Dup Usernames - Nuke 6.0 Port 2.0.6

Nuke Soldier Joined: Jan 15, 2003 Posts: 26 Location: USA

A bug was posted over at BBtoNuke, which allows new Users to enter a duplicate uname. The Forums have a built-in validation to check for this, but it wasn't ported over correctly. This bug concerns Nuke 6.0 and the 2.0.6 port, but it may affect other versions... I posted the fix over there, and the link is:

http://bbtonuke.sourceforge.net/modules.php?name=Forums&file=viewtopic&t=1985

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

You rock Keith!! I hope quoting here is ok, if not let me know:

_I_AM_I_ wrote:

I have verified this bug exists in Nuke 6.0 Port 2.0.6

Here's the FIX:

Open file ../modules/Forums/includes/functions_validate.php

Search for:

Code:

//
// Check to see if the uname has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in unames.
// Used for registering, changing names, and posting anonymously with a uname
//
function validate_username($username)
{
global $db, $lang, $userdata;

$username = str_replace("\'", "''", $username);

$sql = "SELECT uname
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
{

Change to:

Code:

//
// Check to see if the uname has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in unames.
// Used for registering, changing names, and posting anonymously with a uname
//
function validate_username($username)
{
global $db, $lang, $userdata;

$username = str_replace("\'", "''", $username);

$sql = "SELECT uname
FROM " . USERS_TABLE . "
WHERE LOWER(uname) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
{

Basically changing two instances of 'username' to 'uname'...

I have verified this FIX on my site... Remember to backup this file before you make changes. Great find Imago.. thanks! Smile

I don't use Admin validation, so I don't know offhand where to look to fix it for you. If I have time, I'll check over the weekend. If not, maybe someone else will fix it.

EDIT - the BB keeps changing my upper 'Search for' code so that 'username' is turned into 'uname'. So in the 'Search for section', <b>$sql = "SELECT uname</b> is really <b>$sql = "SELECT 'username'</b> without the single quotes... someone just posted about not being able to post the word 'username' over at Nuke Cops... hehe

- Keith

Nuke Soldier Joined: Jan 15, 2003 Posts: 26 Location: USA

Zhen-Xjell wrote:

I hope quoting here is ok, if not let me know

That's fine.. didn't know if I should've or not, so I just posted the link instead.. whatever gets the word out.. that was a pretty major bug..!! heh

Joined: Jan 31, 2004 Posts: -88

thanks.

the only thing I think should have been mentioned is that the whole user registration through the forum should have been disabled during the port, and new users should be directed to the normal nuke registration screen instead.

Also, you said in that post that you changed two instances of 'username' to 'uname', but i only counted one instance change in the code you posted.

ArtificialIntel

Nuke Soldier Joined: Jan 15, 2003 Posts: 26 Location: USA

Read the EDIT part bro.......

and this post:

http://nukecops.com/modules.php?name=Forums&file=viewtopic&t=125

Posted: Wed Jan 22, 2003 10:30 am

Code:

Joined: Jan 31, 2004 Posts: -88

yeah yeah......

that's another issue I'll have to take a look at in the next day or 2 (probably 2night).

ArtificialIntel

Posted: Wed Jan 22, 2003 10:38 am

The post changed most of the values as bbtonuke doesn't seem to like them being used, anyway you get the idea, i have changed these values both in my IRC site (uses nuke 6.0 & bbtonuke 2.0.6) and the test site with nuke 6.5 & bbtonuke (??) and nothing has stopped working, one of Nuke life's greatest mysteries Rolling Eyes