FIXED Bug In Usernames:

Posts: 211 Location: C?rdoba

Mon 04 Sep, 2006 00:36

Subject: Bug In Usernames:

Hile, neighbours and friends...

Today I found a bug:

When a username has an apostrophe in it, something like "Roland's" or "Xusqui's" the last_visit_x_x.dat file generated has an error when created, as that apostrophe should have been treated as "Xusqui's", and not like "Xusqui's"... I hope you know what I mean...

i.e:

Code: [Download] [Hide]

<?php
 
$total_users_today = 46;  
 
$users_lasthour = 20;  
 
$guests_today = 19;  
 
$logged_visible_today = 25;  
 
$logged_hidden_today = 2;  
 
$admins_today_list = '<a href="./profile.PHP?mode=viewprofile&amp;u=16"style="font-weight:bold;text-decoration:none;color:#00ff88">Johs Deschain</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=2"style="font-weight:bold;text-decoration:none;color:#00ff88">Roland</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=41"style="font-weight:bold;text-decoration:none;color:#ffffff">Ziebal de Gilead</a>  ';  
 
$mods_today_list = '<a href="./profile.PHP?mode=viewprofile&amp;u=715"style="font-weight:bold;text-decoration:none;color:#ff66ff">bama</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=196"style="font-weight:bold;text-decoration:none;color:#ff0000">sebastian</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=46"style="font-weight:bold;text-decoration:none;color:#ff0000">Thunderclap</a>  ';  
 
$users_today_list = '<a href="./profile.PHP?mode=viewprofile&amp;u=56"style="font-weight:bold;text-decoration:none;color:#2266aa">alberto_p7</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=82"style="font-weight:bold;text-decoration:none;color:#00ff88">alcorze</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=1379">Alucard</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=1483">antonio</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=268">colo</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=1016"style="font-weight:bold;text-decoration:none;color:aqua">Darkcloud</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=238">Finli o' Tego</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=1401">Gunslero</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=988">HeartNeT</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=1161"style="font-weight:bold;text-decoration:none;color:#00ff88">Jake Chambers</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=664">JANU1535</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=213"style="font-weight:bold;text-decoration:none;color:#00ff88">jlezama</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=646">molando</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=206"style="font-weight:bold;text-decoration:none;color:aqua">Nony Shakur</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=193"style="font-weight:bold;text-decoration:none;color:#aaffcc">Predikador</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=903">Raven</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=1417">ukkbar</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=768"style="font-weight:bold;text-decoration:none;color:#ff0000">Urm_At_Awil</a>, <a href="./profile.PHP?mode=viewprofile&amp;u=925"style="font-weight:bold;text-decoration:none;color:#008833">viajerojack123</a>  ';  
 
?>

In the 9th line of the above code, where it says "(...) u=238">Finli o' Tego</a>, <a (...)" it should say "(...) u=238">Finli o/' Tego</a>, <a (...)"

The main problem of it is that when a user with an apostrophe logges in, the .dat file is generated with an error and the forum main page won't load (forum.php) givin' a "White screen of death".

I'm tired now, but if nobody tries to fix it I will try tomorrow afternoon...

Good night!!

Profile PM Website

ganesh

Quote

Posts: 221 Location: Somewhere... over the Rainbow...

Mon 04 Sep, 2006 09:29

Subject: Re: Bug In Usernames:

Have you imported those users?

Profile PM Website YIM MSN Skype

AvrilBoi

Quote

Posts: 45

Mon 04 Sep, 2006 11:31

Subject: Re: Bug In Usernames:

In XS users can't register with special characters such as ', so you should have disabled the mod that restricts the allowed characters for usernames.
Before I switched to XS my users had special characters in their usernames, and for this reason, after I switched to XS, they couldn't modify their profile.
They were too many to modify, so I just disabled the mod that restricts the allowed characters too.
But when those users logged in, I had your problem, so I find a solution... but that's not a "real" solution, 'cause I just let a script delete automatically that part of the cache each time it's called...
Here's what to do, you can use this until someone finds a good solution:
Make a file called delete.php with this code in it and upload it in your /xs/ folder:

Code: [Download] [Hide] [Select]

<?

$filesTutti = glob('cache/last_visit*.dat');

foreach ($filesTutti as $filename) {

  unlink($filename);

}

?>

Open /xs/templates/ca_aphrodite/overall_header.tpl
Find:

Code: [Download] [Hide] [Select]

global $userdata;

$path_parts2 = pathinfo($_SERVER['PHP_SELF']);

Before, add:

Code: [Download] [Hide] [Select]

include "delete.php";

That's it... :roll:

Profile PM Website

Mighty Gorgon

Quote

Posts: 7191 Location: Borgo San Michele

Mon 04 Sep, 2006 11:38

Subject: Re: Bug In Usernames:

Try changing your forum.php with this code:

Code: [Download] [Hide] [Select]

// Start add - Last visit MOD

$cache_data_file = $phpbb_root_path . "cache/last_visit_" . $userdata['user_level'] . "_". $board_config['board_timezone'] . ".dat";

if (@is_file($cache_data_file))

{

	$valid = (date('YzH',time()) - date('YzH',@filemtime($cache_data_file))<1) ? true : false;

}

else

{

	$valid = false;

}

if ($valid )

{

	include ($cache_data_file);

}

else

{

	$time_now = time();

	$time1Hour = $time_now-3600;

	$minutes = date('is', $time_now);

	$hour_now = $time_now - (60*($minutes[0].$minutes[1])) - ($minutes[2].$minutes[3]);

	$dato=create_date('H', $time_now,$board_config['board_timezone']);

	$timetoday = $hour_now - (3600*$dato);

	$sql = 'SELECT session_ip, MAX(session_time) as session_time

					FROM '.SESSIONS_TABLE.'

					WHERE session_user_id="'.ANONYMOUS.'"

					AND session_time >= '.$timetoday.'

					AND session_time < '.($timetoday+86399).'

					GROUP BY session_ip';

	if (!$result = $db->sql_query($sql))

	{

		message_die(GENERAL_ERROR, "Couldn't retrieve guest user today data", "", __LINE__, __FILE__, $sql);

	}

	while( $guest_list = $db->sql_fetchrow($result))

	{

		if ($guest_list['session_time'] > $time1Hour)

		{

			$users_lasthour++;

		}

	}

	$guests_today = $db->sql_numrows($result);

	$sql = 'SELECT user_id, username, user_allow_viewonline, user_level, user_lastlogon

					FROM ' . USERS_TABLE . '

					WHERE user_id!="' . ANONYMOUS . '"

					AND user_session_time >= ' . $timetoday . '

					AND user_session_time < ' . ($timetoday+86399) . '

					ORDER BY username';

	if (!$result = $db->sql_query($sql))

	{

		message_die(GENERAL_ERROR, "Couldn't retrieve user today data", "", __LINE__, __FILE__, $sql);

	}

	while( $todayrow = $db->sql_fetchrow($result))

	{

		$style_color = "";

		if ($todayrow['user_lastlogon'] >= $time1Hour)

		{

			$users_lasthour++;

		}

		$colored_user = color_group_colorize_name($todayrow['user_id'],false);

		switch ($todayrow['user_level'])

		{

			case ADMIN:

				$admins_today_list .= ($todayrow['user_allow_viewonline']) ? $colored_user . ', ' : (($userdata['user_level'] == ADMIN) ? '<i>' . $colored_user . '</i>, ' : '');

			break;

			case MOD:

				$mods_today_list .= ($todayrow['user_allow_viewonline']) ? $colored_user . ', ' : (($userdata['user_level'] == ADMIN) ? '<i>' . $colored_user . '</i>, ' : '');

			break;

			default:

				$users_today_list .= ($todayrow['user_allow_viewonline']) ? $colored_user . ', ' : (($userdata['user_level'] == ADMIN) ? '<i>' . $colored_user . '</i>, ' : '');

			break;

		}

		if (!$todayrow['user_allow_viewonline'])

		{

			$logged_hidden_today++;

		}

		else

		{

			$logged_visible_today++;

		}

	}

	if ($admins_today_list)

	{

		$admins_today_list[ strlen( $admins_today_list) - 2] = ' ';

	}

	else

	{

		$admins_today_list = $lang['None'];

	}

	if ($mods_today_list)

	{

		$mods_today_list[ strlen( $mods_today_list) - 2] = ' ';

	}

	else

	{

		$mods_today_list = $lang['None'];

	}

	if ($users_today_list)

	{

		$users_today_list[ strlen( $users_today_list) - 2] = ' ';

	}

	else

	{

		$users_today_list = $lang['None'];

	}

	$total_users_today = $db->sql_numrows($result)+$guests_today;

	$admins_today_list = addslashes($admins_today_list);

	$mods_today_list = addslashes($mods_today_list);

	$users_today_list = addslashes($users_today_list);

	if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']))

	{

	// stores the data set in a cache file

		$data = "<?phpn";

		$data .='$total_users_today = ' . intval($total_users_today);

		$data .=";n";

		$data .='$users_lasthour = ' . intval($users_lasthour);

		$data .=";n";

		$data .='$guests_today = ' . intval($guests_today);

		$data .=";n";

		$data .='$logged_visible_today = ' . intval($logged_visible_today);

		$data .=";n";

		$data .='$logged_hidden_today = ' . intval($logged_hidden_today);

		$data .=";n";

		$data .='$admins_today_list = '' . $admins_today_list . "'";

		$data .=";n";

		$data .='$mods_today_list = '' . $mods_today_list . "'";

		$data .=";n";

		$data .='$users_today_list = '' . $users_today_list . "'";

		$data .=";n?>";

		$fp = fopen( $cache_data_file, "w" );

		fwrite($fp, $data);

		fclose($fp);

	}

}

$admins_today_list = '<b>' . $lang['Users_Admins'] . ':</b>&nbsp;' . stripslashes($admins_today_list);

$mods_today_list = '<b>' . $lang['Users_Mods'] . ':</b>&nbsp;' . stripslashes($mods_today_list);

$users_today_list = '<b>' . $lang['Users_Regs'] . ':</b>&nbsp;' . stripslashes($users_today_list);

//$users_today_list = $lang['Registered_users'].' ' . $users_today_list;

$l_today_user_s = ($total_users_today) ? ( ( $total_users_today == 1 )? $lang['User_today_total'] : $lang['Users_today_total'] ) : $lang['Users_today_zero_total'];

$l_today_r_user_s = ($logged_visible_today) ? ( ( $logged_visible_today == 1 ) ? $lang['Reg_user_total'] : $lang['Reg_users_total'] ) : $lang['Reg_users_zero_total'];

$l_today_h_user_s = ($logged_hidden_today) ? (($logged_hidden_today == 1) ? $lang['Hidden_user_total'] : $lang['Hidden_users_total'] ) : $lang['Hidden_users_zero_total'];

$l_today_g_user_s = ($guests_today) ? (($guests_today == 1) ? $lang['Guest_user_total'] : $lang['Guest_users_total']) : $lang['Guest_users_zero_total'];

$l_today_users = sprintf($l_today_user_s, $total_users_today);

$l_today_users .= sprintf($l_today_r_user_s, $logged_visible_today);

$l_today_users .= sprintf($l_today_h_user_s, $logged_hidden_today);

$l_today_users .= sprintf($l_today_g_user_s, $guests_today);

$l_today_text = ($users_lasthour) ? sprintf($lang['Users_lasthour_explain'],$users_lasthour) : $lang['Users_lasthour_none_explain'];

// End add - Last visit MOD

Profile PM Website

Xusqui

Quote

Posts: 211 Location: C?rdoba

Mon 04 Sep, 2006 16:14

Subject: Respuesta: Bug In Usernames:

Yes, ganesh, it's a phpBB Minerva forum ported to phpBB XS. With Minerva user's coud register with special characters. I didn't know they couldn't with XS...

Thank you a lot, MG... I'm going to apply your patch.

And... Would a normal, clean installation of phpBB XS be affected in anyway if the forum.php is replaced with the one you posted? As many people has phpBB XS migrated from other forums, could you leave this modification in further updates?

Well... I mean... I'm sorry, but I'm SO LAZY :oops: :oops: :oops: !!!! If you could leave this modification I wouldn't have to apply this patch to each new releas... :oops:

Just asking!

Thank you indeed again!!!!

PS: BTW it works pretty good :D :D :D

Profile PM Website

ganesh

Quote

Posts: 221 Location: Somewhere... over the Rainbow...

Mon 04 Sep, 2006 16:58

Subject: Re: Bug In Usernames:

BTW... I changed all usernames... Security before all!

Profile PM Website YIM MSN Skype

Xusqui

Quote

Posts: 211 Location: C?rdoba

Mon 04 Sep, 2006 22:51

Subject: Respuesta: Bug In Usernames:

ganesh wrote: [View Post]
BTW... I changed all usernames... Security before all!

So... Do you think it's unsure to keep thos apostrophes? If so, I would change all that names too!!!!

Profile PM Website

AvrilBoi

Quote

Posts: 45

Tue 05 Sep, 2006 10:44

Subject: Re: Bug In Usernames:

I think that should be used an usercp_register.php when the user edits his profile, with the restrict characters mod removed, and the original usercp_register.php during the registration, this way who switched to xs from another package, won't have to rename users, old users still could modify their profile, and the restrict characters mod is applied just during the new registrations using xs...
Oh, and maybe the mod that Mighty wrote right up here, should be put in the standard phpBBXS package, so users who switched to xs won't have the blank page problem... ;) (these are just suggestions and what i think..)

Profile PM Website

Mighty Gorgon

Quote

Posts: 7191 Location: Borgo San Michele

Wed 06 Sep, 2006 13:27

Subject: Re: Bug In Usernames:

Of course this modification will remail in XS.

Profile PM Website

Reply to topic

Page 1 of 1

You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Powered by Icy Phoenix based on phpBB
Generation Time: 0.5939s (PHP: 4% SQL: 96%)
SQL queries: 16 - Debug Off - GZIP Enabled

Icy Phoenix

Icy Phoenix - Powering Communities

FIXED Bug In Usernames: