[SOLVED]Yikes - I can't edit my pages

[wakewatcher]

What I love about CMS is you can set it and forget it.  I use it as a front end to some other stuff.  I haven't modified it just you links to link into my other stuff.  The content is pretty static.  A couple of changes a month.  Mostly "news." In fact I haven't looked at editing pages for a couple of months.  Today however when I tried to edit any of the pages I get a browser "done" message and the content part of the page is blank.  I seem to be able to edit everything else.  Maybe I'm missing a step? Thanks in advance for any help.  (ps. I'm on version 1.5.2)

[jmcgin51]

system information?

upgrade to 1.6.6 and see if the issue continues?  (obviously create backup first, etc.)

[jmcgin51]

please post your system information.

if you turn debug on, what errors do you get?

1.5.2 is not supported, so until you get it upgraded, we're not going to be able to help much.

[wakewatcher]

I've now upgraded the original instance as well with no improvement.  Thx for any ideas.
This seems really bizarre as I seem to be able to edit/add everything except content pages.  Does this ring a bell for anyone? 

[wakewatcher]

Here is the system Info.

----------------------------------------------

Cms Version: 1.6.6

Installed Modules:

   * CMSMailer: 1.73.14
   * FileManager: 1.0.1
   * MenuManager: 1.6.2
   * ModuleManager: 1.3.1
   * News: 2.10.3
   * nuSOAP: 1.0.1
   * Printing: 1.0.4
   * Search: 1.6.1
   * ThemeManager: 1.1.1
   * TinyMCE: 2.5.5


Config Information:

   * php_memory_limit:
   * process_whole_template: true
   * max_upload_size: 2000000
   * default_upload_permission: 664
   * assume_mod_rewrite: false
   * page_extension:
   * internal_pretty_urls: false
   * use_hierarchy: false


Php Information:

   * phpversion: 5.2.11
   * md5_function: On (True)
   * gd_version: 2
   * tempnam_function: On (True)
   * magic_quotes_runtime: Off (False)
   * memory_limit: 128M
   * max_execution_time: 30
   * safe_mode: Off (False)
   * session_save_path: /tmp (1777)
   * session.use_cookies: On (True)


Server Information:

   * Server Api: apache2handler
   * Server Db Type: MySQL (mysql)
   * Server Db Version: 5.0.85


----------------------------------------------

Anybody see anything wrong with this config.php?  (Other than the database details I removed.)

Code: Select all

# Output compression?
# Turn this on to allow CMS to do output compression
# this is not needed for apache servers that have mod_deflate enabled
# and possibly other servers.  But may provide significant performance
# increases on some sites.  Use caution when using this as there have
# been reports of incompatibilities with some browsers.
$config['output_compression'] = false;

#-----------------
#Database Settings
#-----------------

#This is your database connection information.  Name of the server,
#username, password and a database with proper permissions should
#all be setup before CMS Made Simple is installed.
$config['dbms'] = 'mysql';
$config['db_hostname'] = 'localhost';
$config['db_username'] = 'db_username';
$config['db_password'] = ''db_password';
$config['db_name'] = 'db_name';
#Change this param only if you know what you are doing
$config["db_port"] = '';


#If app needs to coexist with other tables in the same db,
#put a prefix here.  e.g. "cms_"
$config['db_prefix'] = 'cms_';

#Use persistent connections?  They're generally faster, but not all hosts
#allow them.
$config['persistent_db_conn'] = false;

#Use ADODB Lite?  This should be true in almost all cases.  Note, slight
#tweaks might have to be made to date handling in a "regular" adodb
#install before it can be used.
$config['use_adodb_lite'] = true;

#-------------
#Path Settings
#-------------

#Document root as seen from the webserver.  No slash at the end
#If page is requested with https use https as root url
#e.g. http://blah.com
$config['root_url'] = 'http://bayviewgrand.org';
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
{
$config['root_url'] = str_replace('http','https',$config['root_url']);
}

#Path to document root. This should be the directory this file is in.
#e.g. /var/www/localhost
$config['root_path'] = '/home/bayviewg/www';

#Name of the admin directory
$config['admin_dir'] = 'admin';

#Where do previews get stored temporarily?  It defaults to tmp/cache.
$config['previews_path'] = '/home/bayviewg/www/tmp/cache';

#Where are uploaded files put?  This defaults to uploads.
$config['uploads_path'] = '/home/bayviewg/www/uploads';

#Where is the url to this uploads directory?
$config['uploads_url'] = $config['root_url'] . '/uploads';


#---------------
#Upload Settings
#---------------

#Maxium upload size (in bytes)?
$config['max_upload_size'] = 2000000;

#Permissions for uploaded files.  This only really needs changing if your
#host has a weird permissions scheme.
$config['default_upload_permission'] = '664';

#------------------
#Usability Settings
#------------------

#Allow smarty {php} tags?  These could be dangerous if you don't trust your users.
$config['use_smarty_php_tags'] = false;

#Automatically assign alias based on page title?
$config['auto_alias_content'] = true;

#------------
#URL Settings
#------------

#What type of URL rewriting should we be using for pretty URLs?  Valid options are:
#'none', 'internal', and 'mod_rewrite'.  'internal' will not work with IIS some CGI
#configurations. 'mod_rewrite' requires proper apache configuration, a valid
#.htaccess file and most likely {metadata} in your page templates.  For more
#information, see:
#http://wiki.cmsmadesimple.org/index.php/FAQ/Installation/Pretty_URLs#Pretty_URL.27s
$config['url_rewriting'] = 'none';

#Extension to use if you're using mod_rewrite for pretty URLs.
$config['page_extension'] = '';

#If you're using the internal pretty url mechanism or mod_rewrite, would you like to
#show urls in their hierarchy?  (ex. http://www.mysite.com/parent/parent/childpage)
$config['use_hierarchy'] = false;

#If using none of the above options, what should we be using for the query string
#variable?  (ex. http://www.mysite.com/index.php?page=somecontent)
$config['query_var'] = 'page';

#--------------
#Image Settings
#--------------

#Which program should be used for handling thumbnails in the image manager.
#See http://wiki.cmsmadesimple.org/index.php/User_Handbook/Admin_Panel/Content/Image_Manager for more
#info on what this all means
$config['image_manipulation_prog'] = 'GD';
$config['image_transform_lib_path'] = '/usr/bin/ImageMagick/';

#Default path and URL for uploaded images in the image manager
$config['image_uploads_path'] = '/home/bayviewg/www/uploads/images';
$config['image_uploads_url'] = $config['root_url'] . '/uploads/images'; 


#------------------------
#Locale/Encoding Settings
#------------------------

#Locale to use for various default date handling functions, etc.  Leaving
#this blank will use the server's default.  This might not be good if the
#site is hosted in a different country than it's intended audience.
$config['locale'] = '';

#In almost all cases, default_encoding should be empty (which defaults to utf-8)
#and admin_encoding should be utf-8.  If you'd like this to be different, change
#both.  Keep in mind, however, that the admin interface translations are all in
#utf-8, and will be converted on the fly to match the admin_encoding.  This
#could seriously slow down the admin interfaces for users.
$config['default_encoding'] = 'utf-8';
$config['admin_encoding'] = 'utf-8';

#This is a mysql specific option that is generally defaulted to true.  Only
#disable this for backwards compatibility or the use of non utf-8 databases.
$config['set_names'] = false;

# URL of the Admin Panel section of the User Handbook
# Set none if you want hide the link from Error
$config['wiki_url'] = 'http://wiki.cmsmadesimple.org/index.php/User_Handbook/Admin_Panel';

?>

[wakewatcher]

@ jmcgin51:

As you recommended I upgraded and I've turned on debug.  ($config['debug'] = true;) and get lots of debug information (all good I think) as I get to the "content>>pages" but when I click on any page link on that page the page just goes blank below the line that contains, for example. Content » Pages » Edit Page: Home and the browser pronounces "done".  Here is the page source if it helps.

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<__html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta name="Generator" content="CMS Made Simple - Copyright (C) 2004-9 Ted Kulp. All rights reserved." />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex, nofollow" />
<link rel="shortcut icon" href="themes/NCleanGrey/images/layout/ncleangrey-favicon.ico" />
<link rel="Bookmark" href="themes/NCleanGrey/images/layout/ncleangrey-favicon.ico" />
<title>Edit Page: Home | Bay View Grand Owners Forum</title>
<link rel="stylesheet" type="text/css" href="style.php" />
<!--[if IE]>
<style type="text/css">
ul#nav li ul  {
filter: alpha(opacity=95);
}
/* Nav Tools  */
div.MainMenu { 
filter: alpha(opacity=90);
}
</style>
<![endif]-->
<!--[if lt IE 7]>
<link rel="stylesheet" type="text/css" href="themes/NCleanGrey/css/ie6.css" />
<![endif]-->
<!-- THIS IS WHERE HEADER STUFF SHOULD GO -->
<__script__ type="text/javascript" src="themes/NCleanGrey/includes/standard.js"></__script><__script__ type="text/javascript" src="../lib/scriptaculous/prototype.js"></__script><__script__ type="text/javascript" src="../lib/scriptaculous/scriptaculous.js"></__script><__script__ type="text/javascript" src="../lib/scriptaculous/cmsext.js"></__script>

<__script__ type="text/javascript" charset="UTF-8">
/* <![CDATA[ */
try { if (undefined == xajax.config) xajax.config = {}; } catch (e) { xajax = {}; xajax.config = {}; };
xajax.config.requestURI = "http://bayviewgrand.org/admin/editcontent.php?sp_=b0a56257&content_id=15&page=";
xajax.config.statusMessages = false;
xajax.config.waitCursor = true;
xajax.config.version = "xajax 0.5";
xajax.config.legacy = false;
xajax.config.defaultMode = "asynchronous";
xajax.config.defaultMethod = "POST";
/* ]]> */
</__script>
<__script__ type="text/javascript" src="../lib/xajax/xajax_js/xajax_core.js" charset="UTF-8"></__script>
<__script__ type="text/javascript" charset="UTF-8">
/* <![CDATA[ */
window.setTimeout(
 function() {
  var scriptExists = false;
  try { if (xajax.isLoaded) scriptExists = true; }
  catch (e) {}
  if (!scriptExists) {
   alert("Error: the xajax Javascript component could not be included. Perhaps the URL is incorrect?\nURL: ../lib/xajax/xajax_js/xajax_core.js");
  }
 }, 2000);
/* ]]> */
</__script>

<__script__ type='text/javascript' charset='UTF-8'>
/* <![CDATA[ */
xajax_ajaxpreview = function() { return xajax.request( { xjxfun: 'ajaxpreview' }, { parameters: arguments } ); };
/* ]]> */
</__script>

<__script__ type="text/javascript">
  // <![CDATA[

window.Edit_Content_Apply = function(button)
{
	tinyMCE.triggerSave();
	$('Edit_Content_Result').innerHTML = '';
	button.disabled = 'disabled';
	var data = new Array();
	data.push('ajax=1');
	data.push('applybutton=1');

	var elements = Form.getElements($('contentform'));
	for (var cnt = 0; cnt < elements.length; cnt++)
	{
		var elem = elements[cnt];
		if (elem.type == 'submit')
		{
			continue;
		}
		var query = Form.Element.serialize(elem);
		data.push(query);
	}

	new Ajax.Request(
		'/admin/editcontent.php?sp_=b0a56257&content_id=15&page='
		, {
			method: 'post'
			, parameters: data.join('&')
			, onSuccess: function(t)
			{
				button.removeAttribute('disabled');
				var xml = t.responseXML;
				var response = xml.documentElement.childNodes[0];
				var details = xml.documentElement.childNodes[1];
				if (response.textContent) { response = response.textContent; } else { response = response.text; } 
				if (details.textContent) { details = details.textContent; } else { details = details.text; }
				
				var htmlShow = '';
				if (response == 'Success')
				{
					htmlShow = '<div class="pagemcontainer"><p class="pagemessage">' + details + '<\/p><\/div>';
				}
				else
				{
					htmlShow = '<div class="pageerrorcontainer"><ul class="pageerror">' + details + '<\/ul><\/div>';
				}
				$('Edit_Content_Result').innerHTML = htmlShow;
			}
			, onFailure: function(t)
			{
				alert('Could not save: ' + t.status + ' -- ' + t.statusText);
			}
		}
	);

	return false;
}
  // ]]>
</__script><base href="http://bayviewgrand.org/admin/" />
</head>
</__body##BODYSUBMITSTUFFGOESHERE##>
<div id="ncleangrey-container"><div id="logocontainer"><img src="themes/NCleanGrey/images/logoCMS.png" alt="Bay View Grand Owners Forum" title="Bay View Grand Owners Forum" /><div class="logotext">CMS Made Simple Admin Console - Bay View Grand Owners Forum<br />Welcome: bvgadmin</div></div><div class="topmenucontainer">

	<ul id="nav">
		<li><a href="index.php?sp_=b0a56257">CMS</a><ul><li><a href="index.php?sp_=b0a56257">Home</a></li><li><a href="../index.php" rel="external">View Site</a></li><li><a href="logout.php?sp_=b0a56257">Logout</a></li></ul></li>
		<li><a href="topcontent.php?sp_=b0a56257" class="selected">Content</a><ul><li><a href="listcontent.php?sp_=b0a56257" class="selected">Pages</a></li><li><a href="imagefiles.php?sp_=b0a56257">Image Manager</a></li><li><a href="listhtmlblobs.php?sp_=b0a56257">Global Content Blocks</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=FileManager">File Manager</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=News">News</a></li></ul></li>

		<li><a href="toplayout.php?sp_=b0a56257">Layout</a><ul><li><a href="listtemplates.php?sp_=b0a56257">Templates</a></li><li><a href="listcss.php?sp_=b0a56257">Stylesheets</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=MenuManager">Menu Manager</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=ThemeManager">Theme Manager</a></li></ul></li>
		<li><a href="topusers.php?sp_=b0a56257">Users & Groups</a><ul><li><a href="listusers.php?sp_=b0a56257">Users</a></li><li><a href="listgroups.php?sp_=b0a56257">Groups</a></li><li><a href="changegroupassign.php?sp_=b0a56257">Group Assignments</a></li><li><a href="changegroupperm.php?sp_=b0a56257">Group Permissions</a></li></ul></li>

		<li><a href="topextensions.php?sp_=b0a56257">Extensions</a><ul><li><a href="listmodules.php?sp_=b0a56257">Modules</a></li><li><a href="listtags.php?sp_=b0a56257">Tags</a></li><li><a href="listusertags.php?sp_=b0a56257">User Defined Tags</a></li><li><a href="eventhandlers.php?sp_=b0a56257">Event Manager</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=CMSMailer">CMSMailer</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=ModuleManager">Module Manager</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=Printing">Printing</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=Search">Search</a></li><li><a href="moduleinterface.php?sp_=b0a56257&module=TinyMCE">TinyMCE WYSIWYG</a></li></ul></li>

		<li><a href="topadmin.php?sp_=b0a56257">Site Admin</a><ul><li><a href="siteprefs.php?sp_=b0a56257">Global Settings</a></li><li><a href="pagedefaults.php?sp_=b0a56257">Page Defaults</a></li><li><a href="systeminfo.php?sp_=b0a56257">System Information</a></li><li><a href="checksum.php?sp_=b0a56257">System Verification</a></li><li><a href="adminlog.php?sp_=b0a56257">Admin Log</a></li></ul></li>
		<li><a href="topmyprefs.php?sp_=b0a56257">My Preferences</a><ul><li><a href="edituser.php?sp_=b0a56257">My Account</a></li><li><a href="editprefs.php?sp_=b0a56257">User Preferences</a></li><li><a href="listbookmarks.php?sp_=b0a56257">Manage Shortcuts</a></li></ul></li>

	</ul>

	<div id="nav-icons_all"><ul id="nav-icons">

	<li class="viewsite-icon"><a  rel="external" title="View Site"  href="../index.php">View Site</a></li>

	<li class="logout-icon"><a  title="Logout"  href="logout.php">Logout</a></li>

	</ul></div>
	<div class="clearb"></div>

</div>
<div class="breadcrumbs"><p class="breadcrumbs"><a class="breadcrumbs" href="topcontent.php?sp_=b0a56257">Content</a> » <a class="breadcrumbs" href="listcontent.php?sp_=b0a56257">Pages</a> » Edit Page: Home</p></div><div class="hstippled"> </div><div id="MainContent">
<div class="navt_menu">
<div id="navt_display" class="navt_show" onclick="change('navt_display', 'navt_hide', 'navt_show'); change('navt_container', 'invisible', 'visible');"></div>
<div id="navt_container" class="invisible">
<div id="navt_tabs">
<div id="navt_bookmarks">Shortcuts</div>
</div>

<div style="clear: both;"></div>
<div id="navt_content">
<div id="navt_bookmarks_c">
<a href="makebookmark.php?sp_=b0a56257&title=Edit%26nbsp%3BPage%3A+Home">1. Add Shortcut</a><br />
<a href="listbookmarks.php?sp_=b0a56257">2. Manage Shortcuts</a><br />
</div>
</div>
</div>
<div style="clear: both;"></div>
</div>
<div id="Edit_Content_Result"></div>

[Rolf]

Code: Select all

</head>
</__body##BODYSUBMITSTUFFGOESHERE##>
<div id="ncleangrey-container">

Code: Select all

<div style="clear: both;"></div>
<div id="navt_content">
<div id="navt_bookmarks_c">
<a href="makebookmark.php?sp_=b0a56257&title=Edit%26nbsp%3BPage%3A+Home">1. Add Shortcut</a><br />
<a href="listbookmarks.php?sp_=b0a56257">2. Manage Shortcuts</a><br />
</div>
</div>
</div>
<div style="clear: both;"></div>
</div>
<div id="Edit_Content_Result"></div>

The code just stops... 

Just to be save, add this to the config.php:

Code: Select all

ini_set('max_execution_time', 60);

That can't be a problem anymore now.

Can you please also look in to the index.php in the admin folder, do you see there some strange code in it???

Grtz. Rolf

[wakewatcher]

Thanks for your dive into this.

Just to be save, add this to the config.php:

Code: Select all

ini_set('max_execution_time', 60);

That can't be a problem anymore now.

I changed this and the page source didn't change. (If it was suppose to.)

Here is the index.php file from the admin folder.

Code: Select all

<?php
#CMS - CMS Made Simple
#(c)2004 by Ted Kulp (wishy@users.sf.net)
#This project's homepage is: http://cmsmadesimple.sf.net
#
# For brevity I stripped most of the comments out.
#$Id: index.php 5400 2009-01-15 01:51:57Z calguy1000 $

$CMS_ADMIN_PAGE=1;
$CMS_TOP_MENU='main';
$CMS_ADMIN_TITLE='adminhome';
$CMS_ADMIN_TITLE='mainmenu';
$CMS_EXCLUDE_FROM_RECENT=1;

require_once("../include.php");

// if this page was accessed directly, and the secure param name is not in the URL
// but it is in the session, assume it is correct.
if( isset($_SESSION[CMS_USER_KEY]) && !isset($_GET[CMS_SECURE_PARAM_NAME]) )
  {
    $_GET[CMS_SECURE_PARAM_NAME] = $_SESSION[CMS_USER_KEY];
  }

check_login();

global $gCms;
$db =& $gCms->GetDb();

include_once("header.php");
$themeObject->ShowShortcuts();
$themeObject->DisplaySectionMenuDivStart();
$themeObject->DisplayAllSectionPages();
$themeObject->DisplaySectionMenuDivEnd();
include_once("footer.php");

# vim:ts=4 sw=4 noet
?>

Interesting when I look in the admin folder I see the file 234118.php.  Seems like an odd name for a such a well thought out product.  May be nothing but it contains:

Code: Select all

xxxxxxxxxxxxx

[Rolf]

Interesting when I look in the admin folder I see the file 234118.php.  Seems like an odd name for a such a well thought out product.  May be nothing but it contains:

Urr, that was what I was thought: your website has been ftp hacked...

Rolf

[wakewatcher]

What does that mean and what should I do?  Also apparently this isn't caught/fixed during the upgrade.  I don't share any ftp information and only update via my FF browser add-on so not sure how this happened.  Rather than upgrade is it a matter of re-installing against the current database?  I've upgraded to 1.6.6 so the database should be ok. right?  

If I delete everything except my config.php file will it then upgrade everything properly or do I have to do something more radical?

-steve-

[Rolf]

When you get ftp hacked, there will be non cmsms scripts on your server who infect your files.
Signs are blank or cut of pages.

What to do:
- contact your webhost
- make a copy of the files and database (use a pc with an up-to-date Internet Security Suite)
- delete ALL files on the webserver. Not the database!
- rename your ftp-account now
- upload a new 1.6.6 core package
- do a new install, but don't let it create new tables and default content. Uncheck this option!!!
- Use the settings of the existing database
- Copy all needed files from the old uploads folder - after checking - back to the server.
- CHMOD 444 the config.php

I believe that will be all
You should be up and running now...
There are lots of similar topics on this with perhaps more (or better) info 

Good luck, Rolf

[wakewatcher]

Thanks so much for all your help and insight.  I followed your instructions and now have an editable version of CMSMS.

[wakewatcher]

I got this back from my host:

You weren't "FTP hacked" whatever that is supposed to mean... When you run old versions of software, they have vulnarabilities, and these include injection attacks. That code (the numbered files) were "injected" through a CMSMS page into your file directory structure.

I (personally) don't know what happened.  I do know that unless someone is sniffing my browser sessions (I use FF with the Fireftp add-on) that I've never given out my ftp credentials.  It is possible this was a failure with version 1.5.1 and 1.5.2?

[Rolf]

Hi Steve,

If I was your webhost, I would say the same 
But there are no hacking of the cmsms packages known for several years now (Rel. 1.2.x)
And search the forum here for "ftp hacked", you will find several posts...
But it doesn't matter anymore, your site is working again, right 

Greetz, Rolf 

[wakewatcher]

Right.  Just hoping it doesn't happen again whatever it was.