vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   How do I fix this error? (https://vborg.vbsupport.ru/showthread.php?t=200829)

mholtum 01-08-2009 10:08 PM
I have tried many times to duplicate this and can't. Sorry. Try upgrading from 3.7.3 to 3.7.5, you never know. It may fix it.

lazydesis 01-08-2009 10:37 PM
I removed the following code

PHP Code:
else if ($_POST['do'] AND ADMINHASH != $vbulletin->GPC['adminhash'])
{
    print_cp_login(true);
from the file admincp/global.php

Now I do not get the error. I am sure that code is there for something important. Can someone explain to me the implications of removing that bit of code from the admincp/global.php ?

Thanks.

--------------- Added [DATE]1231461540[/DATE] at [TIME]1231461540[/TIME] ---------------

by the way I updated to 3.8 gold today and still got the problem, after which i removed that code.

Bellardia 01-08-2009 10:51 PM
Fixed in post below.

lazydesis 01-08-2009 11:00 PM
It still asks me to login when I try to go to the admincp. Only members of the administrator group are able to login even after removing the code.

Bellardia could you please explain what you mean by "forging as an admin"

Thanks.

Bellardia 01-08-2009 11:21 PM
Let me try to rephrase that.
When you submit a post form to admincp it will verify that it was generated from inside the admincp by sending along ADMINHASH as well. Now it won't check to see if the adminhash was sent along as well, so using php or javascript someone could possibly abuse this fact to make you query the admin cp by directing you to a certain page such as http://www.yourforum.com/forum/admin...DeleteAllUsers (although this isn't a real function, its an example) without you knowing, pretty much using your access to the admincp to do whatever they want through you.

lazydesis 01-08-2009 11:23 PM
oh I see .. thanks for explaining.

I hope some one could come up with a better solution to the problem

Bellardia 01-08-2009 11:24 PM
In the mean time I'd advise you put that back in...although logging in can be a pain, by doing something as simple as posting an image to your forum I could make myself an admin..

Lynne 01-08-2009 11:27 PM
Have you tried to see if you have this problem with a default skin? Or with plugins disabled?

Create a new style with no parent - Styles & Templates > Style Manager > Add New Style > no parent - then browse the site using that totally default vbulletin style - do you still have the same problem?

If it is still happening, then try disabling your plugins and see if you still have this problem.
Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

PHP Code:
define('DISABLE_HOOKS'true); 

lazydesis 01-08-2009 11:53 PM
Quote:
Originally Posted by Lynne (Post 1705745)
Have you tried to see if you have this problem with a default skin? Or with plugins disabled?

Create a new style with no parent - Styles & Templates > Style Manager > Add New Style > no parent - then browse the site using that totally default vbulletin style - do you still have the same problem?

If it is still happening, then try disabling your plugins and see if you still have this problem.
Note: To temporarily disable the plugin system, edit config.php and add this line right under <?php

PHP Code:
define('DISABLE_HOOKS'true); 
Just to let you know, it does not happen while browsing the site. Its only when hitting submit buttons in the admincp ... and its very random as to when it appears or what buttons need to be hit.

Bellardia 01-09-2009 12:00 AM
It would appear that something is compromising your ADMINHASH variable, or that it isn't being parsed correctly (although it is defined so it seems odd).


All times are GMT. The time now is 06:31 AM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01193 seconds
  • Memory Usage 1,741KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete