[Snippet] membership_validator

#16 Opal

Etomite Forum Newbie

Group: Member
Posts: 23
Joined: 16-January 09
Gender:Female

Posted 03 November 2009 - 02:59 PM

Yay! Thank you for the update, Cris!

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#17 Wiper2007

Etomite Forum Fan

Group: Member
Posts: 76
Joined: 06-March 07

Posted 12 March 2010 - 10:12 PM

Hi

trying to implement the snippet...

step 1 and 2 are ok ...but when I click on the link in the email adress I'll getting the following:

There is a registration error...this could be because:
1) you have attempted hack the site,
2) you have tried to create another account,
Please register again or contact the webmaster for assistance.

It creates the user in the DB because when I try again - it states that the username and email are already used...

can someone "pinpoint" where I've done wrong?

This post has been edited by Wiper2007: 14 March 2010 - 12:11 AM

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#18 Cris D.

Loves Etomite Forums!

Group: Member
Posts: 1,076
Joined: 10-August 06
Gender:Not Telling

Posted 15 March 2010 - 06:22 AM

I have put a lot of anti-hacking code in. If you cleared your browser sessions and started from scratch with a new user id and unique email you should be OK, otherwise you will have to start commenting out all the security checks in the code to test it to allow duplicate email addresses and multiple confirmations in a single session. It's most likely working correctly, you just need to take a break and re-think your testing strategy.

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#19 Wiper2007

Etomite Forum Fan

Group: Member
Posts: 76
Joined: 06-March 07

Posted 15 March 2010 - 09:53 PM

Hi Chris

Hmmm.. I have now completed step 1 and 2 from my home computer sending a mail to my computer at work ...

So I'll try to confirm the email link from my computer at work like a "normal" user that's trying to register...

Cris D., on 15 March 2010 - 06:22 AM, said:

This post has been edited by Wiper2007: 15 March 2010 - 09:56 PM

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#20 Cris D.

Loves Etomite Forums!

Group: Member
Posts: 1,076
Joined: 10-August 06
Gender:Not Telling

Posted 16 March 2010 - 08:18 AM

Wiper2007, on 15 March 2010 - 09:53 PM, said:

Let us know how you go...

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#21 Wiper2007

Etomite Forum Fan

Group: Member
Posts: 76
Joined: 06-March 07

Posted 16 March 2010 - 12:30 PM

Didn't work...

still getting the error....

any suggestions ?

Cris D., on 16 March 2010 - 08:18 AM, said:

Let us know how you go...

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#22 Cris D.

Loves Etomite Forums!

Group: Member
Posts: 1,076
Joined: 10-August 06
Gender:Not Telling

Posted 16 March 2010 - 09:37 PM

Wiper2007, on 16 March 2010 - 12:30 PM, said:

Didn't work...

still getting the error....

any suggestions ?

1) Make sure you are using the latest version of this snippet, I posted one that did not validat the hash correctly. Make sure that the membership_validator snippet has these lines:

$hash=$_GET['hash'];
//stop hacking attempts
if(!preg_match('#^[a-f0-9]{32}$#i', $hash)) 
return $messages['error1'];

not this:

if(is_numeric($_GET['hash'])){
$hash=$_GET['hash'];
}else{ 
//someone is trying to inject GET values into the browser
return $messages['error1'];}

which is totaly wrong for an MD5 hash (beig letters and numbers).

ie make sure you are gettting the snippet from the "Download File"button, NOT the list of archive files listed below on the downoad page.

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#23 Wiper2007

Etomite Forum Fan

Group: Member
Posts: 76
Joined: 06-March 07

Posted 17 March 2010 - 10:20 PM

Hi Chris

I've downloaded it by clicking the download button...

I've the:

$hash=$_GET['hash'];
//stop hacking attempts
if(!preg_match('#^[a-f0-9]{32}$#i', $hash)) 
return $messages['error1'];

in the membership_verifier snippet - and not in the membership_validator... are this correct?

Cris D., on 16 March 2010 - 09:37 PM, said:

1) Make sure you are using the latest version of this snippet, I posted one that did not validat the hash correctly. Make sure that the membership_validator snippet has these lines:

$hash=$_GET['hash'];
//stop hacking attempts
if(!preg_match('#^[a-f0-9]{32}$#i', $hash)) 
return $messages['error1'];

not this:

if(is_numeric($_GET['hash'])){
$hash=$_GET['hash'];
}else{ 
//someone is trying to inject GET values into the browser
return $messages['error1'];}

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#24 Cris D.

Loves Etomite Forums!

Group: Member
Posts: 1,076
Joined: 10-August 06
Gender:Not Telling

Posted 18 March 2010 - 09:49 AM

Yeah that's right. PM me if you want me to take a hands on look.

Back to top
Back to top of the page up there ^
MultiQuote
Reply

#25 Wiper2007

Etomite Forum Fan

Group: Member
Posts: 76
Joined: 06-March 07

Posted 20 March 2010 - 08:07 AM

Hi Chris

Thanks - but I'm uninstalling the snippets...

Cris D., on 18 March 2010 - 09:49 AM, said:

Yeah that's right. PM me if you want me to take a hands on look.

Back to top
Back to top of the page up there ^
MultiQuote
Reply

Etomite Community Forums: [Snippet] membership_validator - Etomite Community Forums

Read Me