WOW! Please, really need help with this inline frame module

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   WOW! Please, really need help with this inline frame module
dwight
CZ Newbie
dwight has been a member for over 9 year's 9 Year Member
Status: Offline
Joined: Mar 18, 2008
0.00 posts per day
Posts: 1
Points: 0
   
Hello,

The first section is the module. I have read sevral websites on posts on this and the php nuke section manual and it still wont work. Im using phpnuke7.9. I have double checked the speling so i dont know whee to go from here. I heard the was a change in the mainfile.php so i did that change and still nothing. That change for teh mainfile.php is after the module one.

Thanks and would appeciate any help icon_smile.gif


<?
if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
  die ("You can't access this file directly...");
}
if(!IsSet($mainfile)) { include ("mainfile.php"); }
$index=0;
$theme="Tobacco";
$go_to_address1="http://www.usacollectiblesonline.com/EN-Book/index.html";
$go_to_address=rawurldecode($go_to_address1);
include("header.php");
OpenTable();
echo "<center><h4><a href=\"index.php\">Click to close.</a></h4></center>";
echo "<iframe SRC=\"".$go_to_address."\" width=\"100%\" height=\"1200\"
framespacing=0 frameborder=no border=0 scrolling=auto></iframe>";
echo "<br><center>NB. Using iframes!</center><br>";
CloseTable();
include("footer.php");
die;
?>

--------------------------------------------------------------------------------------
The change made for the mainfile.php which said i by passed some securty file,.ssx or somethign like that was suppost to make inline frames work. Also i know inline frames wont work in some broowsers bu im running the latest IE and it wiorks in that. anyway heres the change
---------
from this
---------
}

// Die message for not allowed HTML tags
$htmltags = "<center><img src=\"images/logo.gif\"><br><br><b>";
$htmltags .= "The html tags you attempted to use are not allowed</b><br><br>";
$htmltags .= "[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]";

// Die message for empty HTTP_REFERER
$posttags = "<b>Warning:</b> your browser doesn't send the HTTP_REFERER header to the website.<br>";
$posttags .= "This can be caused due to your browser, using a proxy server or your firewall.<br>";
$posttags .= "Please change browser or turn off the use of a proxy<br>";
$posttags .= "or turn off the 'Deny servers to trace web browsing' in your firewall<br>";
$posttags .= "and you shouldn't have problems when sending a POST on this website.";

if (!defined('ADMIN_FILE')) {
  foreach ($_GET as $sec_key => $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
   (eregi("\"", $secvalue)) ||
   (eregi("forum_admin", $sec_key)) ||
   (eregi("inside_mod", $sec_key))) {
        die ($htmltags);
     }
  }

  foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
      die ($htmltags);
    }
  }
}

--------
to this
----------
if(isset($admin))
{
   $admin = base64_decode($admin);
   $admin = addslashes($admin);
   $admin = base64_encode($admin);
}

if(isset($user))
{
   $user = base64_decode($user);
   $user = addslashes($user);
   $user = base64_encode($user);
}

// Die message for not allowed HTML tags
$htmltags = "<center><img src=\"images/logo.gif\"><br><br><b>";
$htmltags .= "The html tags you attempted to use are not allowed</b><br><br>";
$htmltags .= "[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]";

// Die message for empty HTTP_REFERER
$posttags = "<b>Warning:</b> your browser doesn't send the HTTP_REFERER header to the website.<br>";
$posttags .= "This can be caused due to your browser, using a proxy server or your firewall.<br>";
$posttags .= "Please change browser or turn off the use of a proxy<br>";
$posttags .= "or turn off the 'Deny servers to trace web browsing' in your firewall<br>";
$posttags .= "and you shouldn't have problems when sending a POST on this website.";

if (!defined('ADMIN_FILE')) {
foreach ($_GET as $sec_key => $secvalue) {
if((eregi("<[^>]*script*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*onmouseover *\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*body *\"?[^>]*",
$secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key)))
{
die ($htmltags);
}

}

foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*iframe*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]script*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]*body*\"?[^>]*",
$secvalue)) ||
(eregi("<[^>]style*\"?[^>]*",
$secvalue)))
{
die ($htmltags);
}
}
}

-----------------------------------------------------------------------------------

Thank you, and would appreciate any help icon_wink.gif

EDIT: Nevermind found it. i tried to delete post but guess cant


Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum