1 Topic by kendra

(1 replies, posted in PunBB 1.2 troubleshooting)

I dont know why but its like I can never seem to find the documentation to migrate (update) my version to current.

The Problem is that I have all sorts of modifications we dont want to loose. I see the changelog but it dont specify what files have been updated.

Can I suggest that you offer a upgrade kit, which includes ONLY the changed files then the migration tool. Alternatively maybe post a list of the files have been updated with the changelog.

I guess its just confusing I added the emoticon quick bar, and modified for https:// compatibliity, if I just replace all then I loose all.

I know u said look at the change log before but I dont see the file list so maybe there is can u show me where then ?

Tks..
Kendra

Go to forum: PunBB 1.2 troubleshooting

2 Reply by kendra

(3 replies, posted in PunBB 1.2 bug reports)

Rickard wrote:

I just haven't thought of it. Here's a quick fix (for functions.php):

if (!preg_match('#^'.preg_quote(str_replace(array('www.', 'https://'), array('', 'http://'), $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace(array('www.', 'https://'), array('', 'http://'), (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))

Not tested, but it should work.

Very clever.. :\  Got it!.

it worked nicely, ssl is becomming more and more popular. its easy to overlook sexpecially if you dont have a cert makes testing it hard ( ~_*)


neways umm oye did I see you at the quickCart forums, well maybe anotha Rickard?


//replaced: /////

function confirm_referrer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
        message($lang_common['Bad referrer']);
}



// With  //

function confirm_referrer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote(str_replace(array('www.', 'https://'), array('', 'http://'), $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace(array('www.', 'https://'), array('', 'http://'), (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
        message($lang_common['Bad referrer']);
}



~huggies~ tankies
Kendra

Go to forum: PunBB 1.2 bug reports

3 Topic by kendra

(3 replies, posted in PunBB 1.2 bug reports)

Why is it that Punbb considers a secured session (https://) a different referer then insecured (http://)

I dont think that https:// is a different referer.

I found that other applications that that use referers do not include the http:// as part of the referer.

(phpclassifieds for example)
referer1: mysite.com/classifieds
referer2: classifieds.mysite.com

our ecard script does include the www abut has 4 allowed referers

referer1: mysite.com/ecard
referer2: www.mysite.com/ecard
referer3: ecard.mysite.com
referer4: www.ecard.mysite.com


So what about punbb then? is there any way to atleast allow the option to use both http:// and https://?

So we have no choice but to forced https:// , it seems like the only way to assure that a user wont experience the bad-referer error.

<?
$mydefaultport=80; //
$https="$pun_root"; //Secure Page
if($_SERVER['SERVER_PORT'] == $mydefaultport) {
header("Location: " . $https . $_SERVER['REQUEST_URI']);
exit;
}
?>

Okay so this re-directs to https:// if the user somehow lands on the pun with http:// but ideally it would be nice to see it work with both.

Perhaps this can be a future suggestion to add multi-(same domain) referers that will allow https:// aswell as subdomains so

http://mysite.com/punbb/
https://mysite.com/punbb/
http://punbb.mysite.com
https://punbb.mysite.com



Thankies
Kendra

Go to forum: PunBB 1.2 bug reports

4 Reply by kendra

(9 replies, posted in PunBB 1.2 troubleshooting)

Okay well I just did replaced all the files (except the tpl's) and them did the db-migration.

But now I have a wierd problem? the extern.php for some reason it stopped working and gives an error now with a relative path. It worked fine before the update so Im puzzled why?

Error:
Warning: main(): Failed opening '/bb/extern.php?action=online_full' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/public_html/work3.php on line 535

Code used:

<?php include('/bb/extern.php?action=online_full'); ?>

NOTE:
Since we have a SSL certificate and use CMS we use the opening slash almost everywhere. This lets us drop a blank template for example in any folder/directory, and will use predefine global resources for css, menus ect and have SSL compatibility without need to modifiy the page, all we do is add the page content.

Anyways If I use a absolute path it syndicates fine, so there is no problem with the topic or Forum ID, spelling, grammer, php error,  or anything like that, just now it wont let me use the relative path. I even created a blank test.php, put it in the root and removed the starting slash

<?php include('bb/extern.php?action=online_full'); ?>

And it did the same thing? I then changed it to a absolute path and it worked again, but got insecured content with SSL. A work-around is using a https:// absolute path, but that slows things down requesting secured content in a insecured page.

Anyways what can I do to get it working again with a relative path?

tks ..
/Kendra


Windows: a 32-bit extensions and a graphical shell for a 16-bit patch to a 8 bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand 1 bit of competition.

Go to forum: PunBB 1.2 troubleshooting

5 Reply by kendra

(9 replies, posted in PunBB 1.2 troubleshooting)

oh nevemind..

I didnt think that security was that bad that I cant even just get a simple upgrade help. after all isnt these forums for this??

I already Said that there is custom work done so I cant just replace all the files, theres custom tpl files, and the emoticon bar mod and ugh just errm

This Kinda sucks really I liked punbb , but ill just install phpbb sorry


Kendra

Go to forum: PunBB 1.2 troubleshooting

6 Reply by kendra

(9 replies, posted in PunBB 1.2 troubleshooting)

errrm   hmm

What is the normal process for updating a version??

I dont think I know forsure what you mean. I see the changelog, thats where I got the filenames, that I updated but it has alot of SQL stuff thats been fixed.

Can you provide a link plz or paste a changed files  from 1.26 to 1.28?

All I have done so far is replace

post.php
edit.php
profile.php
search.php

I did NOT run the 12_to_128_update.php until im sure I didnt miss anything and thats all I need to do.

can someone plz tell me

Kendra

Go to forum: PunBB 1.2 troubleshooting

7 Reply by kendra

(9 replies, posted in PunBB 1.2 troubleshooting)

OKay thanks

But did I actually address all of the v1.28 security concerns by manually replacing the 4 files with current versions and running the ver_update.php?

Kendra

Go to forum: PunBB 1.2 troubleshooting

8 Topic by kendra

(9 replies, posted in PunBB 1.2 troubleshooting)

Hi,

Okay I have v1.26 right now, and now its at 1.28 so I missed 2 small updates.

NOTE:
We did some custom intregrating using the 1.26 .tpl files so we dont want to update these, unless we have to for security reasons.

I replaced the following files with the ones that were included with version 1.28

post.php
edit.php
profile.php
search.php

But the version still reports as 1.26, What else must be done to fully be updated to 1.28?

Also we have a SSL-Certificate, the http referer is considering a https:// session to be a different http referer so were forced to use fulltime secured sessions. This is okay but really running anything in SSL tends to slow it down a bit, is there anyway to allow both https:// and http:// ?

Thanks in advance.

Kendra

Go to forum: PunBB 1.2 troubleshooting