MuWeb 0.8 Secured and Clean [UPDATE 2]

[howtobeanoob]

100% SQL Inject and XSS Security (tested with "acunetix web vulnerability scanner 6")

Changelog:

Code:

deleted logs.php
deleted signature.php
deleted /modules/user/signature.php
deleted /logs
deleted modules/webshop.php
deleted modules/gallery
deleted modules/gallery.php
deleted modules/usergallery
deleted modules/usergallery.php
deleted modules/events.php
deleted modules/forum.php
deleted modules/index.php
deleted modules/rankings/index.php
deleted modules/user/index.php
deleted modules/user/uploadscreen.php
deleted modules/user/mail.php
deleted images/index.php
deleted images/content/index.php
deleted images/middle_content/index.php
deleted images/top_content/index.php
deleted images/signature.jpg
deleted images/valid-html401.png
deleted images/firefox.jpg
deleted images/msg_read.gif
deleted images/msg_unread.gif
deleted images/msg_unread.jpg
deleted images/muonlinebanner.gif
deleted images/mu404_back
deleted images/01.jpg
deleted images/02.jpg
deleted images/03.jpg
added check for GET, POST, SESSION, COOKIE and SERVER requests in index.php
added xss security code in index.php +logs
added htaccess file
added htaccess file in /administrator
deleted includes/user_gallery.php
deleted includes/show_webshop.php
deleted includes/index.php
added htaccess file in /modules
added htaccess file in /includes
deleted includes/denied.php
edited modules/user.php
deleted modules/user/request.php
edited index.php
moved includes/helptip.js to /helptip.js
moved includes/js/tabpane.js to /tabpane.js
moved includes/textfader.js to /textfader.js
moved includes/image_verify.php to /image_verify.php
edited includes/ads.txt
deleted includes/show_events.php
deleted includes/mail_sent.php
deleted includes/events_manger.php
edited administrator.php
deleted administrator/events.php
deleted administrator/logs.php
deleted administrator/webshop.php
deleted includes/log_functions.php

Downloads:
Mirror 1, Mirror 2


[UPDATE 1]

Changelog:

Code:

edited index.php (the last row ^^ [the comment tag, with the my credits ^^, if you want, you're free to remove it from there, but i will be happy if you save him])
config.php moved to /includes (with the .htaccess on /include - the file [includes/config.php] access is denied)
created new config.php who include includes/config.php (with include check security code [if you try to open includes/config.php, and if the check does not confirm, you will be redirect to ../index.php. But don't forget we also have and the .htaccess with order allow,deny = 2 security methods)
edited install/install2.php (changed config location)
deleted includes/adodb/tests
deleted includes/adodb/cute_icons_for_site
deleted includes/adodb/session/old
deleted includes/adodb/pear/readme.Auth.txt
deleted includes/adodb/license.txt
deleted includes/adodb/readme.txt
edited modules/user.php (fixed)
edited includes/web_modules.php (changes [function modules } else {])
deleted modules/user/profile.php
deleted modules/user/warp.php
deleted modules/user/gm.php
deleted modules/user/accountinfo.php
edited .htaccess - added error 404 redirect (please edit the last row, and change the 127.0.0.1 with your WAN ip)

Download: Mirror 1, Mirror 2, Mirror 3, Mirror 4, Mirror 5

(Dudes, please delete 1.js ^^)


[UPDATE 2]
Changelog:

Code:

deleted 1.js ^^ (when i added .htaccess on /includes, and when i test the allow order on .js files and when i moved the .js files from /includes to / ^^ (this is only one test file, i'm sorry but I forgot to delete it..))
fixed LOGIN (index.php)
added a new row in /.htaccess, and administrator/.htaccess, and includes/.htaccess, and modules/.htaccess :D
clean modules/user.php (old size: 3,079 bytes, now is: 2,140 bytes)
deleted modules/profile.php
clean modules/character.php (old size: 9,584 bytes, now is: 9,477 bytes)
deleted modules/war.php
deleted includes/accountinfo.php
deleted includes/mail_inbox.php
deleted includes/mail_functions.php
clean includes/admin_functions.php (old size: 32,669 bytes, now is: 22,895 bytes) + some fixes
clean includes/character.class.php (old size: 39,131 bytes, now is: 30,909 bytes) + some fixes
clean install/install2.php
deleted $_SESSION check in index.php

Downloads: Mirror 1, Mirror 2, Mirror 3, Mirror 4
--------------------------------------------------------
Important: Before install him, enable Module rewrite: open your_webserver/apache/conf.cfg, find #LoadModule rewrite_module modules/mod_rewrite.so, and delete the "#" before LoadModule!
Important: open the htaccess file and edit the last row, and change the 127.0.0.1 with your WAN/(GLOBAL) ip!

Credits: =Master=, howtobeanoob

I will be happy if you find the bug and share it here

Install is bugged. After installing cannot create accounts..
Them copied just the install folder from original muweb. and installed by it.
Now it works :)

Fatal error: Call to a member function fetchrow() on a non-object in C:\xampp\htdocs\modules\statistics.php on line 80

Change the modules/statistics.php with the original file from the mu web 0.8, or from the [UPDATE 1]

[MentaL]

[KarLi]

Approved it is.

[darkmagician280]

thank for share

[ulfsark]

Nice release, I like this engine better than mucore.

[howtobeanoob]

Updated

[fahmim456]

thanks for share this...

[howtobeanoob]

thank for share

thanks for share this...

no problem

-----------------
edit: LOGIN FIXED Patch DONE!

[Magic_Lord]

I can't install the site using apache server 2.60 please help!

[howtobeanoob]

I can't install the site using apache server 2.60 please help!

What is the problem ?
Edit: download [UPDATE 1] and LOGIN fix, after this, open http://127.0.0.1/install/install.php and install the web ?

[Magic_Lord]

What is the problem ?
Edit: download [UPDATE 1] and LOGIN fix, after this, open http://127.0.0.1/install/install.php and install the web ?

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, a and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.


I get that error when I try to install it.

[howtobeanoob]

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, a and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.


I get that error when I try to install it.

Do you can give me the information in the error log ?
BTW: What is your PHP Version and configuration ?

[=Zeh=]

Here:

Warning: array_map() [function.array-map]: Argument #2 should be an array in C:\xampp\htdocs\web\index.php on line 18

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\web\index.php:2) in C:\xampp\htdocs\web\index.php on line 25

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\web\index.php:2) in C:\xampp\htdocs\web\index.php on line 26


Thats what i got... Already isntalled

[howtobeanoob]

delete row 18 on index.php

PHP Code:

$_SESSION = array_map("sqlrequestscheck", $_SESSION); 


or download [UPDATE 2]

edit: [UPDATE 2] is now available

[=Zeh=]

delete row 18 on index.php

PHP Code:

$_SESSION = array_map("sqlrequestscheck", $_SESSION); 


or download [UPDATE 2]

edit: [UPDATE 2] is now available

Install is bugged. After installing cannot create accounts..

Them copied just the install folder from original muweb. and installed by it.

Now it works :)

[howtobeanoob]

I want to appeal to all: what is your assessment of the Web, from 1 to 10?