Forum updated

Handruin · Mar 20, 2004

I read about a few security issues and I didn't want to wait, so I took the forum down for about 15 minutes and patched it. Please let me know if you experience strange behavior.

Handruin · Mar 20, 2004

If anyone is curious:
http://www.phpbb.com/phpBB/viewtopic.php?t=182281

Tea · Mar 20, 2004

I noticed the site maintane ... matenainc ... miantin .... fixing-up notice. It wasn't there for long, and it's running sweet as you like now.

As always, thankyou for looking after us with this stuff, Doug.

The JoJo · Mar 20, 2004

Good work.

Tea · Mar 24, 2004

It seemz that I am now a robot!

(sigh)

I don't want to be a robot.

What do I need to do to persuade the profile thingie that I'm real human be ... er ... I mean a real ape (as oposed to a robot) so I can change my avatar? It tellz me "anti-robot registration error, or something along thoe lines. I don't want to keep my short hair forever.

Handruin · Mar 24, 2004

Not sure what's going on with that. I'll take a look.

Tea · Mar 24, 2004

Thanks Doug. The exact error message is "Anti Robotic Register Validation Error".

But right now I have faling-over-sleepy error.

Goodnight all

Handruin · Mar 24, 2004

I must have goofed the code when I installed the anti-robotic registration tool. I'll check with SteveC to see if he's seen this. The code was meant for an earlier version of php2, so there could be some incompatibilities.

No worries though, I'll try to get this fixed along with a few other minor things I've been neglecting to do.

Handruin · Mar 25, 2004

Found the problem...I screwed up the tinyiest piece of code...

Code:

else if ( $mode == 'register' )
	{
		if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Fields_empty'];
		}
	
		//
		// Anti Robotic Registration
		//
		$sql = "SELECT * FROM " . ANTI_ROBOT_TABLE . " WHERE session_id = '" . $userdata['session_id'] . "' LIMIT 1";
		if( !$result = $db->sql_query($sql) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain registration information', '', __LINE__, __FILE__, $sql);
		}

		$anti_robot_row = $db->sql_fetchrow($result);
 
		if (( strtolower($HTTP_POST_VARS['reg_key']) != $anti_robot_row['reg_key'] ) or ($anti_robot_row['reg_key'] == ''))
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Wrong_reg_key'];
		}
		else
		{
			$sql = "DELETE FROM " . ANTI_ROBOT_TABLE . " WHERE session_id = '" . $userdata['session_id'] . "'";
			if( !$result = $db->sql_query($sql) )
			{
				message_die(GENERAL_ERROR, 'Could not delete validation key', '', __LINE__, __FILE__, $sql);
			}
		}
		// --------------------------

		//
	}

See the last "}"... I had it in the wrong place essentially closing the wrong "else if" condition too soon. So when you tried to edit your avatar, this piece of code was running in the user control panel. Very small mistake, and it caused a very odd placed problem. Sorry about that.

Tea · Mar 25, 2004

Woop-de-do! I look like me again! Thanks Doug!

Onomatopoeic · Mar 25, 2004

Tea said:
Woop-de-do! I look like me again!...

...and not like an anti-JoJo!

Tea · Mar 25, 2004

Seemz to me that there'z enuf anti-JoJo going on over in the other thread! :eekers:

P5-133XL · Mar 25, 2004

Though I have not been labeled a robot, I still have not been able to logon automaticly since all this started. (Yes, I've cleared out the cache and yes I allow cookies)

Handruin · Mar 26, 2004

I never use that feature, but I just tested it now and I was automatically logged back in. I also searched for the cookie and found a value of phpbb2mysqlsf2, so it's working on my end.

Mark, which browser are you using so I can retest?

Handruin · Mar 26, 2004

I just checked it with IE 6 and FireFox 0.8, both worked.

Handruin · Mar 26, 2004

Another update was done tonight...phpbb folks are going crazy with patches this month. We just upgrade to 2.08 which came out tonight.

Let me know if any weird stuff happens. Sorry about the abrupt downtime.

Howell · Mar 26, 2004

Update must've been at 8:30?

Handruin · Mar 26, 2004

Yes sir. I've also fixed the links to all the references of folding at home.

I don't like to delay security updates...never know how might want to take advantage of us.

sechs · Mar 26, 2004

8:30 where?

Handruin · Mar 26, 2004

-5 GMT

sechs · Mar 26, 2004

Where's that?

Heck, I don't even know where I am. GMT-8?

Handruin · Mar 26, 2004

Right coast. Massachusetts

ddrueding · Mar 26, 2004

sechs said:
Where's that?

Heck, I don't even know where I am. GMT-8?

Yes, you are PST=GMT-8

EST=GMT-5

Howell · Mar 26, 2004

sechs said:
Where's that?

Heck, I don't even know where I am. GMT-8?

-5 GMT is Eastern Standard Time.
Pacific time is -8 Greenwich Mean Time

P5-133XL · Mar 26, 2004

I'm using I.E. 6

Howell · Mar 26, 2004

Mark, have you tried connecting to the site as a different user on your machine? Corrupt profile?

Forum updated

Administrator

Administrator

Storage? I am Storage!

Wannabe Storage Freak

Storage? I am Storage!

Administrator

Storage? I am Storage!

Administrator

Administrator

Storage? I am Storage!

Learning Storage Performance

Storage? I am Storage!

Xmas '97

Administrator

Administrator

Administrator

Storage? I am Storage!

Administrator

Storage? I am Storage!

Administrator

Storage? I am Storage!

Administrator

Fixture

Storage? I am Storage!

Xmas '97

Storage? I am Storage!