Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
Posted by afoster Last replied by afoster 6 months ago

Admin Login Issue

I am running php-fusion version 7.02.07 on a shared webhost and lately, I can log in as the admin but when I click on the admin panel link, it logs me out and takes me back to the home page. What is causing this and what can I do to fix it? BTW, I am running another php-fusion site (same version) on the same webhost with no problems. Thanks.
434 views 0 votes
1 post
Posted by Chan Last replied by RobiNN 2 years ago

PHP-Fusion 9 and 7 Security Announcements regarding ImageMime Exploits.

I'm strongly advising all sites on Fusion 7 and 9 to immediately update on these values to your .htaccess file soonest possible.

ForceType application/octet-stream

    ForceType image/jpeg

    ForceType image/gif

    ForceType image/png

3664 views 0 votes
9 posts
Posted by tngweb Last replied by carmatec 2 years ago

Error on PHP-Fusion Site

Keep getting various errors on this site, most notable : Fatal error: Cannot redeclare opentable() (previously declared in /home/phpfusion/public_html/themes/Atom-X2/opentable.switch.php:135) in /home/phpfusion/public_html/themes/Atom-X2/opentable.switch.php on line 49
1734 views 0 votes
5 posts
Posted by element Last replied by element 2 years ago

How to delete sha256 encryption?


im making little school project. I have my Java app and PHP Fusion website. I would like to remotely connect to MySQL database, but i want to delete sha256 encryption because my program has a login panel that reads username and his password. I dont want to compare one string to second one, just want cleary see his password in my database. Its nothing big as I said its just a school project but decrypting sha256 would help me a lot. If anyone know how to solve it I would be grateful
1225 views 0 votes
3 posts
Posted by pete2009 Last replied by Falk 3 years ago

Redirection to google

I have got another problem with my CMS. My website is running on PHP Fusion 7.02.07. From this morning every time I try to enter my website I am being redirected to google site. I have tried from two different laptops.
I guess is has been hacked but how can I fix it ? Would it work to upgrade it to v9 ? But still, I can not acces admin section :/
My website www.elektroinstalacje.info
1278 views 0 votes
2 posts
Posted by aznetcowboy Last replied by KasteR 3 years ago

Need to see IP addresses before approving

Actually, I would like to see the IP addresses before disapproving users. I have had about a dozen users I deleted this morning in just a few hours who were definitely classified, in my opinion, as hackers. I would like to ban them based on their IP address(es). However the member screen in the edit mode does not show the IP address. Is there a way to display the IP address of applicants?

I sure have better things to do that deleting applicants who are not members of my neighborhood association and who know it. I'd like to ban them based on the IP address as I can tell some repeat applicants are the same person. angry
1112 views 0 votes
2 posts
Posted by sleepout9 Last replied by sleepout9 3 years ago

Login problem


After login in and pressing any link it turns back to unlogged. No matter of user it makes everyone.
2170 views 0 votes
4 posts
Posted by sleepout9 Last replied by douwe_yntema 3 years ago

validation picture

My validationpicture does not load. http://oi61.tinypic.com/zxpfa1.jpg

Same problem with registration valid.
1101 views 0 votes
4 posts
Posted by foc_in_gaura Last replied by Falk 4 years ago

Breach Notice: Resolving Violations of the Identifying Users Policy

As the title say, Google warned me that my site is vulnerable.

Look at this page, to see what is about. https://support.google.com/adsense/an...3366?hl=en

In the email they sent me, they say that the files :

are the problem.

I removed the ads from that pages. I disabled email confirmation (so it won't appear in the activation link)

They recommend to use a slug for every email address .

Please, it's urgent, I have deadline until 13.06.2015.

2127 views 0 votes
16 posts
Posted by Homdax Last replied by Falk 4 years ago

Just an example on why it is important to filter user input fields

Microsoft Dynamics. I do not have any details, but somewhere in an "information text" input field, there was a space to much.

Took down the entire financial system for a big car retailer in Sweden for several days. They were examining servers, running processes, patches... I do not know how they found it, but considering what it turned out to be, it was extremely frustrating.

Our Navision is of course customized to a degree, but I have no details about that either.

Take heed, filter input. Everywhere.
1209 views 0 votes
2 posts
Posted by foc_in_gaura Last replied by foc_in_gaura 4 years ago

Replace GET function with POST - mandatory for Adsense

Hi !

I have a really big problem this days, after reciving a notification mail from Google Adsense.

I need to replace the GET function with POST function in 3 files : lostpassword.php, login.php and register.php. They say from this files some personal data can be stolen, and if I don't make that tehnical change, they wil suspend my account.

I have this help page, but it's to hard form my skills. Can you help me?

1626 views 0 votes
4 posts
Posted by Homdax Last replied by Chan 4 years ago

Illusion of security and restricted content. Downloads.

All these years I thought that when you defined a download category to a certain user group, no one would be be able to access the download without two pre requisites:
1. You are logged in.
2. You are a member of that user group.

I was just reviewing an upload (a single pdf file) that should not be shared publicly. Hence it is restricted to a download category that is limited to registered members in a predefined group. But anyone with the direct link can download it. The restriction you think you do acts like this:
It does not show the ENTRY in the download list unless you are logged on and in the group, but anyone with a direct link can download it.

Maybe I am utterly stupid and should have known this before, maybe some of you are laughing at me right now, but I actually TRUSTED PHP-Fusion to handle this and never had any reason to doubt it. Now, when doing a doublecheck because it is sensitive stuff , I realize this is all a big illusion.

Again, there is no protection of the file, only of the entry in the download list.

Can anyone help me accomplish true security with a quickfix, because this is a showstopper. I can not use PHP-Fusion on a site I have worked on and off on for a couple of years, and promoted to that community and telling the "everything is secure, this is a SECURE system". 7.02.07
1891 views 0 votes
10 posts
Posted by webadam Last replied by webadam 4 years ago

Spam Mail Problems

Hello Friends,
My website does automatically sending spam mails. Unable to login to the site server slows down heavily. Screenshot of the message I shared hosting companies below. I would appreciate your opinion. (Google translation)

Preview: http://prntscr.com/5maj8g
1362 views 0 votes
3 posts
Posted by alexai Last replied by alexai 4 years ago

CVE-2014-8596 PHP-Fusion 7.02.07 – SQL Injection

Hi every one,

How to fix this vulnerability?

CVE-2014-8596 PHP-Fusion 7.02.07 – SQL Injection

Thanks advance,
6437 views 0 votes
8 posts
Posted by Falk Last replied by Falk 4 years ago

PFDN Application System

We had a glitch in the application form over @ the PFDN, please send us another application if you have sent us one earlier with no status update from us.

The complete system will be finalized and utilized to it´s full potential after PHP-Fusion 9 goes stable.
For now PFDN membership is required in order to sell commercial Addons via our AddonDB with the use of EPAL for example.
981 views 0 votes
1 post
Posted by unknown Last replied by Craig 4 years ago

Hidden Email option not working?

Hi there,

Hidden email does work as far as I know and on all my sites it is working fine. Can you tell me have you upgraded recently? What version do you use? What's your site link? Did you try looking when you are logged out?

1875 views 0 votes
2 posts
Posted by Craig Last replied by Craig 5 years ago

Access Rights, aidlinks What's Google Doing?


First off administration/errors.php

if (!checkrights("ERRO") || !defined("iAUTH") || !isset($_GET['aid']) || $_GET['aid'] != iAUTH) { die("Acces Denied");

Instead of die access denied it needs to redirect to index...


Next and the strangest one to me...

Google can enter my administration folder and get an aidlink somehow...

Code - - [02/May/2014:16:55:17 +0100] "GET /administration/index.php?aid=xxxxxxxxxxxxxxxx&pagenum=5 HTTP/1.1" 302 - "-" "Mediapartners-Google"

How does Google get an aidlink?
How does Google get passed Admin rights checks?

Also look at my robots.txt


Is it correct or am I allowing google access to my admin? I'm kind of confused now. Aidlink, Google what?

5096 views 0 votes
15 posts
Posted by Falk Last replied by behrooz 5 years ago

CoC 2.9 - No linking to external downloads

Just a small heads up to everyone.
Many minor things have changed in the CoC, but this is one very important change I want people to be aware of.

The CoC have been updated with the below section.

2.9 No linking to external downloads
We will not allow any forum posts with links to external downloads.
All downloads presented here on PHP-Fusion need to be available from either a attachment in our forums or shared via the AddonDB.
If you want your work tested before sharing it, please use the Addons Open Testing forum and attach your work to a new thread there.

Before the questions comes, let me explain.
Our forums have been filled with broken download links.
This can be frustrating for both our staff and the users, the only way to go around this is to not allow external resources as a reliable source.
Our AddonDB with our Open testing forum covers everything anyone could need when it comes to distribution.

In addition to that
Section 1.1 and 1.3 have been updated.
The former part about giving credit in 2.9 have been moved.
3956 views 0 votes
5 posts
Posted by afoster Last replied by JoiNNN 5 years ago

Injection Issue

This is not pertinent to php-fusion, but everytime I try to edit the code below on my server (since deleted), I get an injection attempt alert from Norton. Can anyone see what may be causing it?


Thanks {name}!

Thank you {name} for filling out this form. You should receive an email
shortly at {email}.


The name of the file is thankyou.tpl but can be named anything as long as it has the .tpl extension
3694 views 0 votes
4 posts
Posted by Qasi Last replied by PeaceLaced 5 years ago

Administrator password


My cousins stepdad had some trouble with his website.

He accidentally reset his administrator password and now he is not able to do a backup of his website.
He was completely clueless so I decided to take a crack at it.

Firstly I checked his email to see the mails with the password resets. And they did not work.

After that I tried to check phpMyAdmin and change things there, to no effect. I did this while trying to follow various threads on this forum, after some hours of trying he had to go to bed and I decided to post here for advice.

TLDR: I am very new to this and I need some help recovering an admin password.

Any input is highly appreciated.
2504 views 0 votes
4 posts

You can view all discussion threads in this forum.

You can start a new discussion thread in this forum.

You cannot start on a poll in this forum.

You cannot upload attachments in this forum.

You cannot download attachments in this forum.

Community Details
PHP-Fusion CMS Community
Active Members

The official English language support forum for PHP-Fusion CMS

Popular Contributors
  • Wanabo
  • Falk
  • Rudios
  • I
  • helmuth