+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Support (https://forum.kodi.tv/forumdisplay.php?fid=33)
+--- Forum: Supplementary Tools for Kodi (https://forum.kodi.tv/forumdisplay.php?fid=116)
+--- Thread: MediaFrontPage - Web interface with widget type architecture to control multiple apps (/showthread.php?tid=83304)
Pages:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
- SleepyP - 2011-05-30
steve1977 Wrote:Still keep on trying to get it running. I am now trying to include the respective lines in the "httpd.conf". Whenever I enter something wrong, it doesn't allow me to start the service, which is a great indicator of what I am doing (wrong)... Below the lines that apparently aren't working. What could I do better/different?
#====== DEFAULT VIRTUAL HOST ===========
# LOCALHOST
<VirtualHost _default_:80>
ServerName localhost
DocumentRoot C:/UniServer/www
<Location /sabnzbd>
ProxyPass http://192.168.1.120:9000/sabnzbd
ProxyPassReverse http://192.168.1.120:9000/sabnzbd
</Location>
</VirtualHost>
I'm pretty sure there is no conf.d directory in the Uniform server. My server box runs Linux so I couldn't tell you. You CAN just put the directives into your main conf file and they will take effect (as you have found). Try inserting this stuff before the <VirtualHost> directive.
Code:
ProxyRequests On
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
AuthType Basic
AuthName "Restricted"
AuthUserFile /var/www/.htpasswd
Require valid-user
</Proxy>- Aelius - 2011-05-30
SleepyP Wrote:I went ahead and committed a really basic version of the "servercheck" script I wrote https://github.com/DivinityCycle/mediafrontpage/blob/master/servercheck.php Can you try running this on your setup? It will ensure that your PHP, XML Lib, and Curl are all installed & working correctly, and will point it out if any of those are missing. I THINK those errors are caused by missing Curl. Can you report back if that's the case?
Sleepy,
here is the output of the file
If you have no text below, your PHP is not working.
If you can read this, PHP is working.
PHP Version 5.3.5
Lib XML found.
Curl found.
Cheers;
- _Mikie_ - 2011-05-30
Nick8888 Wrote:1. Whats the security vulnerability in the control widget?
I believe wControl allows you to set it to execute scripts. This is a security issue if you have not protected your website as someone could go to the link /mfp/widgets/wControl.php?..... and execute a script on your computer.
zarquon implemented a security feature which makes it harder for anyone to guess the link to this feature by including a apikey which must be entered as well. This apikey is in mfp's config.php so it knows where it is and can execute scripts if you want it to. Other people can't execute scripts until they now know both the link and the apikey
2. What all does settings $mfpsecured to true do?
setting mfpsecured to true means you have protected your mfp yourself and don't want mfp interferring. basically if you dont know what you are doing, keep it set to true.
3. How do I reload the nav.php and index.php. Like if I put a reload link in either it only reloads that particular one. Any ideas?
index.php will reload both as it contains two frames. one set to nav.php and the larger one set to mediafrontpage.php
1. Makes sense kinda. Still don't quite get how someone can change the control widget to execute an unwanted script but anyways.
2. Ok..
3. So if I put a reload link in the nav bar. How do I get it to reload everything. header("Location: only reloads the nav bar..
Thanks
- gugahoi - 2011-05-30
CoinTos Wrote:Here you go, there are 3 pregs now, if you need anymore or any adapted to some other useragent string I didn't think of let me know.
Download Source/Diff
Awesome! The link is not working for me tho.
_Mikie_ Wrote:1. Makes sense kinda. Still don't quite get how someone can change the control widget to execute an unwanted script but anyways.
It's a security thread cause some people can call a script with a url if there's no api number needed. EG.: say you've got a script that deletes a file or something. Someone can go to
Code:
http://your.url.com/widgets/wControl.php?script=deleteALL- _Mikie_ - 2011-05-30
gugahoi Wrote:Awesome! The link is not working for me tho.
It's a security thread cause some people can call a script with a url if there's no api number needed. EG.: say you've got a script that deletes a file or something. Someone can go toand then a file would be deleted. Possibly even worse with the way some hackers are wise.Code:http://your.url.com/widgets/wControl.php?script=deleteALL
O I see. That makes sense. Don't you wanna test this out and see if its feasible or not. The log-out has some issues due to me not knowing how to refresh everything and I think my session start isn't the best but it works..
https://github.com/Mikie-Ghost/mediafrontpage
- gugahoi - 2011-05-30
_Mikie_ Wrote:O I see. That makes sense. Don't you wanna test this out and see if its feasible or not. The log-out has some issues due to me not knowing how to refresh everything and I think my session start isn't the best but it works..
https://github.com/Mikie-Ghost/mediafrontpage
I'll give this a try, it looks interesting. One problem I can see tho, with a quick glance at your changes: both login and pass are saved as clear text in the config page right?
- _Mikie_ - 2011-05-30
gugahoi Wrote:I'll give this a try, it looks interesting. One problem I can see tho, with a quick glance at your changes: both login and pass are saved as clear text in the config page right?
Yeah they are. You can access the config info..? Didn't realize that. Oops. Will have to think about how to fix that one
- gugahoi - 2011-05-30
_Mikie_ Wrote:Yeah they are. You can access the config info..? Didn't realize that. Oops. Will have to think about how to fix that one
I'm not sure. I just thought about that because it's supposed to be a security fix so I would want it to be as secure as possible.
- _Mikie_ - 2011-05-30
gugahoi Wrote:I'm not sure. I just thought about that because it's supposed to be a security fix so I would want it to be as secure as possible.
I'd think its secure tho because mysql user/pass are stored in php files in plain text and there aren't problems there.
EDIT: Talking to some guys on php chat room and its all good to have them in plain text.
- _Mikie_ - 2011-05-30
gugahoi Wrote:It's a security thread cause some people can call a script with a url if there's no api number needed. EG.: say you've got a script that deletes a file or something. Someone can go toand then a file would be deleted. Possibly even worse with the way some hackers are wise.Code:http://your.url.com/widgets/wControl.php?script=deleteALL
Found a simple fix for this I think. The scripts are different files correct? Like delete.php would delete something?
If so then in wControl at the top we put
define('CHECK',1);
And then in delete.php we put
defined('CHECK') or die('Access denied.');
Basically what it does is check that the script was run from the link on the page and not the url bar
- _Mikie_ - 2011-05-30
How do I create a git branch and then make it show up on github?
- Nick8888 - 2011-05-30
_Mikie_ Wrote:How do I create a git branch and then make it show up on github?
Please try and keep this thread mfp related. You will get much better information for this question in a github thread/forum.
- DejaVu - 2011-05-30
drunkendragon Wrote:just downloaded your latest git. wSYSTEM works! Only have one problem left. I can scroll in comingEpisodes..sort of..but the scrollbar it self will only move 0,5cm.
Been away for 4 days, first time I saw this.
The scroll bar readjusts itself to the size required, if it only moves a small amount, it's because the the Coming Episodes list is not very big. If it's small enough to appear all on the screen, the scroll bar does not show at all.
If I am wrong and information is missing, please let me know.
Add a few more current TV Shows and see if the scroll bar grows.
Aelius Wrote:Hi guys,Xampp is outdated and breaks MFP because of the filenaming (PEAR also uses a config.php file in the GLOBAL Path I believe).
trying to get this working so I can play, am using xampp on win7, when I type in localhost i get this
Deprecated: Assigning the return value of new by reference is deprecated in C:\xampp\php\PEAR\Config.php on line 80
Deprecated: Assigning the return value of new by reference is deprecated in C:\xampp\php\PEAR\Config.php on line 166
Deprecated: Assigning the return value of new by reference is deprecated in C:\xampp\php\PEAR\Config\Container.php on line 111
Any suggestions?
Cheers;
You can either rename the PEAR folder to PEAR.OLD or I recommend using Uniform Server.
- The_Dogg - 2011-05-30
this has nothing to do with MFP, but I'm wondering why people blur/blank their coming episodes and library in screenshots?
- SleepyP - 2011-05-30
because they don't want people to say things like "You're watching The Fresh Prince! Are you maxing, relaxing, and playing some B Ball outside of the school?" LOL