| Author |
 Topic  |
|
|
rgrund
Junior Member
Austria
206 Posts |
 Posted - 24 November 2002 : 12:14:28
|
Hi,
it really has bother me that the current settings within the file inc_func_posting.asp has a setting of the generation validation key of 32 characters.
As many have noticed and also experienced that somethimes the url which is shown within the varification email is posted on two lines or the 80 characters have exceeded the line, so the user could not without copyingthe second line into the url register.
I thought then, just to lower the settings and I was told that the security is thenin jeopardy.
So I thought, why not still lower the settings to less then 20 characters and then check in the table forum_members_pendinig if the key exist. So this is currently the code which I have now in my file
inc_func_posting.asp. It could be that it is not the cleanest way, but currently the users are still able to register without any error. if you thnk it can still be written better, please post the amendment here:
The code now:
'We check to see that in the members_pending the key does not exist
'If it does we redo the key generation and check again
Dim CheckKey, CheckKey2
CheckKey=0
CheckKey2=0
Do Until CheckKey=1
dim key(28)
Randomize
for i = 0 to 27
key(i) = (Int(((intNumChars - 1) * Rnd) + 1))
next
'// Make the key!
strKey = ""
for j = 0 to 27
strKey = strKey & keyArray(key(j))
next
strSQL = "Select M_Key FROM " & strTablePrefix & "Members_Pending"
Set rs1=My_Conn.Execute(StrSQL)
If Not rs1.EOF then rs1.MoveFirst
Do While Not rs1.EOF
If rs1("M_Key") = strKey then
CheckKey2=1
Exit Do
End If
rs1.MoveNext
Loop
If CheckKey2<>1 Then
If CheckKey=0 then CheckKey=1
End If
Loop
Set rs1 = Nothing
I would like to hear if this is now a better solution?
Best regards,
Bob |
Internet should be OPENSOURCEd! |
Edited by - rgrund on 24 November 2002 14:56:10 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 25 November 2002 : 04:12:17
|
Like I said in your other topic, a better solution would be to change the text of the email explaining that the key may be split across two lines, since you still can't be sure that 20 characters is too long, since it entirely depends on the URL of your forum.
IT IS NOT A GOOD IDEA TO CHANGE THE SECURITY FUNCTIONALITY OF THE CODE |
 |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 25 November 2002 : 05:03:27
|
| It's also not the length of the url, it's how the user's E-Mail program handles URLs. The e-mail program should be able to recognize that something is a url and that it should not be broken up. I have never had the URL broken up into more than one line. I've used Microsoft Outlook, and several web-based e-mail sites (hotmail, yahoo, excite, myrealbox, etc...). |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 25 November 2002 : 05:34:48
|
| It is a problem with the Mail servers not the client Richard |
|
|
|
rgrund
Junior Member
Austria
206 Posts |
Posted - 26 November 2002 : 08:14:01
|
Hello,
I understand the problem that it could also be tha the domain name is to long.
However I wanted to say that one is able to lower the character settings as we are checking the members_pending table to see if the generated code is avaialble or not. Meaning a duplication will not occure.
That was all I wanted to say with this script.
Bob |
Internet should be OPENSOURCEd! |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 26 November 2002 : 08:28:25
|
quote:
Originally posted by HuwR
Like I said in your other topic, a better solution would be to change the text of the email explaining that the key may be split across two lines, since you still can't be sure that 20 characters is too long, since it entirely depends on the URL of your forum.
IT IS NOT A GOOD IDEA TO CHANGE THE SECURITY FUNCTIONALITY OF THE CODE
|
|
|
| |
Topic |
|
Topic Locked
