Announcement

Collapse
No announcement yet.

Guests bypassing username in v2.2.6

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I keep editing while you post

    Comment


    • #17
      This might be the wrong way to go about this, but would adding:

      PHP Code:
                 if (!$postusername) {
                   eval(
      "standarderror(\"".gettemplate("error_nousername")."\");");
                } 
      after every instance of $postusername being defined solve this problem in the interim?

      Paul

      Comment


      • #18
        Originally posted by LoveShack
        Edit: It's not the query that inserts it into the table. I'm now going to look at the possiblity of the value of $bbuserinfo['userid'] being changed to something other than zero and getting around the whole username check. If you do that, you could successfully insert $postusername as $bbuserinfo['username'], which for a guest would be '' ....
        Stop editing your posts

        That's basically what I was testing -- I removed the username/password field. However, unless you've edited this in sessions.php, $bbuserinfo['username'] defaults to "Unregistered" for guests. That's what my post was posted as.

        Your code change should work though.

        Comment


        • #19
          Originally posted by Ed Sullivan
          However, unless you've edited this in sessions.php, $bbuserinfo['username'] defaults to "Unregistered" for guests. That's what my post was posted as.
          From sessions.php:
          PHP Code:
            // Paul changed the following line from:   $bbuserinfo['username']=iif ($username=="","Unregistered",htmlspecialchars($username));
            
          $bbuserinfo['username']=iif ($username=="","",htmlspecialchars($username)); 
          Could this be the problem? I have edited the file to $bbuserinfo['username']=iif ($username=="","Guest",htmlspecialchars($username)); and undid the temporary changes I made to check $postusername. If this in fact was the cause of the problem, what exactly broke? How was the user getting around the check?

          Paul
          Last edited by Paul; Thu 18 Jul '02, 4:53am.

          Comment


          • #20
            Yup, actually that is the problem. If you don't send any username through the form (don't even set it), then you'll get no username with that and "Unregistered" with the default value.

            Although I got thinking and try replacing my fix line in newthread/newreply.php with this version:

            Code:
            if ($bbuserinfo['userid'] == 0) {
            Basically, if they're a guest, run all the checks on username. That seems like a bit of a better way of checking.

            Last edited by LoveShack on 07-18-2002 at 08:53 AM
            Sleeping was a good thing in this case.

            Comment


            • #21
              Originally posted by Ed Sullivan
              Yup, actually that is the problem. If you don't send any username through the form (don't even set it), then you'll get no username with that and "Unregistered" with the default value.
              ah HA! What is this person doing? Editing the html form before posting to remove the username variable all together? How were they exploiting this? Unless they've got some sort of weird browser or filtering software, I don't see how this could have been accomplished unintentionally.

              I've changed "Unregistered" to "Guest" (assuming that Unregistered isn't a special username that vBulletin checks for to identify non-registered users. I just think Guest sounds nicer. I originally took this out to prevent vBulletin from putting "Unregistered" in the username of login forms by default. I couldn't find the correct template to edit, but last night did a search and found username_loggedout. I just took out the value field in that input to get the same effect.

              Although I got thinking and try replacing my fix line in newthread/newreply.php with this version:

              Code:
              if ($bbuserinfo['userid'] == 0) {
              Basically, if they're a guest, run all the checks on username. That seems like a bit of a better way of checking.
              I've taken out the temporary checks I put in last night and changed the bug fix to the code above. Along with adding "Guest" into sessions.php, I hope this solves the mystery. I'll keep an eye out for the particular user that was posting these messages.

              Sleeping was a good thing in this case.
              Sleep? What's that?

              Thanks for the help,
              Paul

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X