GR can't login to php-Nuke without code number

tstanley

Joined: 2004-09-15
Posts: 3

Posted: Wed, 2004-09-15 22:32

I am using GR to upload photos to php-Nuke 7.0. I have watched the packet traffic and it looks like GR cannot log in. It appears to use the usual Nuke login URL. But this URL normally requires a parameter for the obscured code number and for a hidden random number from the sign-up form.

What have I done wrong? How is GR supposed to get around these security measures? Thanks for any help!

paour

Joined: 2002-08-14
Posts: 1479

Posted: Mon, 2004-09-20 09:44

Why would the login URL require a field for the obfuscated security number for users who already have an account? Or do you mean you don't have an account yet?

tstanley

Joined: 2004-09-15
Posts: 3

Posted: Mon, 2004-09-20 15:13

Thanks for taking a look at this.

The way my PHP-Nuke is set up (my ISP provided it ready-to-go), you always need to enter the code, every time you log in. So on every login it passes the userID, password, security code the user typed in, and the random number that is used to derive the security code.

What I finally did was create my own op= code instead of login and overrode the security code when that opcode is called. Not very secure, but GR can get in now. I didn't know my setup was unusual; I thought everyone would be having this problem. I'm certainly not happy with the workaround, but I'm not sure what else can be done.

paour

Joined: 2002-08-14
Posts: 1479

Posted: Mon, 2004-09-20 16:13

I think it is an unusaul setup, and nothing can be done: these types of systems are designed to make sure unattended programs can't automatically create accounts... I'm glad you were able to create a workaround.

tstanley

Joined: 2004-09-15
Posts: 3

Posted: Mon, 2004-09-20 21:10

Taking a quick look around, I found:

http://phpnuke.org/modules.php?name=Your_Account
http://www.nukeresources.com/account.html
http://www.nukecops.com/modules.php?name=Your_Account
http://www.nukedgallery.net/modules.php?name=Your_Account
http://www.phpnuke-dutch.org/

All of these require a security code to log in, so it's not that unusual. I also don't see a way to turn it off--the Nuke code does not seem to be conditional--and I didn't ask for it, it was already that way.

This might become a common problem. Maybe GR should detect the inability to log in and report that instead of the generic error about there not being a gallery there.

Drakkan

Joined: 2005-04-21
Posts: 1

Posted: Fri, 2005-04-22 04:12

I have same problem.
This security is very common for PHPnuke web portal.
Is it possible you add field in logging section? :wink:

Thanks

paour

Joined: 2002-08-14
Posts: 1479

Posted: Fri, 2005-04-22 07:10

I could add a field, but it wouldn't help you, since you wouldn't know what to type in it.

KimSamSoon

Joined: 2007-06-24
Posts: 1

Posted: Sun, 2007-06-24 21:25

Hello there!
i know this post is dated 2005 but yet i have the same deal.
Does anyone have found a script or the page to fix to correct this bug? And where did you find your "workaround" ? does it works very well ?
thanks guys!

tstanley Joined: 2004-09-15 Posts: 3	Posted: Wed, 2004-09-15 22:32
	I am using GR to upload photos to php-Nuke 7.0. I have watched the packet traffic and it looks like GR cannot log in. It appears to use the usual Nuke login URL. But this URL normally requires a parameter for the obscured code number and for a hidden random number from the sign-up form. What have I done wrong? How is GR supposed to get around these security measures? Thanks for any help!
	XUser login Username: * Password: * Create new account Request new password
paour Joined: 2002-08-14 Posts: 1479	Posted: Mon, 2004-09-20 09:44
	Why would the login URL require a field for the obfuscated security number for users who already have an account? Or do you mean you don't have an account yet?

tstanley Joined: 2004-09-15 Posts: 3	Posted: Mon, 2004-09-20 15:13
	Thanks for taking a look at this. The way my PHP-Nuke is set up (my ISP provided it ready-to-go), you always need to enter the code, every time you log in. So on every login it passes the userID, password, security code the user typed in, and the random number that is used to derive the security code. What I finally did was create my own op= code instead of login and overrode the security code when that opcode is called. Not very secure, but GR can get in now. I didn't know my setup was unusual; I thought everyone would be having this problem. I'm certainly not happy with the workaround, but I'm not sure what else can be done.

paour Joined: 2002-08-14 Posts: 1479	Posted: Mon, 2004-09-20 16:13
	I think it is an unusaul setup, and nothing can be done: these types of systems are designed to make sure unattended programs can't automatically create accounts... I'm glad you were able to create a workaround.

tstanley Joined: 2004-09-15 Posts: 3	Posted: Mon, 2004-09-20 21:10
	Taking a quick look around, I found: http://phpnuke.org/modules.php?name=Your_Account http://www.nukeresources.com/account.html http://www.nukecops.com/modules.php?name=Your_Account http://www.nukedgallery.net/modules.php?name=Your_Account http://www.phpnuke-dutch.org/ All of these require a security code to log in, so it's not that unusual. I also don't see a way to turn it off--the Nuke code does not seem to be conditional--and I didn't ask for it, it was already that way. This might become a common problem. Maybe GR should detect the inability to log in and report that instead of the generic error about there not being a gallery there.

Drakkan Joined: 2005-04-21 Posts: 1	Posted: Fri, 2005-04-22 04:12
	I have same problem. This security is very common for PHPnuke web portal. Is it possible you add field in logging section? :wink: Thanks

paour Joined: 2002-08-14 Posts: 1479	Posted: Fri, 2005-04-22 07:10
	I could add a field, but it wouldn't help you, since you wouldn't know what to type in it.

KimSamSoon Joined: 2007-06-24 Posts: 1	Posted: Sun, 2007-06-24 21:25
	Hello there! i know this post is dated 2005 but yet i have the same deal. Does anyone have found a script or the page to fix to correct this bug? And where did you find your "workaround" ? does it works very well ? thanks guys!

GR can't login to php-Nuke without code number

XUser login