Messages posted by: amber222

Yes, you need to upgrade to version 2.3.1.

http://proxy2.de/forum/viewtopic.php?t=3037

If you leave your link, maybe one of us can remove the hack for you. Then show you how to get your own password back.

http://proxy2.de/forum/viewtopic.php?t=3300&highlight=votes

That was me above. I thought I was still logged in.

Sorry, I had to go offline for a while - major drama. I'll take a look at it now.

Sorry, I don't know anything about this. Auron will probably show up later; maybe he can help you.

In the meantime, you might do a search for firewall or mysql.sock. Seems like I have seen a post about this before...

Fixes for Version 2.3.1 Exploits:

Patch for add.class.php, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=4144

Workaround Patch for index.php, from Security Focus:
http://www.securityfocus.com/bid/11798/solution/

Fix for Version 2.2 Exploit, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=3650

Security Issues, by Trevor:
http://proxy2.de/forum/viewtopic.php?t=3475

Help with Upgrade from 2.2 to 2.3.1:

Guestbook 2.2. to 2.3.1 upgrade script, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=4010

Discussion on Manual Upgrade:
http://proxy2.de/forum/viewtopic.php?t=3334

Admin Loop (Keeps going back to Login):
http://proxy2.de/forum/viewtopic.php?p=11334&highlight=#11334
http://proxy2.de/forum/viewtopic.php?t=3786

Admin config.inc.php file:
http://proxy2.de/forum/viewtopic.php?t=3654

Password Lock, by Carbonize:
http://proxy2.de/forum/viewtopic.php?p=9621&highlight=#9621

Changing the Admin Password:
http://proxy2.de/forum/viewtopic.php?t=3744

Resetting the Admin Password:

With Carbonize's reset.php file:
http://proxy2.de/forum/viewtopic.php?t=4071

In PhpMyAdmin, by Jam'n:
http://proxy2.de/forum/viewtopic.php?t=2595
http://proxy2.de/forum/viewtopic.php?t=1711
(Important: Only follow Jam'n's instructions for resetting the password. Do Not follow others' suggestions to Overwrite the v2.3.1 session.class.php file with the 2.2 version!)

Make a backup .sql file of guestbook entries:

Export/Import MySQL Database:
http://proxy2.de/forum/viewtopic.php?t=3580&highlight=sql

Guestbook MySQL database transfer:
http://proxy2.de/forum/viewtopic.php?p=5819&highlight=#5819

Where is the guestbook database?:
http://proxy2.de/forum/viewtopic.php?t=2761&highlight=sql

Change the Guestbook Picture:
http://proxy2.de/forum/viewtopic.php?t=3827&highlight=picture

How To Change The Drop Down Menu In Advanced Guestbook, by Trevor: http://proxy2.de/forum/viewtopic.php?t=3315

How to change the required fields in Advanced Guestbook, by Trevor:
http://proxy2.de/forum/viewtopic.php?t=2877

Change the Comments Text Color:
http://proxy2.de/forum/viewtopic.php?t=3380
http://proxy2.de/forum/viewtopic.php?t=3219

Image Verification script, by Carbonize (Help reduce Guestbook spam):
http://proxy2.de/forum/viewtopic.php?p=9976
http://www.carbonize.co.uk/verification.zip is the official download for the image verification mod

Quick Mod to have AG 2.3.1 log the IP rather than the hostname, by Carbonize: http://proxy2.de/forum/viewtopic.php?p=10108&highlight=#10108

Admin Panel Logout redirect, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=3409

"Warning: Cannot modify header information - headers already sent by...":
http://proxy2.de/forum/viewtopic.php?t=3200&highlight=cannot+modify+headers
http://proxy2.de/forum/viewtopic.php?t=3093&highlight=cannot+modify+header

"Warning: fopen(./templates/body.php): failed to open stream: Permission denied in..."
"Warning: fwrite(): supplied argument is not a valid stream resource in..."
"Warning: fclose(): supplied argument is not a valid stream resource in..."
http://proxy2.de/forum/viewtopic.php?t=3580&highlight=fopen

"Fatal error: Cannot instantiate non-existent class: "
http://proxy2.de/forum/viewtopic.php?t=3812

"Warning: fread(): Length parameter must be greater than 0"
http://proxy2.de/forum/viewtopic.php?t=3351&postdays=0&postorder=asc&highlight=fread&start=30

Missing Pictures in Guestbook:
http://proxy2.de/forum/viewtopic.php?t=3628&highlight=missing+pictures

Configuring Smilies in Guestbook:
http://proxy2.de/forum/viewtopic.php?t=3901

Getting Your Logo and Menus In The Guestbook:

Include your header, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=3460

How can I integrate my guestbook into an existing site?:
http://proxy2.de/forum/viewtopic.php?t=3863

A newbies guide to placing the guestbook in an html page, by fatjack:
http://proxy2.de/forum/viewtopic.php?t=3921

How To Change The Drop Down Menu In Advanced Guestbook, by Trevor: http://proxy2.de/forum/viewtopic.php?t=3315

Adding Guestbook to a Frame:
http://proxy2.de/forum/viewtopic.php?p=9728

Changing the wording ("here you can leave your mark."... etc.):
http://proxy2.de/forum/viewtopic.php?p=9870
http://proxy2.de/forum/viewtopic.php?p=9264

Encrypt visitors email addresses in guestbook (stop email harvesters):
http://proxy2.de/forum/viewtopic.php?t=3778

Making Email a Required field:
http://proxy2.de/forum/viewtopic.php?t=3388&highlight=required+field
http://proxy2.de/forum/viewtopic.php?t=2877

Remove visitors email addresses from guestbook view:
http://proxy2.de/forum/viewtopic.php?p=10856&highlight=#10856

Increase email field size to 60 characters (in templates/form.php):
http://proxy2.de/forum/viewtopic.php?t=3912

Increase homepage field size to 65 characters (in templates/form.php):
http://proxy2.de/forum/viewtopic.php?t=4075

Change the Time in Advanced Guestbook:
http://proxy2.de/forum/viewtopic.php?t=3758

Advanced Guestbook Manual, by Jam'n:
http://www.geocities.com/nathalonia/gbpoll

Explanation of Chmod File Permissions:
http://proxy2.de/forum/viewtopic.php?p=10072&highlight=#10072

How to change File Permissions from the CPanel:
http://proxy2.de/forum/viewtopic.php?p=10713&highlight=#10713

Advanced Guestbook versions for Content Management Systems:

TPK Guestbook 3.1.1 (PhpNuke Version)
See it at: http://www.tp-krefeld.de/modules.php?name=Guestbook
Download it at: http://www.phpnuke-module.de/

Nuke Guestbook 2.0.0 (PhpNuke Version)
http://www.codec-download.com/modules.php?name=Guestbook (English)
http://www.rideo.de/modules.php?cid=18&d_op=viewdownload&min=30&name=Downloads (German)

There are probably more PhpNuke versions out there.

Html code enabled does not appear to pose a risk, but that could be because the admin is using Sentinel (a must-have for PhpNuke Security!).

http://www.3hc.co.uk/studentsupport/ (PhpWebSite Version)
Note: Some CMS versions are based on early versions of Advanced Guestbook (not 2.3.1), so you should investigate re: security. Mods listed here may not work with these versions.

Well, that is most likely why you are getting this error message.

I, personally, don't think you should add the code from comment.php to any other file.

Since you mentioned Proxy2.de, if you click on their guestbook link, you will see that the address window shows http://proxy2.de/guestbook/. That is the index.php file in the guestbook directory. It is not any other file. The reason you see the top header and the menu on the left is because they have been integrated, but the guestbook is not included in another file.

I have done this two different ways. The method I prefer is to blend the index.php code with the headers and menu, but still call it index.php and it still goes in the guestbook directory. Another method is to change the header information in the guestbook directory's files. Somewhere on this site, Carbonize has written some instructions for that. You can either try to look up by keywords or look at posts from Carbonize until you find it.

If you post your link here so I can see your site, maybe I can fix the file for you.

Right, I got that. It sounds like index.php has already called up the header, but something else is calling it again. I'm asking why you are adding the comment code into an existing web page?

The problem has happened again. In adding the code for comment.php into an existing web page I get:

The problem has happened again. In adding the code for comment.php into an existing web page I get:

What, exactly, does that mean? Why would you need to add this code to an existing page? Perhaps that's your problem???

I have also created a database for the guestbook on My Sql for the program to run and create all the tables.
When I try using the install.php url on my site all I get is a blank with no error messages or anything.
Which url will take you to the setup??
Also down in the script under misc, what should the base url be to??

Not clear on the database tables? Did you create them or not? You either run guestbook.sql to create the tables or run install.php, not both.

First, make sure the permissions were set according to the readme.txt file.

If you are going to use the sql file:

Change the settings in admin/config.inc.php:
Around line 4:

Around line 59:

You can use guestbook/doc/guestbook.sql to create the tables in PhpMyAdmin. (If you need instructions see the last post in this thread: http://proxy2.de/forum/viewtopic.php?t=3510).

Then go to the Guestbook Admin Panel at:

http://www.yoursite.com/guestbook/admin.php

Log in using the username "test" and password "123"
Personalize your settings

or

If you prefer to use the install.php file, you call it from whatever directory you put the guestbook in (providing you actually put it on the server). example:

http://www.yoursite.com/guestbook/install.php

I haven't used the install.php, as I prefer the sql file. But I think that you might need to have permissions for admin/config.inc.php to 666. Then after sucessful install, you change config.inc.php permissions back to 654 and delete install.php for security reasons.

Writing this from memory, so hopefully I didn't forget anything.

Did you also check lib/comment.class.php for blank lines? And maybe check your index.php file again for blank lines. After your installation, did you edit or add anything? I have found that the type of editor you are using makes a difference. Some of them will actually add blank lines to the end of the files. You edit one area, save the file, and next thing you know the blank lines are there. :o Wordpad always does this to me, which is why I don't use it to edit php files.

Also, did you perform the search for cannot AND modify AND headers, as there might be other explanations besides the blank lines. There are numerous posts on this subject.

The poll list is shown in the Admin Panel.

Take a look at demo1 http://proxy2.de/poll/index.php
and demo3

Possibly one of these is what you want. If so, you will find the demo files in the poll program. You could open one of these files with a text editor and tweak, then save it as a new name.

Select "New Template Set", type in the template name and save it, and the directory and files are added to the templates folder.

I think Carbonize is the person to help you with this. He will be returning on Saturday and will contact you then.

Hi.
If I understand you correctly, you are still working with version 2.2? Just wanted to remind you of the vulnerability - anyone can get into your admin panel and hack the guestbook. Version 2.3.1 is the better choice.

That said, to create the tables using the sql file, you would:

Get into PhpMyAdmin and select the guestbook database (you should see a message saying it contains no tables)

On the right window pane, at the top menu, select "SQL"

When the SQL window comes up, there should be a box for you to input the SQL filename. Click on "browse" and navigate to the guestbook.sql file. Then click on "ok".

After processing the task, you should get a sucessful result. If successful, the guestbook tables will appear in the left (blue) pane.

If there is a problem, you will get an error message. If you get an error message, please make note of it for future help.

Should you prefer, I would be happy to upgrade you to 2.3.1.