| Author |
 Topic  |
|
Imposter1
Starting Member
1 Posts |
 Posted - 21 June 2001 : 09:53:22
|
"Please welcome our newest member: Richard Kinser."
As you see I'm logged on as "Richard Kinser" and also I'm a new member! (But I'm not real Richard Kinser, my real nick name is eleven)
But how???
During he registration progress, I choose my member name as "Richard Kinser" (with two spaces). Snitz, lets this. And as you know, HTML shows only one of them!!!
To your interest...
Burak Tuyan aka eleven
|
|
|
eleven
Starting Member
Turkey
32 Posts |
Posted - 21 June 2001 : 12:12:11
|
Hi,
Sorry for using your name Mr. Kinser, but I must notice you the bug.
I think you should solve this problem. It's very easy. The thing you have to do is to prevent using <space> character twice in member names.
To your interests...
|
 |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 21 June 2001 : 15:56:12
|
To fix this, in register.asp look for this code: (around line #95)
if (Instr(Request.Form("Name"), ">") > 0 ) or (Instr(Request.Form("Name"), "<") > 0) then
Err_Msg = Err_Msg & "<li> > and < are not allowed in the UserName, Please Choose Another</li>"
end if
just above that code add this:
if (Instr(Request.Form("Name"), " ") > 0 ) then
Err_Msg = Err_Msg & "<li> Two or more consecutive spaces are not allowed in the Username</li>"
end if
Make sure there is 2 spaces between the parenthesis |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 21 June 2001 : 16:17:17
|
Thanks Richard.
I added the code to register.asp at the site here.
Huw can you add it to the source of 3.3 ?
Pierre
Join the Snitz WebRing |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 21 June 2001 : 19:44:08
|
Done
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 21 June 2001 : 20:13:20
|
| btw, I locked the account that eleven created. |
|
|
|
Imposter2
Starting Member
1 Posts |
Posted - 21 June 2001 : 21:16:16
|
Well, I'm another Richard Kinser. The "space" inbetween is an ALT+0160. This was reported before by the user antivitamin. Can you also get rid of this... [:))]
Bulent Ozden
(bozden)
|
|
|
|
Deleted
deleted
4116 Posts |
Posted - 21 June 2001 : 21:24:13
|
Richard, sorry about that. But this was not my idea. Just trying to fix another issue. I think, a replace of ALT+0160 to space will be enough.
Think Pink |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 21 June 2001 : 21:51:35
|
I think we should only allow A-Z, a-z and 0-9 as valid characters. By only allowing certain characters, I think it would provide a more secure product. Either that or we have to add a test in for everything new that someone comes up with. Such as the double space and the ALT+160 as shown above. There are probably many, many more mischievious things people can try in there username, we just haven't seen them yet.
I have it working at my site here: http://kinser.121host.net/v31sr4/default.asp
If you want to try it out.
I added this function to inc_functions.asp:
Function IsAlphaNumeric(fString)
for i = 1 to Len(fString)
strChar = Asc(Mid(fString,i,1))
If (strChar >= 65 and strChar <= 90) or (strChar >= 97 and strChar <= 122) or (strChar >= 48 and strChar <= 57) then
IsAlphaNumeric = True
else
IsAlphaNumeric = False
Err_Msg = Err_Msg & "<li>You have entered an invalid character in your username, for more information see <a href=""JavaScript:openWindow7('faq.asp#usernames')"">here</a>.</li>"
exit function
end if
next
end Function
and then call it in register.asp like this:
IsAlphaNumeric(Request.Form("Name"))
We could also allow spaces by adding this to the if/then statement in the function above:
or (strChar = 32) |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 21 June 2001 : 22:02:22
|
| bozden, I locked the username you created also. |
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 21 June 2001 : 23:41:11
|
will "-" and "_" "."(period) cause any problems? I'd add them also if they won't, what are the code for them? thanks.
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 22 June 2001 : 00:12:06
|
"-" = 45
"." = 46
"_" = 95 |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 22 June 2001 : 00:19:36
|
But that would also mean I can't use things like ÛßÅÁêá
Pierre
Join the Snitz WebRing |
|
|
|
eleven
Starting Member
Turkey
32 Posts |
Posted - 22 June 2001 : 01:24:43
|
I'm eleven again!
I think allowing A-Z, a-z and 0-9 valid characters is not the best way. We can find another solution.
By the way, I have created an account as Richard Kinser again easily. I registered with : "Richard [;]Kinser" (There is no [] characters of course, else it shows a space)
It works! But unfortunately doesn't let to post/reply a topic. I got an "Invalid password or user name" error.
If you wait, I will list you the protections at UBB about the membernames...
For your interest...
Burak Tuyan aka eLeVeN
Edited by - eleven on 22 June 2001 01:35:34 |
|
|
|
Syedur
New Member
USA
93 Posts |
Posted - 22 June 2001 : 01:27:47
|
Hey guys...
I have a nice little javascript form checker...
Maybe we can add that one to the forum...
I do need to work with it a little...
But that one can be perfect...
You don't have to remove anything forum files...
This way you will have two registry checker... Client & Server.
Thanks.
There is a time in every man’s education when he arrivers at the conviction that envy is ignorance; that imitation is suicide. |
|
|
|
Imposter3
Starting Member
1 Posts |
Posted - 22 June 2001 : 01:32:29
|
It works! Now, I can post as: Richard [;]Kinser
As I told you above, I couldn't post a message as RK first, but then I logged out (at the post page) and the page refreshed. It was asking me for the user name and password, I wrote them and then post my reply successfully.
Richard, you can lock this account.
Burak Tuyan aka eLeVeN |
|
|
|
Topic |
|
Forum Locked
Topic Locked
