Forum updated

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
I read about a few security issues and I didn't want to wait, so I took the forum down for about 15 minutes and patched it. Please let me know if you experience strange behavior.
 

Tea

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
3,749
Location
27a No Fixed Address, Oz.
Website
www.redhill.net.au
I noticed the site maintane ... matenainc ... miantin .... fixing-up notice. It wasn't there for long, and it's running sweet as you like now.

As always, thankyou for looking after us with this stuff, Doug.
 

Tea

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
3,749
Location
27a No Fixed Address, Oz.
Website
www.redhill.net.au
It seemz that I am now a robot!

(sigh)

I don't want to be a robot.

What do I need to do to persuade the profile thingie that I'm real human be ... er ... I mean a real ape (as oposed to a robot) so I can change my avatar? It tellz me "anti-robot registration error, or something along thoe lines. I don't want to keep my short hair forever.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
I must have goofed the code when I installed the anti-robotic registration tool. I'll check with SteveC to see if he's seen this. The code was meant for an earlier version of php2, so there could be some incompatibilities.

No worries though, I'll try to get this fixed along with a few other minor things I've been neglecting to do.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
Found the problem...I screwed up the tinyiest piece of code...


Code:
else if ( $mode == 'register' )
	{
		if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty'];
		}
	
		//
		// Anti Robotic Registration
		//
		$sql = "SELECT * FROM " . ANTI_ROBOT_TABLE . " WHERE session_id = '" . $userdata['session_id'] . "' LIMIT 1";
		if( !$result = $db->sql_query($sql) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain registration information', '', __LINE__, __FILE__, $sql);
		}

		$anti_robot_row = $db->sql_fetchrow($result);
 
		if (( strtolower($HTTP_POST_VARS['reg_key']) != $anti_robot_row['reg_key'] ) or ($anti_robot_row['reg_key'] == ''))
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Wrong_reg_key'];
		}
		else
		{
			$sql = "DELETE FROM " . ANTI_ROBOT_TABLE . " WHERE session_id = '" . $userdata['session_id'] . "'";
			if( !$result = $db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete validation key', '', __LINE__, __FILE__, $sql);
			}
		}
		// --------------------------

		//
	}

See the last "}"... I had it in the wrong place essentially closing the wrong "else if" condition too soon. So when you tried to edit your avatar, this piece of code was running in the user control panel. Very small mistake, and it caused a very odd placed problem. Sorry about that.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
Though I have not been labeled a robot, I still have not been able to logon automaticly since all this started. (Yes, I've cleared out the cache and yes I allow cookies)
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
I never use that feature, but I just tested it now and I was automatically logged back in. I also searched for the cookie and found a value of phpbb2mysqlsf2, so it's working on my end.

Mark, which browser are you using so I can retest?
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
Another update was done tonight...phpbb folks are going crazy with patches this month. We just upgrade to 2.08 which came out tonight.

Let me know if any weird stuff happens. Sorry about the abrupt downtime.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
Yes sir. I've also fixed the links to all the references of folding at home.

I don't like to delay security updates...never know how might want to take advantage of us.
 
Top