6.5 security image stopped working?

[braindead0]

For some odd reason the security image has stopped working. I changed the ImageJPG call to save the image to a file and verified that the PHP code appears fine. It just refuses to send the image to the client? It just shows as a broken image, so presumably the image header information is fine.

Anybody seen anything like this?

Thanks.

[Humpa]

do neither of the admin or the your_account security images work?
When you right click over the broken image X, select properties, and copy & paste the img url into your browser, what do you get?
.. no error message?

You seem to know some code - did you try using a png or gif?
http://www.phpnuke.org/modules.php?name=Forums&file=viewtopic&t=6243

[ This Message was edited by: Humpa on 2003-04-14 10:21 ]

[braindead0]

Both admin and user are broken, going directly to the URL results in the same (well, with just the broken image in the upper left corner).

No errors reported in apache error log, I even turned on warnings just to make sure something 'odd' wasn't going on.

[braindead0]

The weird thing is that it worked, and then stopped working... I know nothing changed in my apache or php configuration...

[braindead0]

Further weird stuff, I did a packet capture (while directly accessing the gfx stuff) and found that the data is coming in to my browser, and it 100% matches the actual file..which is a proper .jpeg.

Something is really fishy here, the header looks fine..content type tag is fine... data is fine.. but browser only displays a broken image link. Tested on IE, Konquerer and Beonex.. at least Beonix reports that the image contains errors....

Very odd indeed.

[Humpa]

I havent had any problems with the security code image, and I have played around with the code quite a bit.
But, there are many reports of people having problems.
There are a few posts with people saying that they had edited the language file and it caused their security image to stop working.
Also, I was helping someone, and their security code image just stopped working for them, but I could still see it.
He deleted his cookies, and then he could see it again.

Not sure what that is worth, but I figured I'd mention it.
Does it have something to do with the way the headers are sent by the server/phpnuke .. that is something that I dont understand yet.

[braindead0]

My version of Nuke 6.5 is pretty heavily modified, but not in any areas that should have any effect on this.

I did figure out what was going on, somehow a single linefeed character was being inserted into the output stream by navbar.php (in the case of the regular user version).

I stopped including navbar.php if the $op=="gfx" and the problem went away.

The oddest thing is, I could comment out all the code in navbar.php, leaving just the php start stop tags and it still did not work! Very odd indeed..

[braindead0]

Found a work-around for my issue. Turns out that somehow (don't ask me how!) the simple act of including 'navbar.php' in the the Your_Account index.php causes an extra linefeed in the output.

Even though navbar.php contains nothing that I could see..that would cause this. I did, however modify the nav() routine.. but that of course is not executed when passing op=gfx into index.php.

I worked around the issue by changing the line:

include("modules/$module_name/navbar.php");

to

if ($op != "gfx") { include("modules/$module_name/navbar.php") };

That way it simply skips inclusion, seems to work like a charm.

[aupperton]

I was having the same problem with the missing security tag. However after investigation my problem was resolved by amending the 'lang-english.php' file under the language directory. I had amended it for some additional module variables at the bottom and had included a comment line before them describing what they were for. Once I removed the comment line so the "define" statements ran one after another the problem went away.

[braindead0]

Hmm, that could be the problem. I don't normally put comments in there (using CVS to track my changes) but it's certainly possible.

[Nuke_til_you_puke]

[Humpa]

Not sure what that "rework" is, but here is a very simple way to remove the security code.
Quote:
an easy way to by pass the security code when you have GD loaded is this.
Find the 7 occurances of exactly this:

extension_loaded("gd")

For the Admin login, there is one in the admin.php, and one in the auth.php.
For Users, there will be five in the modules/Your_Account/index.php (and there might be one in the block-Login.php, and/or one in the block-User_Info.php, if they are modified)
Change all to this:

$user=="whatever"

Do a Find & Replace for exactly what I have posted, and the security code will be bypassed.

[ This Message was edited by: Humpa on 2003-04-22 08:49 ]

[braindead0]

if ($op != "gfx") { include("modules/$module_name/navbar.php"); }

should work.

The issue there is that including navbar.php caused an extra LF in the jpeg output stream.

Someone else pointed out that it may be due to comment lines (blank lines too perhaps?) if the language files, I haven't checked if that was my problem.

I've left the confirmation code disabled (instead of hacking the code to peices I added a '$disablegfx = 1;' and in addition to checking if the extension is loaded, I'd also check that variable.

Many of my users aren't very sophisticated, so I figured I'd leave that out for now.

[Humpa]

ok ... right. I just saw $op != "gfx") and wasnt sure what that was refering to.
I didnt look at the code, and was thinking that was some work-around to remove the security code.

There should be someway to stop the linefeeds from getting in the image stream ... seems there are too many instances where something like this is happening to people (though I cant duplicate it yet)

[braindead0]

It sounds like a defect in PHP itself, line feeds and comments in amongst a bunch of constants shouldn't be output...I'd think.

Sure it weird

[braindead0]

It sounds like a defect in PHP itself, line feeds and comments in amongst a bunch of constants shouldn't be output...I'd think.

Sure it weird

[JonathanLIVE]

I'd like to add to this.. this looks like the most discussion that has taken place regarding the image not coming up. I have not tried that work around yet, but I wanted to report my instance of how it stopped working.

Mine was working fine on the main site, and still does. I made an EXACT copy of the site and placed it in a subdirectory.. all permissions and everything identically copied. Security code stopped working. No script errors.. just a red X both for admin and user.

The main site security code is STILL working fine.. it's only the subdirectory that is not working. I thought it might have something to do with the subdomain redirect I had setup... but I changed directories and got the same thing. I tried renaming the directory, same thing.

I also deleted my cookies, but it still doesn't work.

My server is running the following:

Operating system Linux
Kernel version: 2.4.18-27.8.0
Apache version 1.3.27 (Unix)
PERL version 5.008
PHP version 4.3.1
MySQL version 4.0.12

[JonathanLIVE]

Ok I have tired EVERYTHING and I am really lost why this is happening.

Main site - Security code for login is appearing just fine - no problems there

Subdirectory - EXACT same copy of the main site only difference is that it's located in a completely separate database and yes I changed the config to reflect that. Security code will NOT show I get a red X no script errors for both user and admin.

- I have tried renaming directory
- I have tried changing all possible variables in PhpNuke to point to that /demo subdirectory
- I have tried recopying the entire site again to make sure it had nothing to do with missing files or corruption
- I ran the NukeCop Analyze and it said the image is there, but it still wasn't showing for the subdirectory site
- I tried reinstalling the copy of the SQL database into the other database.
- I have deleted all my cookies multiple times
- I have tried using Humpas work around $user=="whatever" and replaced it EVERYWHERE.. I even deleted the $content referring to the security code in the login.. this is where I am lost... the code is STILL coming up EXACTLY the same even after changing the files! This almost leads me to belief it's still somehow accessing the main site, but again, this is a COPY of the site. I can change themes, change content, it's all separate. But this?
- If I login to the main site admin, and then go to the subdirectory site admin, it will work and I can access the admin. If I am logged in as a USER on the main site, and enter the subdirectory site, I remain logged in, however when I try to logout it doesn't work, it keeps me there. I can only logout from the main site.

Just so I don't get obvious replies that waste everyones time. I'm using a SEPARATE database, the site is in a SUBdirectory to the main site. The files I edited were in that subdirectory. I know how to put in settings, I have setup and troubleshot nuke sites dozens of times. I have been at this for almost 4 hours now and I have gotten no where closer since the moment I started.

Please.. Humpa or anybody else.. some CLUE I must be overlooking would be of GREAT help!

Thank you!

Jonathan

[JonathanLIVE]

FYI

- I have tried the png fix

It's been over a day now and I still have not figured out why this security code will not come up... nobody can seem to even hazard a guess!

Here is some more info as well

GD Version bundled (2.0 compatible)
FreeType Support Yes
T1Lib Support No
GIF Read Support Yes
GIF Create Support No
JPG Support Yes
PNG Support Yes
WBMP Support Yes
XBM Support No

Again.. it works fine on my main site, but I try to run a separate website in a subdirectory and a separate database and the security image stops working.

PLLLLLLLEASE HELP!

[JonathanLIVE]

Ok.. I have been trying everything to determine what exactly is causing this problem... I finally found a way to reproduce it..

I have another copy of the main site in another subdirectory. That copy is working fine. I copied the data from that directory, since

-Copied folder without renaming anything - security key worked FINE
-Changed config.php database info to the demo database - security key STOPPED working

What I would like to know is if there is some kind of data that is stored in SQL that would make this happen? The information in the demo database is a duplicate of the main site database that works fine. I tried changing the URL info in the demo site with demo.mydomain.com / http://www.mydomain.com/demo and leaving it blank as well.. still nothing.

Any help is very much appreciated.. please!

Thanks

Jonathan