SourceForge has been redesigned. Learn more.
Close

#32 Moderator Bug!

1 Gold - SP 1.1
closed-out-of-date
nobody
7
2005-05-23
2003-02-23
Anonymous
No

I found a bug that when you enter a user at a moderator
on a board that they must login with exactly that case...

For example

Moderator is set to "MasterCG"

But he logs in as "mastercg"

it will not allow him to do any mod functions...

I have fixed this though with a simple java script... that
when you tab or click on the password field it
automatically converts the name they entered to
lowercase... this will come in handy so you can just
enter all your moderators in lower case...

Below is the code...

Search for the input fields and add

onChange="javascript:this.value=this.value.toLowerCase

inside the password input tags

There are two places in your logininout source that you
must do this....

I HOPE THIS HELPS YOU WITH YABB2!!!

plz include www.cgrom.com as the author of this mod to
fix the bug....

Thanks a million, I found a shitload of other security
bugs but wont post them cause people may exploit
them... it isnt in your source though its just from running
perl!

Discussion

  • Torsten Mrotz

    Torsten Mrotz - 2003-02-28
    • labels: 497331 --> Files and Database
    • priority: 5 --> 7
    • status: open --> open-accepted
     
  • Torsten Mrotz

    Torsten Mrotz - 2003-02-28

    Logged In: YES
    user_id=289236

    this should only happen on windows servers since on linux
    servers which are case sensitive (filenames) you cant login
    with a different case so this problem wouldnt happen.

    however a solution is to make the username all
    uppercase/lowercase whereever a check in the code is done.

     
  • Corey Chapman

    Corey Chapman - 2005-05-23
    • status: open-accepted --> closed-out-of-date
     

Log in to post a comment.