hey, i'm not sure where this post should go, but anyways.
I'm having this phpnuke problem when I can't create my super user. It goes through the little admin loop problem.
register_globals is on.
Anyone care to help ?
Thanks.

This was happening with PerlDesk for a while and we finally found out on there forums all we needed to do was clear the cache in our browser and it worked... This may have nothing to do with your problem but its worth a shot I suppose.

DUMP that software fast. there are security problems with it.

go to postnuke.

I say this because if you want to get yourself open to a hack then you have choosen wisely.

Mike

thanks adehost for the suggestion, I'm pretty much fed up with php nuke. what a pain.

Try deleting the cookie, and the clear your cache (already suggested though). I had this problem when I ran 2 different nuke sites locally for testing.

Sometimes, with some servers, nuke seems to be picky. If you are gonig to try to stay with nuke, You can go to either http://www.nukeforums.com or http://www.nukesupport.com as this issue has been addressed many times and fixes are posted there. The version number you have is also quite useful.

About securing nuke, a little more than the default installation, you can delete any modules you are not using, and for gods sake if you have the file manager module, dump it! After you get your site configured mark the config.php file 755. DO NOT, repeat DO NOT follow the instructions for uploading nuke about chmod'ing. Any folder that is 777 is a security risk, unless you have a gallery, or upload script that saves files into a directory (only one file should really be 777 and thats ultramode.txt. With a lot of work and I mean a lot of work, you can get nuke secured pretty good, but there are other options for CMS.

Or if you're insane :D, you can mess with the code yourself, and clear out some crap you dont want, or want to use. Dont be afraid to change it (lord only knows how many changes I have done to 5.5. It was enough changes it took me 8 hours to transfer all my 5.5 data to my new custom version of 5.6 :eek2: cause I had to do it all by hand)

Just a side note. I have successfully installed nuke on linux, Windows 2k, many times. Just dont use nuke for a mission critical, or important site. ;)

Just my 2 cents.

Get PostNuke
http://www.postnuke.com

yepp!
grab postnuke
and you can go to our site to grab our free themes http://www.vipixel.com

enjoy postnuke
Brumie

Ok, I got a few PM's about why I am so forceful about dumping phpnuke and having clients try POSTNUKE.

top of the list.

Security: security for phpnuke is bad when done as a fresh install, there are to many known breaches that are not solved within a relitive short time ( short time equal 2 weeks for me )

Post nuke, on the discovery of a problem ( security ) get's a patch fix within 2 or 3 days. also the install already leaves it at a good level of security.


instalation : easy for both packages

Server resources: as it sit currently post nukes' .70 series is faster and the code is cleaner. The I/O demands are 15% to 30% less than phpnuke.

the .80 series is the tunning stages so that could mean even less cpu usage from software.


Remmember folks, once a system is breached it's only a few more steps to root.

Mike

I realy don't get why folk want to slap on a cms as big as phpnuke or postnuke and expect it to have no problems from the start. I mean what?

I don't know about postnuke, but as far as phpnuke goes this is what I would do.

1. Use my own filters to make sure no dirty commands can accidentaly enter the system via url.

2. Use Arachnophilia, open EVERY file then rename every instance of config.php to a different file name. One of the menu links has to be done manualy.

3. Take out the server info from config.php then use an include to include the server variables from ???.php in a directory that uses htaccess authentication.

4. Del that file mananger.

5. Check permissions throughout

6. Check MySQL tables/db/users are set properly! Some folk get their sites up and dont even set pw for db

7. Make a cron job to grab the latest rss from phpnuke.org and have it there included only in my admin area so I can check everytime I go to admin that there is no security breach at phpnuke.org
Also cron a regex to pick up alert words in the phpnuke.org backend and pop email to admin when news is suspect to being security related.

Thats what id do.

Of course, you could always go with poshnuke and you will not have anything to worry about. So they say.

:)

Originally posted by Gadgy
I realy don't get why folk want to slap on a cms as big as phpnuke or postnuke and expect it to have no problems from the start. I mean what?

Of course, you could always go with poshnuke and you will not have anything to worry about. So they say.

:)

I was just slamming the phpnunke, not post nuke.

I like the way you run it.

but I was are talking about at the web host level not the end user level. Where as your way of installing takes about an extra 45 minutes on top of the install. I'm talking about spending little extra time ( just rechecking everything )

What you point out is what a good user would do. but how many people do we all know that just run everything as default. Many in my case. so I would rather have the default instalation being slightly tighter and safer than having a weak system up and running.

Mike

Talking about security, just heard a knock at the doot, shouted come it, looked around and two Police standing in the room behind me.!

Anyway,

I see your point, I think the one of the main problems with these type of packages is the lack of information that comes with them regarding customisation for security, as you say many systems are installed with default permissions and the normal users are hardly going to know what security levels must used to secure that type of system.

Guess I often forget I am a user, not a host! Yet.

I like the way you run it too. Good luck!

:)

hello, you may also want to try XOOPS at www.xoops.org

I had that prblem before and soemone I knew told me to just go to the includes folder and open pnSession.php and change line 80:

if (pnConfigGetVar('intranet') == false) {

to:

if (pnConfigGetVar('intranet') == true) {