Author Topic: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)  (Read 32349 times)

0 Members and 1 Guest are viewing this topic.

Offline trez

  • Hero Member
  • *****
  • Posts: 613
    • View Profile
    • blog / photography
[FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« on: January 28, 2007, 04:15:53 PM »
Hi,

anyone of you has users like {username} ? Or {P}blabla ?
Well, the problem is, that 4images isn't parsing the username right if there is an opening and closing bracket ({ and }). So the user is "invisible" in the who is online, even in his profile,
even in the user administration - everywhere. The user name in the brackets is just not displayed.

Well, this is also a security problem, but i won't write on that topic much further. I was surprised, that even the new version (1.7.4) hasn't resolved that bug. I did find out about this, when "invisible users" start complaining that they can't get PM's and that they cant upload any images or create folders.

So, the bug is in the register.php, and there is a simple solution to resolve this problem.

STEP 1
open your register.php

find:
Code: [Select]
        $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
        $error = 1;
      }

right after the closing } insert:

Code: [Select]
      elseif (preg_match("#[<{}>]#", $user_name))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_symbols'];
        $error = 1;
      }

save and close.

STEP 2

open /lang/english/main.php

find:

Code: [Select]
$lang['username_exists'] = "User name already exists.";
instert right below:

Code: [Select]
$lang['invalid_symbols'] = "Please use only numbers 0-9 and letters A-Z in your username!.";
save and close.


Thats it, now you get rid of the problem. In this example, we have forbidden only the symbols "<>{}", if you want forbid more symbols just add them between the [.....]

For example, if we want to forbid "$%^&*()" the line would look like this:

Code: [Select]
elseif (preg_match("#[<{}>$%^&*()]#", $user_name))

that's it.
Greetings,

George

Developers, this has to be added in the next version!





« Last Edit: January 28, 2007, 04:50:41 PM by trez »

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #1 on: January 28, 2007, 05:09:20 PM »
... thanks for your solution George ...  :D
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline woody

  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #2 on: January 29, 2007, 07:58:06 PM »
It`s important and very nice you share your solution with us.
Thanx for..
woody

Offline CeJay

  • Sr. Member
  • ****
  • Posts: 425
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #3 on: January 30, 2007, 12:33:59 AM »
thanks!

Maybe this should be moved to "Bug Fixes & Patches"

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #4 on: January 30, 2007, 12:41:06 AM »
@ CeJay
... you are right ... and it's done .. ;)
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #5 on: January 30, 2007, 10:40:56 AM »
... in version 1.7.0 this code already works ...
... it seems as if this part of reg_code is lost since version 1.7.1 ...
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline CeJay

  • Sr. Member
  • ****
  • Posts: 425
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #6 on: February 01, 2007, 07:02:48 AM »
I would like this to work with passwords as well so this may be a dumb question, but does this also apply to passwords?
If not how can I make it so it does? Can I add it by putting in 'password' like so:
Code: [Select]
elseif (preg_match("#[<{}>]#", $user_name, $password))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_symbols'];
        $error = 1;
      }

Thanks for any help  :!:

Offline trez

  • Hero Member
  • *****
  • Posts: 613
    • View Profile
    • blog / photography
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #7 on: February 03, 2007, 07:12:32 PM »
well, just try it :D

Offline Lucifix

  • Hero Member
  • *****
  • Posts: 710
    • View Profile
    • http://www.slo-foto.net
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #8 on: May 26, 2007, 10:32:05 AM »
I don't know but wouldn't be more propriet to enter allowed characters?

Offline Lucifix

  • Hero Member
  • *****
  • Posts: 710
    • View Profile
    • http://www.slo-foto.net
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #9 on: August 22, 2007, 08:38:13 AM »
I just found out that some of my member uses unknown characters (like ł,° etc) to register.

That's why I'm wondering if there is a way to set allowed characters reather then dissallowed?

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #10 on: August 22, 2007, 08:44:32 AM »
Change:

Quote
elseif (preg_match("#[<{}>]#", $user_name, $password))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_symbols'];
        $error = 1;
      }

for:

Quote
elseif (preg_match("#[<{}>ł°]#", $user_name, $password))
      {
        $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_symbols'];
        $error = 1;
      }
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline Lucifix

  • Hero Member
  • *****
  • Posts: 710
    • View Profile
    • http://www.slo-foto.net
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #11 on: August 22, 2007, 08:51:05 AM »
I know that I can add another dissallowed character there, but I'm saying that it would be easier to add allowed characters instead of dissallowed.

Offline Lucifix

  • Hero Member
  • *****
  • Posts: 710
    • View Profile
    • http://www.slo-foto.net
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #12 on: August 22, 2007, 11:42:58 AM »
I would suggest reather to use this code:

Code: [Select]
!preg_match("/^[A-Za-z0-9\\-\\.]+$/", $user_name)
Please correct me if I'm wrong.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Re: [FIX 1.7.X]: Solve the register.php bug ({} bracket problem)
« Reply #13 on: August 22, 2007, 04:17:12 PM »
Can use:

Quote
preg_match("/[^A-Za-z0-9\-\_]+$/", $user_name)

I use for my gallery. ;)
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?