ok.. i've been looking at this problem since v 1.1b2.. it seems that user.cgi signup will not run right..
it's not noticeable unless you set restrictions to the username, password, and/or email..
let's just say you set this to the username for validation..
^[\w-_]+$
if someone were to signup with username..
@l3xKr0h/\/I$C00L
it SHOULD give you an error for the @, $, and the / and \s.. but it will say you successfully were signed up and sends you an email.. but the thing is.. it doesn't even sign you up..
the reason..
the username and password is never validated in sub signup_user.. well it is.. but it doesn't affect it..
if ($LINKS{user_validation}) {
$code = (time) . ($$) . (int rand (1000));
$in_r->{Status} = "Not Validated";
$in_r->{Validation} = $code;
$db->add_record ( $in_r );
# Prepare the message.
$msg = &load_template ('email-validate.txt', { %LINKS, %$in_r });
# Mail the validation letter.
require Links::Mailer;
my $mailer = new Links::Mailer ( { smtp => $LINKS{db_smtp_server},
sendmail => $LINKS{db_mail_path},
from => $LINKS{db_admin_email},
subject => "Validation Code",
to => $in->param('Email'),
msg => $msg
} ) or die $Links::Mailer::error;
$mailer->send or die $Links::Mailer::error;
}
else {
$in_r->{Status} = "Registered";
$in_r->{Validation} = 0;
$db->add_record ( $in_r ) or &site_html_signup_form ( { error => $Links::DBSQL::error, %{$in_r} }, $dynamic );
}
# Print the welcome screen.
&site_html_signup_success ( $in_r, $dynamic );
i think that bold part should be..
$db->add_record ( $in_r ) or &site_html_signup_form ( { error => $Links::DBSQL::error, %{$in_r} }, $dynamic );
i see, alex, that you have fixed the other one (without validation).. but i THINK this is also a problem.. i haven't tested it
but i THINK it is.. hehe..
if it's not then i've wasted quite alot of time... pondering..
happy holidays.. how many of you are coming online on January 1st? NOT ME!
jerry
[This message has been edited by widgetz (edited December 24, 1999).]
it's not noticeable unless you set restrictions to the username, password, and/or email..
let's just say you set this to the username for validation..
^[\w-_]+$
if someone were to signup with username..
@l3xKr0h/\/I$C00L
it SHOULD give you an error for the @, $, and the / and \s.. but it will say you successfully were signed up and sends you an email.. but the thing is.. it doesn't even sign you up..
the reason..
the username and password is never validated in sub signup_user.. well it is.. but it doesn't affect it..
Code:
# Add the user in. if ($LINKS{user_validation}) {
$code = (time) . ($$) . (int rand (1000));
$in_r->{Status} = "Not Validated";
$in_r->{Validation} = $code;
$db->add_record ( $in_r );
# Prepare the message.
$msg = &load_template ('email-validate.txt', { %LINKS, %$in_r });
# Mail the validation letter.
require Links::Mailer;
my $mailer = new Links::Mailer ( { smtp => $LINKS{db_smtp_server},
sendmail => $LINKS{db_mail_path},
from => $LINKS{db_admin_email},
subject => "Validation Code",
to => $in->param('Email'),
msg => $msg
} ) or die $Links::Mailer::error;
$mailer->send or die $Links::Mailer::error;
}
else {
$in_r->{Status} = "Registered";
$in_r->{Validation} = 0;
$db->add_record ( $in_r ) or &site_html_signup_form ( { error => $Links::DBSQL::error, %{$in_r} }, $dynamic );
}
# Print the welcome screen.
&site_html_signup_success ( $in_r, $dynamic );
i think that bold part should be..
$db->add_record ( $in_r ) or &site_html_signup_form ( { error => $Links::DBSQL::error, %{$in_r} }, $dynamic );
i see, alex, that you have fixed the other one (without validation).. but i THINK this is also a problem.. i haven't tested it
but i THINK it is.. hehe.. if it's not then i've wasted quite alot of time... pondering..
happy holidays.. how many of you are coming online on January 1st? NOT ME!
jerry
[This message has been edited by widgetz (edited December 24, 1999).]