Mysidia Adoptables Support Forum  

Home Community Mys-Script Creative Off-Topic
Go Back   Mysidia Adoptables Support Forum > Mysidia Adoptables > Questions and Supports

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-17-2011, 04:24 PM
Slix's Avatar
Slix Slix is offline
Member
 
Join Date: Jun 2010
Posts: 14
Credits: 2,210
Slix
Default Register with no password?

Here's the deal. I added a few lines to the register.php page to help prevent bots and spammers from joining, and I don't know if this caused it, but now you're able to register with no password entered into either password blank.

Any ideas? It's really bad because you could register, be auto logged in, and if you log out, you'll have no password (or a blank one maybe).


Here's my register.php code:

Code:
<?php

// **********************************************************************
// Rusnak PHP Adoptables Script
// Copyright 2009 Brandon Rusnak
// For help and support: http://www.rusnakweb.com/forum/
//
// Redistribution prohibited without written permission
// **********************************************************************

// Wake the sleeping giant

// **********************************************************************
// Basic Configuration Info
// **********************************************************************

include("inc/functions.php");
include("inc/config.php");
include("lang/lang.php");

$themeurl = grabanysetting("themeurl");

// **********************************************************************
// Define our top links by calling getlinks()
// **********************************************************************

$links = getlinks();

// **********************************************************************
// Define our ads by calling getads()
// **********************************************************************

$ads = getads("register");

// **********************************************************************
// Grab any dynamic article content from the content table
// **********************************************************************

$pagecontent = getsitecontent("index");
$article_title = $pagecontent[title];
$article_content = $pagecontent[content];
$article_content = nl2br($article_content);

// **********************************************************************
// Grab any settings that we will need for the current page from the DB
// **********************************************************************

$browsertitle = grabanysetting("browsertitle");
$sitename = grabanysetting("sitename");
$slogan = grabanysetting("slogan");

// **********************************************************************
// Check and see if the user is logged in to the site
// **********************************************************************

$loginstatus = logincheck();
$isloggedin = $loginstatus[loginstatus];
$loggedinname = $loginstatus[username];

// **********************************************************************
// End Prepwork - Output the page to the user
// **********************************************************************

if($isloggedin == "yes"){

$article_title = "You already have an account";
$article_content = "You already have an account, thus there is no need for you to register a new one.";

}
else{

//Grab the post data from the form

$username = $_POST["username"];
$pass1 = $_POST["pass1"];
$pass2 = $_POST["pass2"];
$email = $_POST["email"];
$tos = $_POST["tos"];
$hidden = $_POST["hidden"];
$spam = $_POST["spam"];

//Protect the database
$username = preg_replace("/[^a-zA-Z0-9\\040.]/", "", $username);
$username = secure($username);
$pass1 = secure($pass1);
$pass2 = secure($pass2);
$email = preg_replace("/[^a-zA-Z0-9@._-]/", "", $email);
$email = secure($email);
$tos = preg_replace("/[^a-zA-Z0-9s]/", "", $tos);
$hidden = preg_replace("/[^a-zA-Z0-9s]/", "", $hidden);
$spam = secure($spam);

	if($hidden != "goregister"){

	//The form was not submitted, so we are showing the signup page...

	$article_title = $regnew;
	$article_content = $regnewexplain."<br><form name='form1' method='post' action='register.php'>
  	<p>Username: <input name='username' type='text' id='username' maxlength='20'></p>
  	<p>Your username may be up to 20 characters long and may only contain letters, numbers and spaces. </p>
  	<p>Password: <input name='pass1' type='password' id='pass1' maxlength='20'></p>
  	<p>Your password may be up to 20 characters long and may contain letters, numbers, spaces and special characters. The use of a special character, such as * or ! is recommended for increased security. </p>
  	<p>Confirm Password: <input name='pass2' type='password' id='pass2' maxlength='20'></p>
  	<p>Email Address: <input name='email' type='text' id='email'></p>
  	<p><input name='tos' type='checkbox' id='tos' value='yes'> I agree to the <a href='tos.php' target='_blank'>Terms of Service</a>. 
  	<input name='hidden' type='hidden' id='hidden' value='goregister'></p>
<p>Please enter the number after fifteen. <input name='spam' type='text' id='spam' value='I am a spammer!'></p>
  	<p><input type='submit' name='Submit' value='Register'>
  	</p></form>";


	}
	else{

	//We are attempting to register the user...

	//First MD5 hash the passwords:

	$pass1 = md5($pass1);
	$pass2 = md5($pass2);


    //Next check that the email does not already exist... 



    $flag1 = 0; 
    $query = "SELECT * FROM ".$prefix."users WHERE email = '$email'"; 
    $result = @mysql_query($query); 
    $num1 = @mysql_numrows($result); 

    if($num1 > 0){ 

    $flag1 = 1;

    }
	
	//Next check that the username does not already exist...

	$flag = 0;
	$query = "SELECT * FROM ".$prefix."users WHERE username = '$username'";
	$result = @mysql_query($query);
	$num = @mysql_numrows($result);

	if($num > 0){
	$flag = 1;
	}

	//Now we verify that the email address is a valid email address...
	$emailisvalid = "no";


	if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
	
	$emailisvalid = "yes";
	
	}
	
	//First check that something required was not left blank...

	if($username == "" or $pass1 == "" or $pass2 == "" or $email == ""){
	$article_title = "Error";
	$article_content = $regblank;
	}
	else if($pass1 != $pass2){
	
	//Passwords do not match

	$article_title = "Your passwords do not match";
	$article_content = $passnomatch;

	}
	else if($tos != "yes"){

	//User did not agree to TOS
	$article_title = "Terms of Service Error";
	$article_content = $notos;

	}
	
	else if($flag1 > 0){ 

    //email already exists
    $article_title = "Multiple Accounts is not permitted on this website."; 
    $article_content = $emailexists;

    }
	else if($flag > 0){

	//Username already exists
	$article_title = "Your username already exists";
	$article_content = $userexists;	

	}
	else if($emailisvalid != "yes"){

	//Email address is not valid or is a fake

	$article_title = "Email address is not valid";
	$article_content = $emailinvalid;

	}

	else if($spam != "16"){

	$article_title = "You entered the wrong number";
	$article_content = "Please correct it and try again.";

	}
	else{

	//All checks are done, actually create the user's account on the database

	$date = date('Y-m-d');

	mysql_query("INSERT INTO ".$prefix."users VALUES ('', '$username', '$pass1','$email','3','1', '$date', '0','','','','','')");

	//Now that we have created the user, let's log them in...

	$status = dologin($username, $pass1);

	if($status != "success"){
	
	$article_title = "Something is Wrong!";
	$article_content = "Something is very, very wrong.  Please contact Slix about this error.";

	}
	else{

	//We are registered and logged in...

	$article_title = $titleregsuccess;
	$article_content = $regsuccess."".$username."".$regsuccess2;

	//Reflect our changes in the sidebar... 
	$sidebar = "<b><u>Welcome ".$username."</u></b>:<br><a href='account.php'>Go to My Account</a><br><a href='adopt.php'>Adopt Some Pets</a>";

	}


	}
	


	}

}

// **********************************************************************
// Begin Template Definition
// **********************************************************************

//Define our current theme
$file = $themeurl;

// Do the template changes and echo the ready template
$template = file_get_contents($file);

$template = replace(':ARTICLETITLE:',$article_title,$template);
$template = replace(':ARTICLECONTENT:',$article_content,$template);
$template = replace(':ARTICLEDATE:',$article_date,$template);

$template = replace(':BROWSERTITLE:',$browsertitle,$template);
$template = replace(':SITENAME:',$sitename,$template);

//Define our links
$template = replace(':LINKSBAR:',$links,$template);

//Get the content for the side bar...

if($sidebar == ""){

$sidebar = getsidebar();
}

$template = replace(':SIDEFEED:',$sidebar,$template);

//Get the ad content...
$template = replace(':ADS:',$ads,$template);

//Get the slogan info
$template = replace(':SLOGAN:',$slogan,$template);


echo $template;

// **********************************************************************
// End Template Definition
// **********************************************************************



?>
__________________
Poliwager ~ Pokémon Forums ~ Adopt a Pokémon

Reply With Quote
  #2  
Old 07-24-2011, 02:08 PM
Kaeliah's Avatar
Kaeliah Kaeliah is offline
Premium Member
 
Join Date: Sep 2010
Location: Pennsylvania, United States
Posts: 485
Gender: Female
Credits: 31,872
Kaeliah will become famous soon enough
Send a message via AIM to Kaeliah Send a message via MSN to Kaeliah
Default

Slix, that's the Rusnak code, not the Mysidia. Rusnak is the base for Mysidia, but we're not supporting the much older versions. Try upgrading to the Mysidia script or instead talk to a coder who can help you out.
__________________
[My Shop] ♥ [My Blog] ♥ [Subscribe] ♥ [My Mods] ♥ [Mod TOS]
Reply With Quote
  #3  
Old 07-24-2011, 09:38 PM
Hall of Famer's Avatar
Hall of Famer Hall of Famer is offline
Administrator, Lead Coder
 
Join Date: Dec 2008
Location: South Brunswick
Posts: 4,448
Gender: Male
Credits: 327,543
Hall of Famer is on a distinguished road
Default

Well I believe Slix was using the old RA script since he had it way before I took the script over from BMR? Anyway ditto to what Kaeliah said, please do not post obsoleted scripts or tutorials without stating the versions you are using.
__________________


Mysidia Adoptables, a free and ever-improving script for aspiring adoptables/pets site.
Reply With Quote
  #4  
Old 07-31-2011, 02:36 PM
Slix's Avatar
Slix Slix is offline
Member
 
Join Date: Jun 2010
Posts: 14
Credits: 2,210
Slix
Default

Yes, I was using the script since before it was changed over, but I never wanted to upgrade it all because of different mods I had made. I'll see if the newer register script works better. Thanks.

EDIT: Wait, I got it. The hashing of the passwords comes before the check to see if it's blank, therefor letting you do that, so all I had to do was move that down to the bottom right before the INSERT line.
__________________
Poliwager ~ Pokémon Forums ~ Adopt a Pokémon


Last edited by Slix; 07-31-2011 at 09:11 PM.
Reply With Quote
  #5  
Old 08-01-2011, 10:57 AM
Inf3rnal's Avatar
Inf3rnal Inf3rnal is offline
Member
 
Join Date: Mar 2011
Location: Florida
Posts: 108
Gender: Male
Credits: 19,510
Inf3rnal is on a distinguished road
Default

I tried this with the latest Mysidia and it worked.

You can register with no password but when you try to login with no password it fails.
Reply With Quote
  #6  
Old 08-01-2011, 11:28 AM
Plague Plague is offline
Member
 
Join Date: Nov 2010
Posts: 50
Gender: Unknown/Other
Credits: 3,074
Plague is an unknown quantity at this point
Default

What Inf3rnal said. I'm running MA not Rusnak and I ran into this issue at one point as well. I honestly forget what in the world I did to fix it, so I'm useless in that regards, but I can confirm that this is an issue with MA as well.
Reply With Quote
  #7  
Old 08-01-2011, 12:26 PM
Slix's Avatar
Slix Slix is offline
Member
 
Join Date: Jun 2010
Posts: 14
Credits: 2,210
Slix
Default

Like I stated above, this:
Code:
//We are attempting to register the user...

	//First MD5 hash the passwords:

	$pass1 = md5($pass1);
	$pass2 = md5($pass2);
Needs to be moved down below here, where it says $date.
Code:
	//All checks are done, actually create the user's account on the database

	$date = date('Y-m-d');

	mysql_query("INSERT INTO ".$prefix."users VALUES ('', '$username', '$pass1','$email','3','1', '$date', '0','','','','','')");
That fixed the issue.
__________________
Poliwager ~ Pokémon Forums ~ Adopt a Pokémon

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error in Register.php Abronsyth Questions and Supports 5 05-12-2012 11:19 AM
Register Error Tequila Questions and Supports 2 02-13-2012 07:07 PM
Register glitche,can someone help me? ;A; kitty08 Questions and Supports 4 10-18-2011 03:28 AM
Register bug? KaceKuma Questions and Supports 3 10-12-2011 08:57 PM
How to add a Re captcha Code in Register Page? SieghartZeke Questions and Supports 5 10-09-2009 03:35 AM


All times are GMT -5. The time now is 04:27 PM.

Currently Active Users: 460 (0 members and 460 guests)
Threads: 4,080, Posts: 32,024, Members: 2,016
Welcome to our newest members, jolob.
BETA





What's New?

What's Hot?

What's Popular?


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
vBCommerce I v2.0.0 Gold ©2010, PixelFX Studios
vBCredits I v2.0.0 Gold ©2010, PixelFX Studios
Emoticons by darkmoon3636