Tråd: The CPG-Nuke security requirements Skrevet: Man Apr 19, 2004 7:24 pm
When you have made any cool content for CPG-Nuke or PHP-Nuke for use in CPG-Nuke we need you to understand the following "security requirements" or we won't accept your add-on.
Although external Posting protection is blocking a lot, we still want you to develop secure code.
Database
The queries may not contain global variables or must be checked on their value for intvar(), stringlength and specialchars.
If a variable may not contain HTML or PHP use our Fix_Quotes($var, 1) function to get rid of them.
Only sql function calls using $db-> are accepted. The old sql functions like sql_num_rows won't be accepted and are a security breach.
User & Admin
Although the old function still exists to be compatible with old modules, we won't accept files that use the cookiedecode($user) function or decode the $user themselves. Use the global $userinfo instead which already contains all data of the visitor, member or not.
Never decode $admin but check if the "admin" realy is a admin thru is_admin(). is_admin() returns the admin 'aid' (name) if the 'visitor' is administrator. As of 8.3 and up you can check if the admin is allowed to administer a module by using can_admin('module_name').
File Access
Protect your files against outside calls like /yourfile.php or a other script that runs a include/require from another host.
Only calls to cms files may be made using require_once() or require() because include() and include_once() don't report absence of the file properly
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS) Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS
Sidst rettet af DJ Maze den Søn Okt 03, 2004 2:58 am, rettet i alt 6 gange
Tråd: Re: The CPG-Nuke security requirements Skrevet: Tor Apr 22, 2004 6:47 pm
Quote:
I know GoogleTap is silly and a webpage is already shown correctly by search engines, but people think googletap works to index their pages better
So i dont need to activate the google tap? heres my situation my host (prodigy.mx) didnt install for me the mod_rewrite for apache nor the isapi_rewrite for iis so i was thinking of chaning my host for correct index of my site, but i read this and is a different thing now.
can i be peacefull for my indexing issue?
thanks in advance _________________ FEEL FREE TO VISIT ME AT
Tråd: Re: The CPG-Nuke security requirements Skrevet: Tor Apr 22, 2004 7:12 pm
www.google.com/search?...tnG=Search _________________ There are two paths, the short one and the long one.
When you choose the short path you will notice it takes longer then the long path.
So READ the FAQ and Wiki first
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS) Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS
For those who want too see there own site, do the following in google.
Type in the search field the following:
allinurl:yourdomain.com site:www.yourdomain.com (Offcourse change yourdomain.com too your domain ).
Btw Djmaze why isn't that when Googletap, gt-nextgen, spiders index it better? I think it does, but probally only because the file names are shorter. (Instead of modules.php?name=Forums or index.php?name=Forums you will probally have forums.html)
anor's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS) Linux/1.3.29/4.0.18-standard/4.3.4
Tråd: Re: The CPG-Nuke security requirements Skrevet: Fre Apr 23, 2004 1:33 am
I'm not sure that it's the length that bothers search engines (DJ already demonstrated this on previous forum), so much as the use of '?'.
The other area where it definitely helps is when you use GT to make multi level sub-directories seem to be root directory files - this means you have a better chance of getting 'deep indexed' a lot sooner.
GT is not just for 'phpnuke' sites - I also use it on non-nuke sites and it does make a big difference.
The other aspect is that it helps when you cross-reference sites - it's much easier to type site2.com/file.html as a link on site1.com than something that is 200 characters long e.g. when you want to submit your links to other sites.
Having just done this, I'm not sure if this discussion should be attached here _________________ Advertising • Resources
Phoenix's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Indmeldt: Mai 11, 2004 Indlæg: 8 Geografisk sted: Ireland
Tråd: Re: The CPG-Nuke security requirements Skrevet: Tor Mai 20, 2004 11:02 am
Hi I am thinking of releasing some scripts for CPG-Nuke and was wondering if you could just clear up 3 things for me.
DJMaze wrote:
Before any try to decode $admin check if "admin" realy is a admin thru is_admin($user), and then decode the data to a other variable not $admin itself.
I didnt quite understand this, is is supposed to be is_admin($user) and not is_admin($admin), if this is correct could you explain why?
DJMaze wrote:
Beshure echoed variables are set internal and don't use global variables that could be set thru a POST or GET command to echo for example: $nukeuser[1]
I didnt understand that would you be able to explain possible with and example of what to do and what not to do.
DJMaze wrote:
Protect your files against outside calls like /yourfile.php or a other script that runs a include from another host.
Again I didnt understand what you wanted done here would you be able to explain this as well, again with an example.
Thanks very much, just want to make sure that I am coding it the way you want it done.
Dashe's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS) Why is this not allowed to be blank?
Tråd: Re: The CPG-Nuke security requirements Skrevet: Tor Mai 20, 2004 11:36 am
Yeah it should be is_admin($admin) i typed it wrong
For example you have a $_POST[] and people use
PHP:
echo $_POST[];
before you do that run a proper check of what the $_POST should contain.
For example: htmlspecialchar($_POST[]) or intval($_POST[]) this will prevent people inserting malicious code into the database or output.
About XSS:
say you have a variable $file and then you run include($file) be shure $file can't be set thru $_GET or $_POST or if it must then check the variable
ereg('\.\.', $file)
ereg(':', $file) _________________ There are two paths, the short one and the long one.
When you choose the short path you will notice it takes longer then the long path.
So READ the FAQ and Wiki first
DJ Maze's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS) Fedora 12 / 2.2.15 / 5.1.47 / 5.3.3 / CVS
Tråd: Re: The CPG-Nuke security requirements Skrevet: Tor Mai 20, 2004 2:52 pm
Dashe, If you are rewriting your scripts JAG_Online and JAG_virus, let me know and I can remove my download of the versions I released for cpg. _________________ Mommy What's a Grebo???
grebo's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS) ?
Du kan ikke skrive nye indlæg i dette forum Du kan ikke besvare indlæg i dette forum Du kan ikke rette dine indlæg i dette forum Du kan ikke slette dine indlæg i dette forum Du kan ikke stemme på afstemninger i dette forum Du kan ikke tilføje filer i dette forum Du kan ikke downloade filer fra dette forum
I just did the phpNuke 7.4 to CPG-Nuke CVS conversion. Was very easy. ... Found everything I needed to help me along the way with a few searches.
The most unexpected and best thing I have found after switching was the increased speed.
I used to think I needed to change hosts--since switching to CPG-Nuke all my users have commented on how much faster pages load
Whit i was running phpnuke and have almost 30,000 members
apache and sql both running at 99% usage,
server crashed when 50 ppl online,
Host wanted me off shared hosting as many customers complaining i was crashing a p4 3.2
with 2gig ram,
i converted to cpg and now i have less than a 50% server load
cpg saved me $300 USD a month
offshore dedicated servers cost $$
thx guys
one decision i dont regreat is CPGNUKE
Korben
www.datastreamz.net
It's like this - I was working with Oldsmobiles when I was workin with HTML. Then I moved up to Mazda's and Audi's with PHP Nuke. But now my friends I am riding in style with Benz's and Porche's. The diffrence is that noticable immediatly. The Install is so simple once you get it and the site is so secure its like fort knox. Thank you - And you all can expect to see alot more of me around - suggesting ideas and helping where I can. Peace out all - and enjoy newbies. It's really worth it to use CPGNuke.
- Kid_Creation One thing I've noticed about CPG-Nuke... it is fast and clean. Impressive. One of my 'customers' liked it so much she wanted everything changed to CPG-Nuke!
- valis
awebware.comThe conversion from phpNuke 7.4 to CPG-Nuke (CVS) was a piece of cake. The data conversion took about two hours. Hit a few snags--but nothing a few forum searches couldn't fix.
Probably the best compliment I got from my users--"Did you change hosts?" The speed improvement over phpNuke is quite noticable.
Kudos to the developement team! Thanks for helping me get away from the phpNuke tease.
- Whit
endofropegang.comThanks for the Great program! I never regret migrating from PhpNuke. My
site is so much faster and more secure. Now I spend time managing my site instead
of the site software. Keep up the good work!
- Rod
www.gentle.orgNow that we are running CPG Nuke this is the first time I've travelled
without having to worry about hacking, monitoring the site daily, etc. Thanks for
CPG Nuke and everyone that made it possible. We are running a consumer advocacy
site at householdwatch.com and the site is very busy. CPG Nuke is doing the job
and doing it well.
NukeFindCPG is Fast, Secure & Free
Since installing it's been much easier to work with as an admin.
Better admin features but not as many modules that phpnuke offers.
Built for speed and reliability.
Admin of 3 prominent sites that combined receive 6 million hits annually.
CPGnuke is hands down the best CMS out there.
- djdevon3 I just made the switch to CPG, from phpNuke.
The install was easy, simple when following well written instructions. My site has dramatically increased in speed, it really is a day and nite difference.
Thanks to everyone who is a part of the CPG-Nuke project and for offering this CMS as a great alternative to the other *Nukes.
I look forward to being a part of the community.
Kristin
"I made the switch!"
I managed to stumble onto this remake of phpnuke type CMS and have been VERY pleased ever since... I'm very glad it's the system I'm using to make a web site.
4estGreat sense of community around CPG Nuke!
Thanks for your hard work
Cheers! roRiscTo the Dev team. You guys rock keep up the good work. Hopefully I'll get good enough at this quickly so that I'll be able to start posting some solutions and tips as well.
Cup-A-Cino
I want to thank everyone who help me to build my cpgnuke, know the final layout look great, makes the user want to register.....thanks alot guys
TRANCEBUDHA
Hey thanks for the quick replies..hehe.. ya I am trying to check out cpg-nuke on the same server.. anyways.. www.sizzle.no-ip.com /ufo just a test site main php-nuke is www.sizzle.no-ip.com and forums www.sizzle.no-ip.com /forums It seems so far that cpg-nuke is quit a bit faster than php-nuke.. thanks again
sixpack
CPG-Nuke and its support community ROCKS!
James D Kirk
CPGNuke is making phpnuke look like hammered dog-crap so far...
Persistence
Just installed the latest version of CPG and I'm lovin' it!
square
love CPG!
Mecro
man i just took a look at the demo ADMIN and you guys truly did a remarkable job.. this blows PHPNuke away... dirtbagThank You, cpgnuke.
Thank You All that are behind that wonderful script.
Truden
Excellent Coppermine with safemod :)
Work fine with safemod
nice Job
RehaThank You, cpgnuke.
I am amazed at what CPG Nuke has to offer... JamesSelvageGreat site. Great software. ShermD3Well I got my first CPGNuke site up! (huzzah?) I must say of the 5 site I run, 4 of which are PHP-Nuke sites I'm most impressed GeoffMThis install was SOOO smooth. Great job guys! I love it! dcorwinHey CPG-Nuke Dev Team!! Wow!!!!...pretty much sums it up.
I love cpgnuke and I've only had it a couple days now. sabioneGreat system you developed here. Thanks !
cwweb
X-links
Preview theme
Each user can view the site with a different theme.
Themes marked with a * also change the forum look.
All content of this website is copyrighted by the Creative Commons NC-SA
The logos and trademarks used on this site are the property of their respective owners We are not responsible for comments posted by our users, as they are the property of the poster. Our server runs on a P3 1.2GHz with 512MB RAM with no accelerators
Side Generering tog 0.3375 sekunder og 16 Database Opkald på 0.0319 sekunder Memory Usage: 3.35 MB
Interactive software released under GNU GPL,
Code Credits,
Privacy Policy
Forum FAQ
Søg
Log ind for at tjekke beskeder
Log ind
).
