PHPJunkyard support forum

You probably have a wrong URL set for GBook URL in your settings file.

The variable is $settings['gbook_url'] and it should be set on the URL of the gbook.php on your server, such as http://www.yourwebsite.com/gbook/gbook.php

Perhaps you added a wrong link in the settings.php to your guestbook page?
There is no way for us to check it unless you post a link to your guestbook.

Greetings,
Henrie

EDIT: Oops, I did not notice Klemen's response on page 2

Solved problem regarding manual approval procedure. My error - a simple addressing mistake I missed. It works well now. Apologies.

Klemen wrote:After a few tests this file may fix the problem, upload it instead of original gbook.php file:
http://www.phpjunkyard.com/extras/gbook17_evalfix.zip

If it does fix your problem please let me know.

Hi there

Sadly this doesnt fix my problem, my scanner (AVG Anti-Virus Business Edition 2011) still blocks the gbook.php file.
As information I use jquery.js to load the gbook.php file to my content <div>.

Does someone have any further suggestions?

Try adding an exception (whitelist/ignore the file) so your antivirus allows it.

thx for ur help.
This could work for me probably yes but what about all the other users which acces my website? they would have to do this also which makes no sense.
do u have any other suggestions?

Wait, did the error show on your server or when you opened the guestbook in your browser?

If the latter then you probably do have infected website and it's not the usual server-side false alarm because of the base_64 decode code.

It would help if you posted a link to your guestbook.

Hi

New to Gbook and just installed v1.7. However I cannot seem to see where I can change sign guestbook in the header to something else. I read from older posts it was in gbook.php, but it does not appear there in my version. Could you tell me where it has been hidden.

Many thanks

The texts are in the language file language.inc.php in the gbook folder.
You can change the texts in that file or make a copy of the file with a new name and choose that filename in the settings.php file at the setting $settings['language']='language.inc.php';

Greetings,
Henrie

When will there be a new version of GBook???
My hosting company has removed GBook from their server. They have updated the security and they say GBook is a risk, because ithe script is too old..... They say I must make another guestbook that is up-to-date. But I don't want that, I want GBook, because I like it a lot!!! And I will lose all what is writen in the guestbook if I need to make another one...
So please, can you make the script up-to-date?

I am not the writer of the GBook script. But in my opinion version 1.7 is up to date.
Just because it is old (4.5 years) does not mean that the script causes a security risk. The code is well written and as far as I know it is not possible to use the script for anything other than for what it was written to do.
You should ask your hosting company what security risk they have found in the script. Because a file date can never be reason to say that it causes a security risk. A script should not have to be updated just to give it a new date.

This is my opinion. I am curious as to what Klemen's opinion is.

Greetings,
Henrie

Henrie, I totally agree with you! But my hosting company think the script is a risk.... I will try to translate what they told me (I'm Dutch, like you!): "he code is risky because in 2009 the programming was different from what they do now. We also have to think about other customers and overall safety on our servers."
I don't know if that is true, because a few years ago I learned myself html code, but php I have never learned... I don't know if php changed and the scripting is different now.
I aleady told my hosting company, that I only host a hobby website and nobody will do something to it that will give any risks..... But they won't make an exception.

It is insane to call GBook a security risk, just because it's been developed in 2009.

On contrary, it has proven to be very secure with 0 vulnerabilities discovered since 2009. It proved stable and secure.

Just because a script is developed in 2014 doesn't have anything to do with it's security. Nothing!

If I heard such a poor excuse from my hosting company I would run away and never look back. There are thousands of better hosting companies out there.




...



That said - I know GBook hasn't been updated for a long time. I really will try to push out an update, but just to improve functionality and not because any security aspects need to be fixed.

I couldn't help myself so I searched who your host is.

I am horrified to learn that your host seriously has no idea what security is.

1. On their website they offer an API script, written by your host, that has been last changed in February 2007. Furthermore, the API script does absolutely zero validation of input data.

2. The "Contact" form script the provide has absolutely no input validation and is vulnerable to all kinds of attacks, including spamming by header injections.

3. They are using a slightly modified (an illegal, actually) version of my CCount script to count their downloads.

Klemen, are you talking about mý host company? That would be terrible! To keep GBook of my site ánd use very old scripts themselves and even worse.......
I am talking to their support about this issue and with your permission I will post your messages to me there! I want to know what they will answer....