Firefox PHP

Module: Enhanced Custom Profiles

Posted by Joe Curia 
JPW
Re: Module: Enhanced Custom Profiles
May 23, 2009 04:46PM
This works, thanks!
Security protection issue
June 11, 2009 05:51PM
We have the Phorum (v.5.2.11) installed with Enhanced Custom Profiles (v.5.2.1.04) module.

The Submit button in the module setup interface doesn't work:

Quote

You are accessing the admin after a security timeout.

The requested URL was:

http://localhost/admin.php?module=modsettings&mod=enhanced_custom_profiles

Please make sure that you really want to access this URL and weren't tricked to go to the admin.
Please click on continue to go to this URL or on cancel to go to the forum homepage.

This dialog has 'continue' button, but it's useless without form POST data.

It seems to me the module is incompatible with new Phorum security feature "phorum_admin_token" added to all admin URLs and forms. I've added a hidden input in the <form id='field_form'> and got the correct answer: "... successfully updated'. Here is the field needed (taken from <form id='status-form'> found on every admin page):

Quote

<input type="hidden" name="phorum_admin_token" value="2d11da1d90182ec2114db66d601d932d" />

BTW, other modules has no ths issue, probably because of using more compatible forms:
Language: PHP
$frm = new PhorumInputForm()
Re: Security protection issue
June 11, 2009 07:37PM
The admin token is not a constant, so this will only work temporarily. What has to be added instead is:

Language: PHP
<input type="hidden" name="phorum_admin_token" value="<?php print $PHORUM[';admin_token';] ?>"/>

@Joe: can you incorporate this in your package, please?


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce



Edited 1 time(s). Last edit at 06/11/2009 09:40PM by Thomas Seifert.
Re: Module: Enhanced Custom Profiles
June 16, 2009 10:21AM
And what about these javascript links -- should it be supplied with the phorum_admin_token param like all other interface links?

Language: HTML
<td class=';menuoff'; width=';160px'; id=';view_profile_settings'; onmouseover="menuon(this)" onmouseout="menuoff(this)" onclick="window.open(';./admin.php?module=modsettings&mod=enhanced_custom_profiles&show_page=view_profile';, ';_parent';)">View My Profile</td>
Re: Module: Enhanced Custom Profiles
June 16, 2009 02:37PM
Sorry, I have been very busy with little time for coding. Many of my modules will need updates for the new phorum_admin_token. I am hoping to find time this coming weekend and beyond to update them. For some it is a simple link here or there, others use their own forms and pages and will be a bit more complex. I will make sure this module gets top priority.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Security protection issue
July 20, 2009 11:49PM
Hi - I am having trouble with phorum_admin_token as well. Could you please tell me which page(s) did you add the code to in order to fix this problem? Thank you :)
Re: Security protection issue
July 21, 2009 12:14AM
Well... all pages really.

Why not reverse the solution here?
You tell us what exact path you follow to run into the issue and we will try to fix the issue for you.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Security protection issue
July 21, 2009 12:31AM
Thanks for your reply Maurice.

No matter what I select or try and input in the Settings (in Control Center > Modules) for Enhanced Custom Profiles, it always comes up with:

Phorum Admin
version 5.2.11		Phorum Status:

You are accessing the admin after a security timeout.

The requested URL was: 
[localhost]

Please make sure that you really want to access this URL and weren't tricked to go to the admin.
Please click on continue to go to this URL or on cancel to go to the forum homepage.

And pressing Continue just resets the settings to blank again. And so it goes on in a circle :)



Edited 1 time(s). Last edit at 07/21/2009 12:35AM by klibreck.
Re: Security protection issue
July 21, 2009 12:51AM
Did you try my suggestion from above? I didn't test it, but it might just work.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
This mod puts my globals out of scope
July 24, 2009 01:42AM
I have a bit of a strange issue with this module...

I include lots of my own PHP files within Phorum, globalising certain variables if I will need them later on.

eg, in my own common.php, I setup things like:

global $path;
$path = "my/path";

I then include common.php and expect to be able to use $path later on within my own functions, provided I specify they are global first of course.

This works for all Phorum pages, except...

...I've just noticed that profile.php effectively puts all my globals out of scope.
I traced the behaviour to the first line of profile.php, namely:

define('phorum_page','profile');

If I changed the above to define('phorum_page','search'); or even define('phorum_page','profile1'); then my globals all come back.

I then worked out that some extra code must run when the phorum_page is set to "profile" and remembered I'd added the Enhanced Custom Profiles module. Sure enough, disabling the module fixes the problem.

Any ideas why this module puts my globals out of scope?

Thanks,

/\dam

--
My notable Phorum sites:
Movie Deaths Database - "review comments" system mostly powered by Phorum
Learn Chinese! - integrated forum quiz
Sorry, only registered users may post in this forum.

Click here to login