Search options (Page 6 of 24)

2005-08-27 17:00

OK et what do you think about my tableless presentation ???! It requires a min-width for gecko browsers, but it works well (et very less code, css and html)

2005-08-27 16:43

I like you

Other things (I have erased all styles and rebuilt one per one to have a total control)

<div class="icon"><div class="nosize"></div></div>

So in css, we have so ... class for icon and class for no size ... but I ask you the interest to put a div for no size ?

Reducing by this we obtain the same thing
<div class="icon"><span></span></div>

and in css ... icon span { display : none }

So ... I play with IE / Firefox and Opera ... maybe you have coded in this way with other browsers ???

2005-08-27 15:48

Ohhhh no !!

I can copy/paste the actual code ... tr / td are everywhere, it's quite impressive.

a lot of parent / child css relation in the style > #div table tr td {border-top : blabla} ... as I have posted before when you look > http://www.sortons.net/dev/PunBB/test-punTableless.htm (100% compatible IE / FF / OPERA) the code is very very small. And it's not the viewtopic.php which has the most CSS.

And I have played with span : and without them (don't need them, in fact), the code will be more little.

Edit : another thing (because I have not said it) : but the CSS is very good however.

2005-08-27 11:01

if Pun becomes tableless, the CSS will be reduce about 50% (it's easier to custom a div box than a TR / TD / BOX)

2005-08-26 09:16

zaher wrote:

We need a MOD send notification email to admin when the site is hacked

ahahahhaahahha great

2005-08-25 15:17

About design ... ALL MUST BE IN DIV !

With this, it would be possible to create great things DOM and XHTML are my friends.

2005-08-24 23:36

In fact ...
if user tries to become admin, it will be automated logged, excluded, banned and erased : it prevents from doing tests

if user tries to change its email with the owner forum email, he has the same fate.

at least, if the user wants to change the email (a feroce hacker if it has succeedeed !!!)
in profile.php, the form mail disappears : we see directly the email in html ... and if you want to change it, it asks your password (or for better security : a question / answer you have before created ?) In this way, impossible to do something ... my sortons.net@wanadoo.fr is MINE, anyone can access it through the forum, and all rights with this email are impossible to change.

2005-08-24 23:26

Yes indeed ... my idea is the owner of the forum has a protected email : only the OWNER can see the email. I hope this mod will figure in the 1.3 PunBB with this method, it would be very hard (impossible ?) to hack. I think it's the best way.

2005-08-24 12:56

Any interest for me But thanx however.

I have found a very good article about my problem.
http://www.icant.co.uk/articles/cssconstants

2005-08-24 11:53

Ohhhhhhhhhhhhhhh !

To upgrade 1.2.6, I have dwl the 1.2.6 version and all uploaded I don't see where it was bad made

2005-08-23 22:38

Paul : maybe you are a very old man who needs 14h of sleep ... but ... this experience prevents me from sleeping

2005-08-23 22:29

Rickard wrote:

I just had a quick look at Rod's source code and I can say with some certainty that the reason his forum was hacked was that he had not applied the following fix (which is part of 1.2.6):
http://dev.punbb.org/changeset/221
If you have been hacked, please make sure you have applied it.

Ohhhh it's cute ... never seen this (I admit I have never gone on www.punbb.org > shame on me)

profile.php uploaded I will turn on the registrations when all will be sure

2005-08-23 22:09

I think about one thing ...

Allowing admin status only to a mail ?

I explain.

I have created the forum www.sortons.net/forum with sortons.net@wanadoo.fr

Why not protect this ??? If someone tries to hack, it sends a mail to the "admin" mail and accept or refuse.

In these case, it would be impossible to change level, and so ... to have possibility to hack.

I have had this idea because someone hacked my MSN (but I have not a msn email, but sortons.net@wanadoo.fr)

After hacking, I have asked to send a new password, and all was perfect, after.

2005-08-23 22:06

I'm waiting all the tweaks of Code XP to add them in one time

Like Hcgtv (yet !) my admin was in "verify email registration" YES ...

2005-08-23 21:18

Waouh impressed to see I'm not alone ...

It's very weird to be hacked : it's the first time I'm confronted to this (and I'm on the net since 1998 !!!) ... like a rape. Really.

@ Rickard & Smartys > I send to you in few minuts the link to dwl my whole forum.

2005-08-23 18:01

I have few mods installed ... the only thing abou security is I wanted to use my header.inc from nucleus to punBB ... but it's not with this an user can register directly in ADMIN mode ... I don't know, the mods I have are
- bbcode

As you can see ... nothing.

When Rickard will read this post, I can able to send him (or Smartys ? The Anti Hacker ) my whole forum to see where it's wrong (maybe my fault, or another thing ?)

2005-08-23 17:10

Euh .... very "good" news for me ... HE has erased 2 Forums ... mmmmmmmmmmmm (no backup, of course)

2005-08-23 17:05

Like HCGTV, I have disabled registration. (I'm under 1.2.6)

2005-08-23 16:55

As I was hacked 10 mn ago ... I think YES for an ADMIN DIR more protected

2005-08-23 16:50

http://www.sortons.net/forum/
http://www.sortons.net/nucleus/

2005-08-23 16:39

It puts this in "MAINTENANCE MODE"

<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Hacked By ALTAN and STEEL</title>
</head>
<body text="#FF0000" bgcolor="#000000">
<p align="center"><b><font face="Arial Black" size="7">Hacked By ALTAN</font></b></p>
<p align="center">
<img border="0" src="http://n.domaindlx.com/depoaltan/ay01.jpg" width="400" height="262"></p>
<p align="center"><b><font face="Arial Black" size="7">TURKISH HACKER</font></b></p>
<p align="center"><b><font face="Arial Black" size="7">ALTAN AND STEEL</font></b></p>
<p align="center"><b><font face="Arial Black" size="7">altan@sanaldevrim.net</font></b></p>
</body>
</html>

2005-08-23 16:36

The IP address is: 81.214.28.118
The host name is: dsl.static8121428118.ttnet.net.tr

A big chance for me ... I was surfing on my forum.

In few seconds, he was ADMIN, he has changed MAINTENANCE MODE ...

Waouh ... 1.2.6 > NOT PERFECT about security

EDIT: http://punbb.org/forums/viewtopic.php?pid=50077#p50077 /Rickard

2005-08-23 11:41

Ohhhh warning : it's maybe a plugin ask but I think it's quite important ...

So ....

http://www.sortons.net/dev/call_article2.php

Script

<?php
/*
Created by Global Syndication's RSS Parser
http://www.globalsyndication.com/rss-parser
*/
set_time_limit(0);
$file = "http://www.lemonde.fr/rss/sequence/0,2-3224,1-0,0.xml";
$rss_channel = array();
$currently_writing = "";
$main = "";
$item_counter = 0;
function startElement($parser, $name, $attrs) {
   global $rss_channel, $currently_writing, $main;
   switch($name) {
   case "RSS":
   case "RDF:RDF":
   case "ITEMS":
   $currently_writing = "";
   break;
   case "CHANNEL":
   $main = "CHANNEL";
   break;
   case "IMAGE":
   $main = "IMAGE";
   $rss_channel["IMAGE"] = array();
   break;
   case "ITEM":
   $main = "ITEMS";
   break;
   default:
   $currently_writing = $name;
   break;
   }
}
function endElement($parser, $name) {
   global $rss_channel, $currently_writing, $item_counter;
   $currently_writing = "";
   if ($name == "ITEM") {
   $item_counter++;
   }
}
function characterData($parser, $data) {
global $rss_channel, $currently_writing, $main, $item_counter;
if ($currently_writing != "") {
switch($main) {
case "CHANNEL":
if (isset($rss_channel[$currently_writing])) {
$rss_channel[$currently_writing] .= $data;
} else {
$rss_channel[$currently_writing] = $data;
}
break;
case "IMAGE":
if (isset($rss_channel[$main][$currently_writing])) {
$rss_channel[$main][$currently_writing] .= $data;
} else {
$rss_channel[$main][$currently_writing] = $data;
}
break;
case "ITEMS":
if (isset($rss_channel[$main][$item_counter][$currently_writing])) {
$rss_channel[$main][$item_counter][$currently_writing] .= $data;
} else {
$rss_channel[$main][$item_counter][$currently_writing] = $data;
}
break;
}
}
}
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, "startElement", "endElement");
xml_set_character_data_handler($xml_parser, "characterData");
if (!($fp = fopen($file, "r"))) {
die("could not open XML input");
}
while ($data = fread($fp, 4096)) {
if (!xml_parse($xml_parser, $data, feof($fp))) {
die(sprintf("XML error: %s at line %d",
xml_error_string(xml_get_error_code($xml_parser)),
xml_get_current_line_number($xml_parser)));
}
}
xml_parser_free($xml_parser);
// output HTML
print ("<div class=\"channelname\">" . $rss_channel["TITLE"] . "</div>");
print ("<div class=\"channeldescription\">" . $rss_channel["DESCRIPTION"] . "</div><br />");
if (isset($rss_channel["ITEMS"])) {
if (count($rss_channel["ITEMS"]) > 0) {
for($i = 0;$i < count($rss_channel["ITEMS"]);$i++) {
if (isset($rss_channel["ITEMS"][$i]["LINK"])) {
print ("\n<div class=\"itemtitle\"><a href=\"" . $rss_channel["ITEMS"][$i]["LINK"] . "\">" . $rss_channel["ITEMS"][$i]["TITLE"] . "</a></div>");
} else {
print ("\n<div class=\"itemtitle\">" . $rss_channel["ITEMS"][$i]["TITLE"] . "</div>");
}
   print ("<div class=\"itemdescription\">" . $rss_channel["ITEMS"][$i]["DESCRIPTION"] . "</div><br />"); }
} else {
print ("<b>There are no articles in this feed.</b>");
}
}
?>

I have had this idea by wanting put url as a data in url ... http://www.sortons.net/dev/call_article … ,1-0,0.xml

At the beginning, I wanted to do a standalone version and I have had an idea ... would it be possible users SHARE THEIR OWN news feed RSS and a pun Plugin create a page with blocks containing custom news for each users ??? And we can imagine by "default" the page could regroup all news brought by all users ?!

2005-08-22 17:11

Tobi wrote:

I think this is potentially more serious than it looks.
Any url called will be identified by the cookie of the current user.
What if the current user has admin status? And the url does someting there?
Well, it's still a theory but there will always be an asshole finding a leak there.
So I guess CodeXPs workaround is something everybody should use.
It will not work on systems where file handling of urls is disabled but then - no pictures is still better than no database
Btw I tried to hack myself with that method and it didn't work

bouhh bouhhh very bad self hacker !

2005-08-22 12:03

Your gallery would be "in advance" if you used DOM, XMLHTTPREQUEST to see your pics ... although I'm amazed by your stuff, your gallery is "old school" system : I click to see the gallery page, I click to see the category, I click to see the albums, I click to see the images ... 4 clics for ONE photo (and I don't count the BACK buttons !) ... is it possible to "innove" by coding a dynamic gallery ?

I think it's no, or ... version 3 maybe

Search options (Page 6 of 24)

Posts found: 126 to 150 of 588

126 Reply by Rod 2005-08-27 17:00

Re: Simplify CSS (36 replies, posted in PunBB 1.2 discussion)

127 Reply by Rod 2005-08-27 16:43

Re: Simplify CSS (36 replies, posted in PunBB 1.2 discussion)

128 Reply by Rod 2005-08-27 15:48

Re: Simplify CSS (36 replies, posted in PunBB 1.2 discussion)

129 Reply by Rod 2005-08-27 11:01

Re: Simplify CSS (36 replies, posted in PunBB 1.2 discussion)

130 Reply by Rod 2005-08-26 09:16

Re: punbb hacked (17 replies, posted in General discussion)

131 Reply by Rod 2005-08-25 15:17

Re: PunBB Source Code!? (17 replies, posted in PunBB 1.2 bug reports)

132 Reply by Rod 2005-08-24 23:36

Re: Group Change Security MOD (22 replies, posted in PunBB 1.2 modifications, plugins and integrations)

133 Reply by Rod 2005-08-24 23:26

Re: Group Change Security MOD (22 replies, posted in PunBB 1.2 modifications, plugins and integrations)

134 Reply by Rod 2005-08-24 12:56

Re: Simplify CSS (36 replies, posted in PunBB 1.2 discussion)

135 Reply by Rod 2005-08-24 11:53

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

136 Reply by Rod 2005-08-23 22:38

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

137 Reply by Rod 2005-08-23 22:29

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

138 Reply by Rod 2005-08-23 22:09

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

139 Reply by Rod 2005-08-23 22:06

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

140 Reply by Rod 2005-08-23 21:18

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

141 Reply by Rod 2005-08-23 18:01

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

142 Reply by Rod 2005-08-23 17:10

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

143 Reply by Rod 2005-08-23 17:05

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

144 Reply by Rod 2005-08-23 16:55

Re: Admin stuff in separate directory (8 replies, posted in Feature requests)

145 Reply by Rod 2005-08-23 16:50

Re: Nucleus Skin and PunBB (7 replies, posted in PunBB 1.2 modifications, plugins and integrations)

146 Reply by Rod 2005-08-23 16:39

Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

147 Topic by Rod 2005-08-23 16:36

Topic: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)

148 Topic by Rod 2005-08-23 11:41

Topic: A news / xml custom page for users ... (0 replies, posted in Feature requests)

149 Reply by Rod 2005-08-22 17:11

Re: BBCode [IMG] [/IMG ] Tag Vulnerability (21 replies, posted in PunBB 1.2 discussion)

150 Reply by Rod 2005-08-22 12:03

Re: OLD TOPIC TO DELETE (133 replies, posted in PunBB 1.2 modifications, plugins and integrations)

Posts found: 126 to 150 of 588