Mysidia Adoptables Support Forum  

Home Community Mys-Script Creative Off-Topic
Go Back   Mysidia Adoptables Support Forum > Projects > The Bug Tracker > Bug

Notices

SYSTEM User glitch Issue Tools
issueid=46 12-20-2014 12:18 PM
Administrator, Lead Coder
SYSTEM User glitch
Bug with user possibly registering with username as 'SYSTEM'

Lately Kyttias was asking me a question on what would happen to pouned adoptables if a malicious user registers with the username 'SYSTEM'. I tested it on my demo site and the result was not pleasant, the user would take over all owned adoptables as his/her own, although the pound center still work normally so this user is always in danger of losing his/her adoptables to others.

A fix can be done by adding these lines below line 31 in file classes/class_registervalidator.php

PHP Code:
      if($username == "SYSTEM"){
         
$this->seterror("Cannot use SYSTEM as username.");
         return 
FALSE;
      } 
If you have never modified this file, download the attachment will solve the problem for you quickly and easily.
Issue Details
Project The Bug Tracker
Category Unknown
Status Fixed
Priority 3
Affected Version Mys v1.3.4
Fixed Version Mys v1.4.0
Users able to reproduce bug 0
Users unable to reproduce bug 0
Assigned Users Hall of Famer
Tags (none)

01-13-2015 11:12 PM
Premium Member
 
I think this should be implanted but with more options. To rule our usernames like "admin" or "staff" or anything that could be misleading and users could use to attempt to scam other users.

Kind of like a 'disallowed' usernames kinda thing.
Reply
01-16-2015 12:11 PM
Premium Member
 
-
Reply
01-17-2015 04:02 AM
Premium Member
 
I agree. I think it's the same sorta thing. Also, you replied to the wrong thread XD
Reply
03-09-2015 03:03 PM
Member
 
Is it possible to adapt this so that is does include usernames such as 'Admin', 'Staff', 'Owner', 'Moderator' and 'Error'? As previously stated, this could lead to some unethical practices haha :)
Reply
03-10-2015 02:43 PM
Moderator
 
Yeah, you can add a series of "if(username == "name_you_dont_want")" in the same format. I prefer putting all forbidden names (in uppercase) in an array and checking if the username is in that array. Like:

PHP Code:
$forbidden_names = array("SYSTEM""ADMIN""STAFF""OWNER""MODERATOR""ERROR");

if(
in_array(strtoupper($username), $forbidden_names)){
         
$this->seterror("Cannot use '$username' as username.");
         return 
FALSE;

Reply
01-06-2017 08:32 AM
Designer || Coder
 
do not joke hof it is not fixed that system username is still bugging me so help me out i can show the screenshot and here is my register validation
PHP Code:
<?php

class RegisterValidator extends UserValidator{
  
// The register validator for user and usergroup system
    
  
public function __construct(User $user$value = array(), $action ""){      
      
parent::__construct($user$value$action);
  }
  
  public function 
validate($action ""$data ""){
      
// The core method validate, it acts like a controller and sends requests to different private methods based on the action
    
      
$validarray = array("username""password""email""birthday""ip""tos""answer");
      
      
// For RegisterValidator, the validator methods will be executed all at once
      
foreach($this->value as $key => $var){
         
$method "{$key}validate";
         if(
in_array($key$validarray)) $this->$method($var);
         else throw new 
Exception('Validation action invalid...');

         if(!empty(
$this->error)) return FALSE;
      }
  }
    
  protected function 
usernamevalidate($username ""){
      
// The username validator, note its a bit complicate here due to the different mechanism of username check for register and other validators
      
$lang Registry::get("lang");
      if(!
$this->emptyvalidate($username)){
         
$this->seterror("The field Username is Empty.");
         return 
FALSE;
      }  
      if(
$username == "SYSTEM"){
         
$this->seterror("Cannot use SYSTEM as username.");
         return 
FALSE;
      }
      
$username = (empty($username))?$this->value['username']:$username;      
      
$userexist $this->datavalidate("users", array("username"), "username = '{$username}'");
      if(
$userexist == TRUE){
         
$this->seterror($lang->user);
         return 
FALSE;
      }
      else return 
TRUE;
  }
  
  protected function 
passwordvalidate($password ""){ 
      
$mysidia Registry::get("mysidia");  
      if(!
$this->emptyvalidate($this->value['password'])){
         
$this->seterror("The field Password is empty.");
         return 
FALSE;   
      }
      elseif(!
$this->emptyvalidate($mysidia->input->post("pass2"))){
         
$this->seterror("The field Confirmed Password is Empty.");
      }
      elseif(!
$this->matchvalidate($this->value['password'], $mysidia->input->post("pass2"))){
         
$this->seterror($mysidia->lang->match);
         return 
FALSE;
      }
      else return 
TRUE;
  }

  protected function 
emailvalidate($email ""){
      
$lang Registry::get("lang");
      
$email = (empty($email))?$this->value['email']:$email;    
      
$this->emptyvalidate($email);
      
$regex '/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i';
      if(!
$this->matchvalidate($regex$email"preg_match")){
         
$this->seterror($lang->email);
         return 
FALSE;
      }
      else return 
TRUE;
  }
     
  protected function 
birthdayvalidate($birthday ""){
      
$lang Registry::get("lang");
      if(empty(
$this->value['birthday'])){
         
$this->seterror($lang->birthdayTRUE);
         return 
FALSE;
      }
      else return 
TRUE;
  }

  protected function 
answervalidate($answer ""){
      
$mysidia Registry::get("mysidia");
      if(!
$this->matchvalidate($this->value['answer'], $mysidia->settings->securityanswer)){
         
$this->seterror($mysidia->lang->question);
         return 
FALSE;
      }
      else return 
TRUE;
  }
  
  protected function 
tosvalidate($tos ""){
      
$lang Registry::get("lang");
      
$tos = (empty($tos))?$this->value['tos']:$tos;
      if(
$tos != "yes"){
         
$this->seterror($lang->tos);
         return 
FALSE;         
      }
      else return 
TRUE;
  }
 
}
?>
Reply
01-06-2017 10:10 AM
A Headache Embodied
 
Silver_Brick, are you saying that someone was able to register with the username System?
Reply
01-06-2017 11:34 AM
Designer || Coder
 
no they did not get reigstered but they can adopt pets which are pounded and that makes me very very very very very very very sad sad sad
Reply
01-06-2017 11:48 AM
The awesomesauce
 
System IS The pound....

I thought it was a problem too-

http://mysidiaadoptables.com/forum/s...ead.php?t=5028
Reply
01-06-2017 01:15 PM
Designer || Coder
 
Ok got it and its solved i am sorry hof
Reply
Reply

All times are GMT -5. The time now is 10:25 PM.

Currently Active Users: 731 (0 members and 731 guests)
Threads: 4,081, Posts: 32,031, Members: 2,016
Welcome to our newest members, jolob.
BETA





What's New?

What's Hot?

What's Popular?


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
vBCommerce I v2.0.0 Gold ©2010, PixelFX Studios
vBCredits I v2.0.0 Gold ©2010, PixelFX Studios
Emoticons by darkmoon3636