Support ⇒ Upgrades :: Archives ⇒ 9.1.2.1 Upgrade - Security Error - Bad Link :: Archived ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexUpgrades

Archived ⇒ 9.1.2.1 Upgrade - Security Error - Bad Link


As I posted in this topic I had the same problem.

I tracked the problem and found that the variable CPG_SESS didn't hold the correct value so the file threw a cpg_error(_ERROR_BAD_LINK ...

I commented out the check and i could do what I had to untill I openend the user manager, so I took a bigger step;

I edited cmsinit.inc and added the following line to the cpg_error function (first line inside the function)
if ($message == _ERROR_BAD_LINK) return;

Bye bye all "You tried to access this page through a bad link..." messages.

Site is working 100% now.

I know, I know, this is like amputating an arm because of a bee-sting. I don't feel happy about the method, but I am about the result; the itch is gone.

Comments are more than appreciated Razz

Remon.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache2.2 / PHP5.2.3 / MySQL5.0.19 / DragonFly921 (public server) and Fedora Core 4 / Apache 2 / MySQL 4 / PHP 4 / Drupal 5.3 (private server)


We all knows that the session was altered ... but until someone decide to help us on found out why this happen we will never know what is causing this.

Its browser related (49%), DragonflyCMS related (2%) or a server related (49%) issue?

We will never know.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


NanoCaiordo wrote
We all knows that the session was altered ... but until someone decide to help us on found out why this happen we will never know what is causing this.


I have no problems helping out, trying to find the cause of this. Trouble with sessions is that they're difficult to check, or rather, the external influances on sessions are.

Will report back when I know more.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache2.2 / PHP5.2.3 / MySQL5.0.19 / DragonFly921 (public server) and Fedora Core 4 / Apache 2 / MySQL 4 / PHP 4 / Drupal 5.3 (private server)


Thanks for that, I can help too. What I really think be the cause of the issue are: 1) proxy, 2) server.

As I've heard even on the same site, an admin got always the error, some others don't.

Culprit is most luckily to be a proxy server trying to cache other pages, or it might be a browser plug-in trying to do the same thing.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Sigh...

I thought I had it fixed, i created a second user (for my brother-in-law) and made him superuser.

He can login, but doesnt get an admin menu

THen he got flood protection messages.

THen he got banned for using a bad IP

... (pause for dramatic effect)

After some searching i found the setting, set it to inactive and spressed save changes

Security error, you tried to access this page through a bad link.

At this point, i'm saying bye bye to dragonfly.

It just takes too much time to " just set up a community site ", in fact, i never got around to that because the CMS won't allow basic functions such as settings.

I know this is probably a session problem, or maybe a cookie problem, or perhaps even a browser- and/or cmscache problem.

I realise I said I'd help to find the problem, but at the moment it is taking up too much time.

I'll be back. don't know when, but I will be back.

G'luck to y'all

Remon.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache2.2 / PHP5.2.3 / MySQL5.0.19 / DragonFly921 (public server) and Fedora Core 4 / Apache 2 / MySQL 4 / PHP 4 / Drupal 5.3 (private server)


Probably you and your brother using the same ISP ?

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


NanoCaiordo wrote
Probably you and your brother using the same ISP ?


Lol.

no.

I myself am not using the same ISP Razz

I have a different ISP at home than i have here at work, and my brother in law has a different one at work than at home also, so 4 different ISP's are in use

Also, as I suspect your thinking of proxy; no proxies on any of the four locations.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / Apache2.2 / PHP5.2.3 / MySQL5.0.19 / DragonFly921 (public server) and Fedora Core 4 / Apache 2 / MySQL 4 / PHP 4 / Drupal 5.3 (private server)


Then I'll almost sure that its not a proxy issue .. however if read previous posts within this topic you will found out that for a good number of users one broken image was causing this issue.

Let me know if this help you with your problem.

I'm just curious about the source of the issue and its quite strange that a broken image is able to change the session values but browsers are getting insane lately.

OFF TOPIC FireFox is really getting in fire since after a while it takes all memory he can that is available on my system got to restart it often.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Today while i was playing around DragonflyCMS's code i found my self with the same error.

I'm pretty sure that all of you are getting this error because of an installed module that might require to include files in cmsinit.inc or modify existing files included by cmsinit.php.

The error comes because some script is modifying the $module_name variable.

<?php $module_name = 'settings'; function test() { global $module_name; $module_name = 'ciao'; } test(); echo $module_name;

What happen is that the modified $module_name will then be used by the sessions and since the sessions found something suspicious correctly yell the error.

Now I'll invite all of you to check for the guilty module and report it here or to the module's developer.

Just have a look at cmsinit.inc read everything ABOVE the includes of the session.php class and try to remember if you ever add something to any of those files.

For me the case its closed .... I'm only waiting for the guilty module or block name.

[edit]As Phoenix make me notice even a BLOCK can cause the same effect so check for any installed blocks as well[/edit]

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


rmpel wrote
On a side note; site admin;
Please kill the flood protection, or at least make it work as it should;
I was browsing the site and, since I know my way around fora, i kinda expect where next to click.
So i clicked and clicked on the next link and i got a screen Flood Protection. Wait 8 seconds. So i clicked back, assuming it would take me back to the previous screen, but noooo, it presented a warning with "wait 12 seconds or be banned"

I doubt the flood protection was meant to scare off new users.

Greetings and thanks for the help

Remon.


Yes, just to load the MAIN HOME PAGE creates the bulk of hits to the site, then a refresh or two on the same page will force the flood protection. I'd suggest not tripping until about 50 to 60 hits are encountered just incase someone hits the refresh key a couple times. Also I'm stunned that MANY dragonfly sites (like dfaddons) take FOREVER to render even with the images cached. I still believe that since 9.0.1 that cache system is bugged, but I haven't reviewed it yet.

Perhaps I shall in the near future but right now I'm working on getting DF to work strictly in SSL.

J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}

All times are UTC