wrong security code

[rbarrett]

Script URL: http://517prct.org/gbook/gbook.php
Version of script: 1.5
Hosting company:powweb.com
URL of phpinfo.php: http://517prct.org/gbook/phpinfo.php
URL of session_test.php: http://517prct.org/gbook/session_test.php
What terms did you try when SEARCHING for a solution: wrong security, image,

Write your message below:

Looks like a great guestbook solution, but I can't quite get over the hump on this. I am a newbie with php.

I created the guestbook per all instructions, but when I run it I always get the following errors:
Using a simple text-based security code: wrong security code (and the code does not show in the re-try page)
If I use the graphical tect, the image is not visible. (red X)
So I tried using no security code, and I get:

Couldn't open links file (http://517prct.org/gbook/xxxxxxxx.txt) for writing! Please CHMOD all http://517prct.org/gbook/xxxxxxxxx.txt to 666 (rw-rw-rw)!

But I checked the settings on the host server and the MODE is at 666.

I get the same errors testing from other computers and other browsers. The gd_test.php works fine.

As I said, I'm not much for php, but I suspect there are some base php settings not quite correct at the host.

I did check the error log after an attempt using a text-based secuity code and have the following result in my error log:

PHP Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0
PHP Warning: Unknown(): open(/var/php_sessions/sess_32b2b9ad8079184e792f9fd8f15bb343, O_RDWR) failed: No such file or directory (2) in Unknown on line 0
PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: open(/var/php_sessions/sess_b90af0f3ee9e3634a4568d46c09a8b55, O_RDWR) failed: No such file or directory (2) in /xxxxxxxxxxx/htdocs/gbook/gbook.php on line 46
PHP Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0
PHP Warning: Unknown(): open(/var/php_sessions/sess_b90af0f3ee9e3634a4568d46c09a8b55, O_RDWR) failed: No such file or directory (2) in Unknown on line 0
PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: open(/var/php_sessions/sess_47fe6b8c6ef6a9fbd0673fb854e6f405, O_RDWR) failed: No such file or directory (2) in /xxxxxxxxxxxxxxxxxxx/htdocs/gbook/gbook.php on line 46

In case it is useful, the root directory on the host is:
xxxxxxxxxxxxxxxxxxx/htdocs
Am I supposed to specify that somewhere?


Any help is greatly appreiciated.
Bob Barrett

[Klemen]

You have problems with sessions in general. The folder /var/php_sessions either doesn't exist or isn't writable. If you have root access make sure this folder exists and chmod it to 777 (rwxrwxrwx). If not ask your host to make this for you (tell them your PHP sessions aren't working).

Once this is fixed close all browser windows and try again. Then come back and say if it works or give any new errors that show up.

Regards,

[Klemen]

Two more things:

1. I deleted the root paths from your post, it's not safe to post them publicly.

2. you will need to CHMOD your entries text file (the one I renamed to xxxxxxxx.txt) to 666 (rw-rw-rw-). If you're not sure how to do that see this tutorial (look under CHMOD):
http://www.phpjunkyard.com/ftp-chmod-tutorial.php

[rbarrett]

Klemen,

Thanks for your advice. And for protecting my root info.

While trying to figure out how to fix it, I tried another approach that eventually solved the problem. It turns out that my hosting company, powweb.com, which promotes your guestbook code, also has an automated "Install Central" which automatically installs your scripts. I tried that and it worked. I then had to spend some time editing the settings scripts and header to get it to work completely. But it is now up and running.

Part of the problem is probably that I use Frontpage to manage my web pages locally, and use that to upload files. Yeah, I know. But it keeps things simple enough for me.

Thanks again for your help, and for the scripts.

Bob Barrett

[Klemen]

Hi,

You're welcome.

One final note though - I see powweb installed version 1.43, the latest one (with some extra features and big anti-spam improvements) is 1.5. I suggest you download the 1.5 again and manually upgrade the one currently installed on your server.

Upgrade from 1.43 is quick and easy, instructions are in readme.htm. You will have to CHMOD one file though (banned_ip.txt). I don't think you can do that with FrontPage, but it's really easy as explained in the link posted in my previous post.

[rbarrett]

Thanks again.

I upgraded to 1.5 without too much trouble. Seems to work fine. Even using Frontpage as the loader. Mode settings seemed to stick as they were without problems.

One minor note: In your readme instructions, I think you have a typo. In the section on how to upgrade from 1.4 to 1.5, statement 3 says to upload certain files including "settings.inc.php". I think you meant "settings.php".

Regards,

Bob B.

[rbarrett]

One more thing. Somewhere in the documentation, I thought I read that your new version also has some preventions to prevent the harvesting of email addresses. But I don't see that mentioned in the readme. And the one entry currently in my guestbook (http://517prct.org/gbook/) displays my email address wide open, and includes a "mailto:" link. At least it appears that way.

How are emails adddresses protected?

Bob Barrett
webmaster@517prct.org

[Klemen]

If you look at the HTML source of the GBook in your browser you will see it encodes chars like . : and @ in e-mail link. While it's good enough against the majority of spam harvesters it can still be retrieved, so you can consider hiding the e-mail address as explained here:
viewtopic.php?p=5419#5419

I think I'll include a setting to do this automatically in a future release.