No admin menu - Page 2 No admin menu - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

No admin menu

Started by apathys, July 30, 2005, 04:53:40 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

Nibbler

#20
August 02, 2005, 03:35:15 AM
Code changes required for the fix:

include/functions.inc.php

find:

Code Select
setcookie($CONFIG['cookie_name'].'_data', $data, time()+86400*30, $CONFIG['cookie_path']);

change to

Code Select
if (!defined('LOGIN_PHP') && !defined('LOGOUT_PHP')) setcookie($CONFIG['cookie_name'].'_data', $data, time()+86400*30, $CONFIG['cookie_path']);

include/init.inc.php

find:

Code Select
    if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid']) || !isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass'])) {
        $cookie_uid = 0;
        $cookie_pass = '*';
    } else {
        $cookie_uid = (int)$HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid'];
        $cookie_pass = substr(addslashes($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass']), 0, 32);
    }

change to

Code Select
if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_id'])) {
$cookie_uid = 0;
$cookie_pass = '*';
    } else {
list($cookie_uid, $cookie_pass) = unserialize($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_id']);
$cookie_pass = substr(addslashes($cookie_pass), 0, 32);
                $cookie_uid = (int) $cookie_uid;
    }

login.php

find:

Code Select
setcookie($CONFIG['cookie_name'] . '_uid', $USER_DATA['user_id'], time() + $cookie_life_time, $CONFIG['cookie_path']);
setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['password']), time() + $cookie_life_time, $CONFIG['cookie_path']);

change to:
Code Select
$data = serialize(array($USER_DATA['user_id'], md5($HTTP_POST_VARS['password'])));
setcookie($CONFIG['cookie_name'] . '_id', $data, time() + $cookie_life_time, $CONFIG['cookie_path']);

logout.php

find:

Code Select
setcookie($CONFIG['cookie_name'] . '_pass', '', time()-86400, $CONFIG['cookie_path']);
setcookie($CONFIG['cookie_name'] . '_uid', '', time()-86400, $CONFIG['cookie_path']);

change to

Code Select
setcookie($CONFIG['cookie_name'] . '_id', '', time()-86400, $CONFIG['cookie_path']);

Note to others: Only use this workaround if you are sure this is the real reason you are unable to login.

apathys

#21
August 02, 2005, 04:06:35 AM
HOT DANM!! you are Good!!!
thank you thank you thank you!!
:)

Joachim Müller

#22
August 02, 2005, 07:25:00 AM
...and once you upgrade, Nibbler's fix will be lost. I suggest complaining at your webhost once more - show them a link to this thread, don't let yourself be turned down by a statement like "scripting problem"; it's just a poor excuse if a webhost has a silly server setup...
Print
Go Up Pages 1 2
User actions