Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 Bug(All) + FIX: Big problem with member names
 Forum Locked  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 4

Imposter1
Starting Member

1 Posts

Posted - 21 June 2001 :  09:53:22  Show Profile  Visit Imposter1's Homepage
"Please welcome our newest member: Richard Kinser."

As you see I'm logged on as "Richard Kinser" and also I'm a new member! (But I'm not real Richard Kinser, my real nick name is eleven)
But how???

During he registration progress, I choose my member name as "Richard Kinser" (with two spaces). Snitz, lets this. And as you know, HTML shows only one of them!!!

To your interest...

Burak Tuyan aka eleven

eleven
Starting Member

Turkey
32 Posts

Posted - 21 June 2001 :  12:12:11  Show Profile
Hi,

Sorry for using your name Mr. Kinser, but I must notice you the bug.

I think you should solve this problem. It's very easy. The thing you have to do is to prevent using <space> character twice in member names.

To your interests...

Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 21 June 2001 :  15:56:12  Show Profile
To fix this, in register.asp look for this code: (around line #95)

	if (Instr(Request.Form("Name"), ">") > 0 ) or (Instr(Request.Form("Name"), "<") > 0) then
Err_Msg = Err_Msg & "<li> > and < are not allowed in the UserName, Please Choose Another</li>"
end if


just above that code add this:

	if (Instr(Request.Form("Name"), "  ") > 0 ) then
Err_Msg = Err_Msg & "<li> Two or more consecutive spaces are not allowed in the Username</li>"
end if


Make sure there is 2 spaces between the parenthesis
Go to Top of Page

gor
Retired Admin

Netherlands
5511 Posts

Posted - 21 June 2001 :  16:17:17  Show Profile  Visit gor's Homepage
Thanks Richard.

I added the code to register.asp at the site here.
Huw can you add it to the source of 3.3 ?



Pierre
Join the Snitz WebRing
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 21 June 2001 :  19:44:08  Show Profile  Visit HuwR's Homepage
Done

Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 21 June 2001 :  20:13:20  Show Profile
btw, I locked the account that eleven created.
Go to Top of Page

Imposter2
Starting Member

1 Posts

Posted - 21 June 2001 :  21:16:16  Show Profile  Visit Imposter2's Homepage
Well, I'm another Richard Kinser. The "space" inbetween is an ALT+0160. This was reported before by the user antivitamin. Can you also get rid of this... [:))]

Bulent Ozden
(bozden)

Go to Top of Page

Deleted
deleted

4116 Posts

Posted - 21 June 2001 :  21:24:13  Show Profile
Richard, sorry about that. But this was not my idea. Just trying to fix another issue. I think, a replace of ALT+0160 to space will be enough.

Think Pink
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 21 June 2001 :  21:51:35  Show Profile
I think we should only allow A-Z, a-z and 0-9 as valid characters. By only allowing certain characters, I think it would provide a more secure product. Either that or we have to add a test in for everything new that someone comes up with. Such as the double space and the ALT+160 as shown above. There are probably many, many more mischievious things people can try in there username, we just haven't seen them yet.

I have it working at my site here: http://kinser.121host.net/v31sr4/default.asp

If you want to try it out.

I added this function to inc_functions.asp:

Function IsAlphaNumeric(fString)
for i = 1 to Len(fString)
strChar = Asc(Mid(fString,i,1))
If (strChar >= 65 and strChar <= 90) or (strChar >= 97 and strChar <= 122) or (strChar >= 48 and strChar <= 57) then
IsAlphaNumeric = True
else
IsAlphaNumeric = False
Err_Msg = Err_Msg & "<li>You have entered an invalid character in your username, for more information see <a href=""JavaScript:openWindow7('faq.asp#usernames')"">here</a>.</li>"
exit function
end if
next
end Function


and then call it in register.asp like this:

	IsAlphaNumeric(Request.Form("Name"))


We could also allow spaces by adding this to the if/then statement in the function above:

or (strChar = 32)
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 21 June 2001 :  22:02:22  Show Profile
bozden, I locked the username you created also.
Go to Top of Page

bjlt
Senior Member

1144 Posts

Posted - 21 June 2001 :  23:41:11  Show Profile

will "-" and "_" "."(period) cause any problems? I'd add them also if they won't, what are the code for them? thanks.


Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 22 June 2001 :  00:12:06  Show Profile
"-" = 45

"." = 46

"_" = 95
Go to Top of Page

gor
Retired Admin

Netherlands
5511 Posts

Posted - 22 June 2001 :  00:19:36  Show Profile  Visit gor's Homepage
But that would also mean I can't use things like ÛßÅÁêá



Pierre
Join the Snitz WebRing
Go to Top of Page

eleven
Starting Member

Turkey
32 Posts

Posted - 22 June 2001 :  01:24:43  Show Profile
I'm eleven again!

I think allowing A-Z, a-z and 0-9 valid characters is not the best way. We can find another solution.

By the way, I have created an account as Richard Kinser again easily. I registered with : "Richard [;]Kinser" (There is no [] characters of course, else it shows a space)

It works! But unfortunately doesn't let to post/reply a topic. I got an "Invalid password or user name" error.

If you wait, I will list you the protections at UBB about the membernames...

For your interest...

Burak Tuyan aka eLeVeN

Edited by - eleven on 22 June 2001 01:35:34
Go to Top of Page

Syedur
New Member

USA
93 Posts

Posted - 22 June 2001 :  01:27:47  Show Profile  Visit Syedur's Homepage  Send Syedur an AOL message  Send Syedur an ICQ Message  Send Syedur a Yahoo! Message
Hey guys...
I have a nice little javascript form checker...
Maybe we can add that one to the forum...
I do need to work with it a little...
But that one can be perfect...
You don't have to remove anything forum files...
This way you will have two registry checker... Client & Server.
Thanks.


There is a time in every man’s education when he arrivers at the conviction that envy is ignorance; that imitation is suicide.
Go to Top of Page

Imposter3
Starting Member

1 Posts

Posted - 22 June 2001 :  01:32:29  Show Profile  Visit Imposter3's Homepage
It works! Now, I can post as: Richard [;]Kinser

As I told you above, I couldn't post a message as RK first, but then I logged out (at the post page) and the page refreshed. It was asking me for the user name and password, I wrote them and then post my reply successfully.

Richard, you can lock this account.

Burak Tuyan aka eLeVeN
Go to Top of Page
Page: of 4 Previous Topic Topic Next Topic  
Next Page
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.16 seconds. Powered By: Snitz Forums 2000 Version 3.4.07