Messages posted by: Carbonize

If you are using 2.4.1 there is a password reset script in the misc folder otherwise look in the Advanced Guestbook forum.

Well you shouldn't lose the entries. I always recommend making a backup of the database before running any script designed to alter it.

Make a back up and then run the updater.

This exploit only existed in 2.2 and 2.3. It was patched in 2.3.1 which was released around four or five years ago. If you are running 2.2 and do not want to upgrade I wrote a tuorial on patching the exploit and it is in these forums or goto www.carbonize.co.uk/AG for the prepatched files.

I wrote a script to upgrade 2.2 to 2.3.x. It is available from www.carbonize.co.uk/AG and updating is highly recommended due to exploits. Update to either 2.4.1 or Lazarus. It's upto you.

Update to 2.4.1.

Wow you just posted a hack that has been in the public domain for 4 years now and thats for a version of the guestbook that is 5 years out of date. Your mother must be so proud that you're so stupid.

I even know that you found the exploit on the net as you've posted it exactly the same way as ever site that has posted it. You don't even understand how it works.

And you posted this in the Advanced Guestbook section because?

The error message is quite clear in what the error is.

Can't connect to MySQL server on 'mysql.qnhl.com'

Check the server settings in the config file.

It uses a DATABASE not files nor a folder.

Check in the foro folder for a .htaccess file and delete it.

Ok just a quick correction on Aurons post.

1st - This is because AG has always used shell commands for moving uploaded images but some hosts do not allow this which is why I removed the exec lines from Lazarus and used pure PHP instead.

3rd - All the entries are stored in the database and the physical pictures in the public folder. Download 2.4.1, extract it, copy the database info from your current config.inc.php file to the 2.4.1 files, upload 2.4.1 to replace your existing guestbook (download a back up first) and finally run the update_db.php file founf in the new misc folder by visiting it in your web browser.

Ok send me contact_booking.html for now and we can work from there. webmaster at carbonize dot co dot uk

Short of logging in myself and looking at both the database and the script there was little I could do. You could try Lazarus.

I would need to see the code from the actual files on your web space and not the code you get in your browser. Feel free to email it to me.

Download the latest version and look in the form.php template. Odds are it's just $CAPTCHA

Edit the body.tpl file or use CSS in the header.php template.