenum = 1;

$admin_images = true;

// Work out which tab is the active default
if ($page1) { $default = 1; }
elseif ($page2) { $default = 2; }
elseif ($page3) { $default = 3; }
elseif ($page4) { $default = 4; }
else { fallback("../index.php"); }

// Ensure the admin is allowed to access the selected page
$pageon = true;
if ($pagenum == 1 && !$page1) $pageon = false;
if ($pagenum == 2 && !$page2) $pageon = false;
if ($pagenum == 3 && !$page3) $pageon = false;
if ($pagenum == 4 && !$page4) $pageon = false;
if ($pageon == false) redirect("index.php".$aidlink."&pagenum=$default");

// Display admin panels & pages
opentable($locale['200']." - v".$settings['version']);
echo "<table align='center' cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n<tr>\n";
if ($page1) {
   echo "<td align='center' width='25%' class='".($pagenum == 1 ? "tbl1" : "tbl2")."'><span class='small'>\n";
   echo ($pagenum == 1 ? "<b>".$locale['ac01']."</b>" : "<a href='index.php".$aidlink."&pagenum=1'>".$locale['ac01']."</a>")."</span></td>\n";
}
if ($page2) {
   echo "<td align='center' width='25%' class='".($pagenum == 2 ? "tbl1" : "tbl2")."'><span class='small'>\n";
   echo ($pagenum == 2 ? "<b>".$locale['ac02']."</b>" : "<a href='index.php".$aidlink."&pagenum=2'>".$locale['ac02']."</a>")."</span></td>\n";
}
if ($page3) {
   echo "<td align='center' width='25%' class='".($pagenum == 3 ? "tbl1" : "tbl2")."'><span class='small'>\n";
   echo ($pagenum == 3 ? "<b>".$locale['ac03']."</b>" : "<a href='index.php".$aidlink."&pagenum=3'>".$locale['ac03']."</a>")."</span></td>\n";
}
if ($page4) {
   echo "<td align='center' width='25%' class='".($pagenum == 4 ? "tbl1" : "tbl2")."'><span class='small'>\n";
   echo ($pagenum == 4 ? "<b>".$locale['ac04']."</b>" : "<a href='index.php".$aidlink."&pagenum=4'>".$locale['ac04']."</a>")."</span></td>\n";
}
echo "</tr>
<tr>
<td colspan='4' class='tbl1'>\n";
$result = dbquery("SELECT * FROM ".$db_prefix."admin WHERE admin_page='$pagenum' ORDER BY admin_title");
$rows = dbrows($result);
if ($rows != 0) {
   $counter = 0; $columns = 4;
   $align = $admin_images ? "center" : "left";
   echo "<table cellpadding='0' cellspacing='0' width='100%'>\n<tr>\n";
   while ($data = dbarray($result)) {
      if (checkrights($data['admin_rights']) && $data['admin_link'] != "reserved") {
         if ($counter != 0 && ($counter % $columns == 0)) echo "</tr>\n<tr>\n";
         echo "<td align='$align' width='25%' class='tbl'>";
         if ($admin_images) {
            echo "<span class='small'><a href='".$data['admin_link'].$aidlink."'><img src='".ADMIN."images/".$data['admin_image']."' alt='".$data['admin_title']."' style='border:0px;'><br>\n".$data['admin_title']."</a></span>";
         } else {
            echo "<span class='small'><img src='".THEME."images/bullet.gif' alt=''> <a href='".$data['admin_link'].$aidlink."'>".$data['admin_title']."</a></span>";
         }
         echo "</td>\n";
         $counter++;
      }
   }
   echo "</tr>\n</table>\n";
} else {
   echo "<center><br>\n".$locale['401']."<br><br>\n</center>\n";
}
echo "</td>\n</tr>\n</table>\n";
closetable();
tablebreak();
opentable($locale['250']);
echo "<table align='center' cellpadding='0' cellspacing='0' width='100%'>\n<tr>\n<td valign='top' width='33%' class='small'>
".$locale['251']." ".dbcount("(user_id)", "users", "user_status<='1'")."<br>
".$locale['252']." ".dbcount("(user_id)", "users", "user_status='2'")."<br>
".$locale['253']." ".dbcount("(user_id)", "users", "user_status='1'")."
</td>
<td valign='top' width='33%' class='small'>
".$locale['254']." ".dbcount("(submit_id)", "submissions", "submit_type='n'")."<br>
".$locale['255']." ".dbcount("(submit_id)", "submissions", "submit_type='a'")."<br>
".$locale['256']." ".dbcount("(submit_id)", "submissions", "submit_type='l'")."<br>
".$locale['260']." ".dbcount("(submit_id)", "submissions", "submit_type='p'")."
<td valign='top' width='33%' class='small'>
".$locale['257']." ".dbcount("(comment_id)", "comments")."<br>
".$locale['258']." ".dbcount("(shout_id)", "shoutbox")."<br>
".$locale['259']." ".dbcount("(post_id)", "posts")."<br>
".$locale['261']." ".dbcount("(photo_id)", "photos")."
</td>\n</tr>\n</table>\n";
closetable();

echo "</td>\n";
require_once BASEDIR."footer.php";
?>

0 replies

ur index file looks fine too ... the only other option i can think of are your rights, they might have gotten mixed up.

first to be sure that its the rights, before we go changing anything, preview this in a custom page,

Code Download source

if (!checkrights("M")) {
echo "You do NOT have the rights, proceed to the next set of code to preview in a custom page.";
} else {
echo "You do have the proper rights, the error lies elsewhere.  Do NOT preview the next piece of code.";
}

if previewing the above code it says that you don't have the proper rights, preview this code in a custom page,

Code Download source

<?php
$result = dbquery("UPDATE ".$db_prefix."users SET user_rights='A.AC.AD.B.C.CP.DB.DC.D.FQ.F.IM.I.IP.M.N.NC.P.PH.PI.PO.S.SL.S1.S2.S3.S4.S5.S6.S7.SU.UG.U.W.WC' WHERE user_id='1'");
?>

this will put back all the rights for user #1, the default SUPERADMIN, as they were supposed to be during setup. Check with the first code if it fixed it or not.

Adnan.

0 replies

That might just work Reflectectoman (Adnan)

0 replies

Hi Adnan,
That didn't work for me

For what I know now, there are more Admin-pages I can't view.

At the [System Admin] the page Database Backup
At the [User Admin] the pages Members and Submissions
At the [Content Admin] the pages News and Photo Albums

And now the frontpage is screwed up.
The right site of the screen in now under de middle. :o
For me total dissaster

for a view; http://testcentrum.berenpaleis.nl/news.php

Edited by J_Bear on 24-11-2006 11:36, 18 y

0 replies

This is most likely caused by some v.6.00.3x files still remaining on your server. Try reuploading all the v.6.01.6 files again, make sure all are replaced (do NOT replace "config.php"

.
Do the CHMOD afterwards.

Edited by Sveinungs on 24-11-2006 12:04, 18 y

0 replies

I've uploaded all the files again but no changes...

still screwed up and no access
to the [System Admin] the page Database Backup
to the [User Admin] the pages Members and Submissions
to the [Content Admin] the pages News and Photo Albums

0 replies

Hmm, try to disable all your panels that do not come stocked with PHPFusion (like the Online stats panel and the flash clock) - so you know that it's not an infusion that's causing the trouble?

0 replies

Still no change

I'm wondering if, should I delete all files from this testsite and reinstall it all over again, I can re-use the back-up file from the old version (6.00.307) in the new version (6.01.6) to fill the new database. This is because I have other websites that will need this new version and I don't want to loose all the data!

Thank you again.

0 replies

if you are gonna use the back up DB from v.307 then it won't be working on an installation for v.01.6 ... you need to reinstall it as v.307 and then follow the procedure that Digi wrote in the threads and news post to successfully upgrade it to the new version sequentially. Check the downloads, you may be able to skip a few versions at once, but u need to follow that order or else u'll end up missing a important upgrade again!

Adnan.

0 replies

nevermind, there is an upgrade from .307 to .01.6 ... but make sure u follow the procedures ... and again if ur using a DB from .307 u need reinstall .307, use the backup file, then upgrade it.

0 replies

I put the whole site back on version 6.00.307, all the files and the database. Then I updated exactly following the guidelines to version 6.01.6 and again I don't get SuperAdmin-access to admin memberlist, admin news, adminsubmissions and database-backup. So updating from 6.00.307 to 6.01.6 simple doesn't work for me. Is there anyone that can help me with another solution?

------------------------------------------

Problem solved.

Someone has tried to hack the website. Made my database useless.

Edited by J_Bear on 30-11-2006 12:20, 18 y

0 replies

Category Forum

Bugs and Errors - 6

Labels

None yet

Statistics

Views 0 views
Posts 19 posts
Votes 0 votes
Topic users 5 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Big Admin Memberlist problem.

19 posts

PHPFusion

Resources

Community

Development