|
|
Joined: May 2001
Posts: 55
Member
|
|
Member
Joined: May 2001
Posts: 55 |
but how do you prevent non members from uploading? this is a big security breach.
someone help me out, I will gladly donate to this forum
thanks
scott
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Hey Scott, non members shouldn't be able to upload, do you have a link so I can test it?
|
|
|
|
|
Joined: Nov 2001
Posts: 1,704
Moderator / Da Masta
|
|
Moderator / Da Masta
Joined: Nov 2001
Posts: 1,704 |
Somewhere in ubb_upload.cgi, check to see if $user_name and $password exist; if they don't, they're unregistered.  Send them off to the "Not logged in" Wordlet via StandardHTML to remind them, though. Untested, but it's not too hard to get working
|
|
|
|
|
Joined: May 2001
Posts: 55
Member
|
|
Member
Joined: May 2001
Posts: 55 |
hows this: quote: #check for password... if (($username eq '') && ($topic_restrict ne 'all') && ($vars_display{RequireLoginPosts} eq "YES")) { &StandardHTML(qq!$vars_wordlets_err{not_logged_in} $vars_wordlets{not_logged_in}!); } but where does it go? i tried a few places and it would bring me to login page even though I WAS logged in ???
|
|
|
|
|
Joined: Nov 2001
Posts: 1,704
Moderator / Da Masta
|
|
Moderator / Da Masta
Joined: Nov 2001
Posts: 1,704 |
Wait a minute... At the very top of ubb_upload_form.cgi, the following code exists: if ($username eq '') {
&StandardHTML(qq!$vars_wordlets_err{not_logged_in}
<A HREF="$vars_config{CGIURL}/ultimatebb.cgi?ubb=login">$vars_wordlets{login_now}</A> $vars_wordlets{or} <a href="$vars_config{CGIURL}/ultimatebb.cgi?ubb=agree">$vars_wordlets{register_title}</a>!);
}That should stop unregistered users in their tracks. I don't understand how that doesn't work on your UBB, unless you've been modifying the contents of $username after it's been set or something...
|
|
|
|
|
Joined: May 2001
Posts: 55
Member
|
|
Member
Joined: May 2001
Posts: 55 |
i see that, all I modified was the filename portion in ubb_upload.cgi that I mentioned above. I have the correct radio button "dont allowed...unregistered" Is it only my UBB that has this problem? http://autostream.com/forum
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
hmmm.. you allow unregistered posting, that may be the problem.
|
|
|
|
|
Joined: May 2001
Posts: 55
Member
|
|
Member
Joined: May 2001
Posts: 55 |
umm, only in one forum and only for replies, not new thread. But I changed that to require logging to post and the upload hack still uploads for guests...
but I put the above code in upp_upload.cgi
and it prevented uploading however it prevented uploading even while logged in too...so I am thinking I dont have the code in the right spot or the wrong code....????
|
|
|
|
|
Joined: May 2001
Posts: 55
Member
|
|
Member
Joined: May 2001
Posts: 55 |
well i added a stand alone button to the forum that opens the upload window.
So where do I need to place 'that' code to prevent that window from displaying the upload box??
|
|
|
|
|
Joined: May 2001
Posts: 55
Member
|
|
Member
Joined: May 2001
Posts: 55 |
quote: # make sure we have someone logged in - unless unreg users allowed if ((!$username) && ($reply_restrict ne 'all') && ($vars_display{RequireLoginPosts} eq "YES")) { &StandardHTML(qq!$vars_wordlets_err{not_logged_in} $vars_wordlets{login_now} $vars_wordlets{or} $vars_wordlets{register_title}!); } ok i put this at the top of upp_upload_form and so far testing seems to work....
|
|
|
|
|
Joined: Nov 2003
Posts: 35
User
|
|
User
Joined: Nov 2003
Posts: 35 |
Would anyone please help me with this?
I keep getting a "Bad Directory
The directory you specified:
$vars_misc{SAVE_DIRECTORY} = "";
is invalid" error.
If you contact me on PM, I'll send the admin loggin because I think there is something wrong with pointing to the correct directories, but I have no idea what I should add there.
|
|
|
|
|
Joined: Nov 2003
Posts: 35
User
|
|
User
Joined: Nov 2003
Posts: 35 |
Could anyone pls help me? Can't get it to work 
|
|
|
|
|
Joined: Nov 2003
Posts: 35
User
|
|
User
Joined: Nov 2003
Posts: 35 |
.
|
|
|
|
|
Joined: Sep 2001
Posts: 672
Member
|
|
Member
Joined: Sep 2001
Posts: 672 |
You need to specify a directory in those double quotes Belgian
|
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
yes, something like http://www.mysite.com/ubb/uploads - and make sure the directory is set to 777 permissions
|
|
|
|
|
Joined: Oct 2001
Posts: 199
Member
|
|
Member
Joined: Oct 2001
Posts: 199 |
Hi,
I used Multihack on a clean board install 6.3.1.1 and had err's in
cp_forums.cgi
cp_edit_forum.pl
cp_forum_add.pl
All others were fine. I just had to manually edit these and it works fine.
Thanks
RaiNNer
|
|
|
|
|
Joined: Nov 2003
Posts: 35
User
|
|
User
Joined: Nov 2003
Posts: 35 |
quote:
Originally posted by havoq:
You need to specify a directory in those double quotes Belgian Yeah but in what file do I have to enter it? I entered the correct directory in the CP and the text above is the error message I get when trying to upload.
|
|
|
|
|
Joined: Sep 2001
Posts: 672
Member
|
|
Member
Joined: Sep 2001
Posts: 672 |
once you enter it through the CP, it makes the changes to the file, so theres no need to edit a file.
Dont forget to be using an absolute path for this field DIR path to the uploads folder
and a relative path for this field URL path to the uploads folder:
|
|
|
|
|
Joined: Oct 2001
Posts: 199
Member
|
|
Member
Joined: Oct 2001
Posts: 199 |
I had everything working great then had to transfer my files onto a new server, which was identical with RedHat 9 as the one it was on. I transfered all my files and reset all my permissions, but I keep getting the 500 error "premature end of script in ubb_upload.cgi.
Looking in my httpd error logs for this I find:
Can't locate CGI/Carp.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at /home/rnc/cgi-bin/ubb_upload.cgi line 11.
[Tue Dec 09 18:53:17 2003] [error] [client 24.116.185.119] BEGIN failed--compilation aborted at /home/rnc/cgi-bin/ubb_upload.cgi line 11.
Any ideas?
Thanks
|
|
|
|
|
Joined: Oct 2001
Posts: 199
Member
|
|
Member
Joined: Oct 2001
Posts: 199 |
3 months FREE FTP Site for anyone who gets me running on this Elys!
Thanks
Desperate RaiNNer
|
|
|
|
|
Joined: Oct 2001
Posts: 199
Member
|
|
Member
Joined: Oct 2001
Posts: 199 |
Nothing like being noticed Two whole months, I guess I'm dead unless I upgrade huh?
|
|
|
|
|
Joined: Jan 2003
Posts: 3,456 Likes: 2
Master Hacker
|
|
Master Hacker
Joined: Jan 2003
Posts: 3,456 Likes: 2 |
have you uploaded a fresh set of modules from the install zip?
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 87
Joined: December 2001
|
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
| |
Most Online5,166
Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
