Recent mainfile.php errors in admin mode

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   Recent mainfile.php errors in admin mode
Julies
CZ Newbie
Julies has been a member for over 17 year's 17 Year Member
Gender: Female
Status: Offline
Joined: Jun 08, 2007
0.00 posts per day
Posts: 4
Points: 0
   
I am currently running
Nuke 7.8

I have not made any changes to site recently and one of my admins informed me of an error he was getting every time he tried to change the permissions of a user in an effort to add them to more areas of the forums. He is also seeing this doing almost any admin functions.

I also noticed this error when trying to change them via the forums module or when I was trying to moderate a forum topic. My only guess is that its possible maybe my host upgraded their php version and the script needs adjusting but I'm unsure how long they've been using 5.3.2. Here's the error message but I removed the directory links.


Warning: eregi() expects parameter 2 to be string, array given in /mainfile.php on line 118


I've looked at the file and line 118 and nothing looks unordinary. Any ideas why this would be happening? Btw, completing admin functions seems to work fine but the error still occurs.



Back to top Reply with quote
#2   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
Post that section of code so I can see it. Include the 30 lines above and below.




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#3   re: Recent mainfile.php errors in admin mode
Julies
CZ Newbie
Julies has been a member for over 17 year's 17 Year Member
Gender: Female
Status: Offline
Joined: Jun 08, 2007
0.00 posts per day
Posts: 4
Points: 0
   
function makePass() {
   $cons = "bcdfghjklmnpqrstvwxyz";
   $vocs = "aeiou";
   for ($x=0; $x < 6; $x++) {
      mt_srand ((double) microtime() * 1000000);
      $con[$x] = substr($cons, mt_rand(0, strlen($cons)-1), 1);
      $voc[$x] = substr($vocs, mt_rand(0, strlen($vocs)-1), 1);
   }
   mt_srand((double)microtime()*1000000);
   $num1 = mt_rand(0, 9);
   $num2 = mt_rand(0, 9);
   $makepass = $con[0] . $voc[0] .$con[2] . $num1 . $num2 . $con[3] . $voc[3] . $con[4];
   return($makepass);
}

if (!defined('ADMIN_FILE')) {
   foreach ($_GET as $sec_key => $secvalue) {
      if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
      (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
      (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
      (eregi("\"", $secvalue)) ||
      (eregi("forum_admin", $sec_key)) ||
      (eregi("inside_mod", $sec_key))) {
         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
      }
   }
   
   foreach ($_POST as $secvalue) {
      if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
         die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
      }
   }
}

if (stristr($_SERVER['SCRIPT_NAME'], "mainfile.php")) {
   Header("Location: index.php");
   die();
}

if (defined('FORUM_ADMIN')) {
   require_once("../../../config.php");
   require_once("../../../db/db.php");
} elseif (defined('INSIDE_MOD')) {
   require_once("../../config.php");
   require_once("../../db/db.php");
} else {
   require_once("config.php");
   require_once("db/db.php");
   /* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
   /* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
   require_once("includes/sql_layer.php");
   $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}



Back to top Reply with quote
#4   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
Replace this line:


foreach ($_POST as $secvalue) {


With this line:


foreach ($_POST as $sec_key => $secvalue) {




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#5   re: Recent mainfile.php errors in admin mode
Julies
CZ Newbie
Julies has been a member for over 17 year's 17 Year Member
Gender: Female
Status: Offline
Joined: Jun 08, 2007
0.00 posts per day
Posts: 4
Points: 0
   
I made the change and uploaded the file and still got this

Warning: eregi() expects parameter 2 to be string, array given in /usr/home/myusername/public_html/mainfile.php on line 118

Warning: eregi() expects parameter 2 to be string, array given in /usr/home/myusername/public_html/mainfile.php on line 118

Warning: eregi() expects parameter 2 to be string, array given in /usr/home/myusername/public_html/mainfile.php on line 118

Warning: eregi() expects parameter 2 to be string, array given in /usr/home/myusername/public_html/mainfile.php on line 118

Warning: eregi() expects parameter 2 to be string, array given in /usr/home/myusername/public_html/mainfile.php on line 118

Warning: eregi() expects parameter 2 to be string, array given in /usr/home/myusername/public_html/mainfile.php on line 118


This is where line 118 is regarding the code shown in my second post (and btw, thank you. You seem to be the only one on MANY boards willing to even respond with solutions):

   if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>",



Back to top Reply with quote
#6   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
The function eregi will be gone in PHP 5.3.+ so it may be best to use something else.

Since it is only a PHP warning you can add a check to see if it is an array and then work with it if it is.


foreach ($_POST as $sec_key => $secvalue) {
     if (!is_array($secvalue)) {
          if ((eregi ........
     }
}




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#7   
Julies
CZ Newbie
Julies has been a member for over 17 year's 17 Year Member
Gender: Female
Status: Offline
Joined: Jun 08, 2007
0.00 posts per day
Posts: 4
Points: 0
   


Originally posted by Telli @ Mon Jun 14, 2010 2:18 pm:

The function eregi will be gone in PHP 5.3.+ so it may be best to use something else.

Since it is only a PHP warning you can add a check to see if it is an array and then work with it if it is.


foreach ($_POST as $sec_key => $secvalue) {
     if (!is_array($secvalue)) {
          if ((eregi ........
     }
}



Where would I add that in at? Also, when you say change to "something" else, do you have suggestions? I know some folks have been able to add something to the eregi to get it to work with newer versions of php. I'm in the process of moving to a new site but I need this current one to continue working until I'm ready to switch to the new site.


Back to top Reply with quote
#8   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
As far as suggestion's you can look at preg_match or strpos or even strstr all these php function can be used to compare strings.


   foreach ($_POST as $sec_key => $secvalue) {
      if (!is_array($secvalue)) {
         if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
            die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
         }
      }
   }




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum