PHP Nuke and SMF Integration ready for download!

Started by spottedhog, November 09, 2007, 09:47:24 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 All
User actions

Rumbaar

#20
November 21, 2007, 04:30:02 PM
Also what is the core php-nuke version you used to create this total package?  I hope a version like Raven Nuke 7.6 full patched?  Also how would any future security issues that are address via patching affect or be implemented into your 'custom' build?
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

spottedhog

#21
November 21, 2007, 04:56:12 PM
:)   I used 7.6 "full patch"... I think 3.2 or 3.3 patch.

OK... security issues....  There are basically 2 issues, cross-scripting because of badly written code, and the other is the takeover of the admin.php file.

Cross Scripting:
All the code I am releasing has variables opened to empty arrays ...for example: $row = array();  before using the variable in the MySQL "while" or "foreach", just like the SMF db queries.  Also, data is filtered and escaped, both going into the database, and for browser display.

I am not saying all is perfect, as there may be an issue somewhere, but for now, all should be at least as good as the 7.6 patched.

admin.php file
I have removed the "security thru obscurity" for the $admin_file and just have the file named "admin.php"   All admin.php is protected by the SMF permissions system, with access only to SMF is_admin, etc.

The Nuke's "mainfile.php" has all the security code in it that has been in place for Sentinel and the 7.6 patches.  The admin.php has all the 7.6 patched security and maybe an additional line or 2.

There is not a nuke_authors db table.  I used only the SMF members, etc.

I may be wrong, but I do not see a need for Sentinel's automatic IP banning.  I am not sure how much protection it would add compared to whatever is already in SMF.

The bottom line is, if you trust the SMF security, then this is basically the same.

Rumbaar

#22
November 21, 2007, 05:55:30 PM
Nice, thx for the info.

Yeah the Sentinel's automatic banning doesn't always work on servers.  I know on mine it doesn't write to the htaccess file, I do it manually.  No nuke authors, nice.  Yeah I've never been happy with the admin security on the base php-nuke, but I'm glad you based it off that branch of the php-nuke line.  After 7.6 it really got of the rails with the wysiwyg editor fiasco.

Also because phpBB is gone all the phpBB_root XSS vulnerabilities wont be an issue :)
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

spottedhog

#23
November 21, 2007, 06:08:16 PM
I have put the FCKEditor in so places with large textareas can use it.  ;)

There are some issues I have had with Sentinel.  Of course it is well written and well managed monthly, however, I think in many ways it is overkill.  Having to monthly update country IPs and more seem to be more of a pain than they are worth.

I have the SMF IP banning system in place for all of the integration.  .htaccess file could be used to double security....  if desired.

Rumbaar

#24
November 21, 2007, 06:29:40 PM
Oh you have the FCKEditor, is that included in the 7.6 full patched now?  They must have re-written it, as from what I remember it was a major security hole as it effectively by-passed most of the security checks in the mainfile.php file when it was originally implemented in to 7.8+
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

spottedhog

#25
November 21, 2007, 06:36:09 PM
RavenNuke has the same version I believe....  Inputs into FCKEditor are still filtered and escaped before being put into the database.  Also, there are only specific base html tags allowed.  I think I have it set to use what is allowed in the config.php file.

TheRenegade

#26
November 22, 2007, 09:36:53 PM
Looks nice and all, but I have a quick question.

I have purchased a Nuke theme. And I don't want to HAVE to use the SMF themes.... Any chance I can use this as just a bridge? Or if I use the intergrated, can I use a nuke theme for the main site and a SMF theme for the forums??

spottedhog

#27
November 23, 2007, 03:46:56 PM
I have it set up to use the SMF Themes only, with the SMF Themes containing the main functions needed from the Nuke theme.php file.

There is no bridge involved with this.  Any calls to users from the Nuke code is replaced with $context['user'] etc. from SMF.

You could take things from your purchased Nuke Theme, and create a SMF Theme.  Does your purchased theme contain code for phpbb forums?  If so, you could substitute the SMF graphics with the phpbb graphics from your purchased theme.

TheRenegade

#28
November 23, 2007, 05:43:13 PM
Yes it comes with matching phpBB themes, and I was already thinking of trying to convert that to SMF. (BTW how hard would that be??),

Do you know of any way I could attempt to use SMF-nuke as a foundation for a bridge? Or at least make it so when yuo log into the main page, it also logs you into the forums??

spottedhog

#29
November 23, 2007, 06:00:04 PM
that is what it already does.....  One login....  one members table....  This is a full integration with SMF.

For converting your theme, you could pic a similar type of layout for SMF, and then plug in the right graphic and colors from the phpbb one.

TheRenegade

#30
November 23, 2007, 08:02:52 PM Last Edit: November 23, 2007, 08:06:25 PM by TheRenegade
I know SMF-nuke does that, but there are a fair amount of features in nuke that I don't wish to loose. So what I want to achive is KEEP nuke and ALL its tables, and be able to use the themes, i have all sorts of cool blocks, and all the graphics are VERY well done. I have things added as flash navigation, flash MP3 player, etc. You can check it out at www.zinclan.com/beta_site/ [nofollow]

Before I use SMF-Nuke I would want to ensure I can keep 95% of the features and what not that I have in the current one. I also don't want to spend forever trying to get things to work right....

spottedhog

#31
November 23, 2007, 08:26:29 PM
I understand what you are saying...

All Nuke blocks will work without any modification.

Modules not in the original download will need some modifications, mainly because of things in them that were removed for SMF-Nuke. What I tried to do was to put the decorative aspects of the code into the style.css where they belong.

I worked for a long time trying to use both Nuke and SMF themes, however, that seemed to be very problematic.  This is why I went with SMF based themes.

I had many attempts at "bridging" but those seemed to always have an issue here and there, much like the Mambo/Joomla bridges.  I certainly did not want something where there would be 50,000 posts because of a bridge.

As far as converting your clan based theme, I am not sure how hard that would be.  The block coding could be a simple cut and paste.  Then the only issue would be putting the header into a SMF based theme...  I know this is not easy....

If this is too much work, I can well understand.  SMF-Nuke is not a one size fits all kind of system.  You can always just keep everything PHP Nuke with the converted phpbb.

TheRenegade

#32
November 23, 2007, 10:01:33 PM
Well I have been looking through all the code and what not, all I want to be able to do, is make that damn "forum" button a link to my forums.... Screw the modules, screw the two logins. Just let me make the darn link.....

Help...someone??

spottedhog

#33
November 26, 2007, 02:04:44 PM
In your WOW PHP Nuke theme, you will need to set the URL to your SMF Forum.

You could then put a link in the Modules block for the SMF Forum under the "Home" link.
Print
Go Up Pages 1 2 All
User actions
Advertisement: