| Author |
 Topic  |
|
|
Jason
New Member
80 Posts |
 Posted - 29 June 2004 : 05:00:29
|
I've just noticed a member who has a zero post count (after making several posts). Couldn't work it out at first but then suspected the quotes around part of his name. I did a test and sure enough post counts don't increment if all or part of the name are enclosed ion quotes.
My version 3.4.03 (with patches)< |
Edited by - Davio on 26 September 2006 05:44:34 |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 29 June 2004 : 05:19:25
|
Bug has been confirmed.
There are also other issues with usernames containing single quotes or double quotes. Needs to be looked at.
Tested it using Davio"fabio" and I posted successfully, but post count didn't increase.
Tested with "Davio" and it wouldn't allow me to post. Kept telling me I needed to provide a username.
Tested with 'Davio' and I couldn't log in at all. Said I needed to enter in a username.< |
Support Snitz Forums
|
 |
|
|
Jason
New Member
80 Posts |
Posted - 29 June 2004 : 05:27:16
|
OK thanks for the quick response. I'll keep an eye out for a patch (hmmm that sounds like a pirate  < |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 29 June 2004 : 05:48:17
|
| Yet another reason why we should have just not allowed quotes in usernames at all....< |
|
|
|
philsbbs
Junior Member
United Kingdom
397 Posts |
Posted - 22 August 2004 : 05:43:19
|
| Is there any way that we can prevent people using quotes !< |
Phil |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 23 August 2004 : 21:35:44
|
quote:
Originally posted by philsbbs
Is there any way that we can prevent people using quotes !
in register.asp on line #255 change this: Err_Msg = Err_Msg & "<li>You may not use any of these chars in your username !#$%^&*()=+{}[]|\;:/?>,<' </li>"to this: Err_Msg = Err_Msg & "<li>You may not use any of these chars in your username !#$%^&*()=+{}[]|\;:/?>,<'"" </li>"
then on line #741 change this: sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<'"to this: sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<'"""
That should do it...
< |
|
|
|
enricoska
Starting Member
15 Posts |
Posted - 13 June 2005 : 13:08:05
|
i think it's not enough.
if i have understood the problem this my post will not be counted.
if you dont't logon and reply or open a topic, in the form you have to insert your username and password and if you insert a capital letter or a spaces at the end, you will be logged on but the post will not be counted.
i wonder that the problem is in the function doucount() (inc_func_count.asp) that doesn't chkstring() the request.form(username) (that trim and replace some characters, but i think that doesn't lcase then perhaps the problem remain for capital letter).
SkantaDj< |
SkantaDj |
|
|
|
enricoska
Starting Member
15 Posts |
Posted - 16 June 2005 : 08:50:31
|
the problem is more complicated.
i fixed this bug with a new function similar to doucount that when you post it add a count searching the ID of the member instead of his username in the db:
sub skantadjUCount(sMember_Id)
'## Forum_SQL - Update Total Post for user
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_POSTS = M_POSTS + 1 "
strSql = strSql & " WHERE MEMBER_ID = " & sMember_Id
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub
(placed in inc_func_common.asp or in inc_func_count.asp)
and in the file post_info.asp you have to replace (in 2 or 3 place) the all the rows
DoUCount Request.Form("UserName")
withe this:
skantadjucount(MemberID)
the same problem happen for tha Last Post Date
this is the new function
sub skantadjULastPost(sMember_Id)
'## Forum_SQL - Updates the M_LASTPOSTDATE in the FORUM_MEMBERS table
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_LASTPOSTDATE = '" & DateToStr(strForumTimeAdjust) & "' "
strSql = strSql & " WHERE MEMBER_ID = " & sMember_Id
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub
and replace the rows (in post_info.asp)
DoULastPost Request.Form("UserName")
with
skantadjulastpost(MemberID)
i didn't simply changed the function doucount/doulastpost because it's used in many files and i don't know if you can always use the ID instead of the username.
anyway, i think that the problem that the login accept capital letter and spaces and other functions doesn't may cause many other similar problems.< |
SkantaDj |
Edited by - enricoska on 16 June 2005 15:46:56 |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 06 August 2006 : 03:09:38
|
I agree with enricoska. Why don't we update the members post count, using their member id instead of their member name? The member ID is readily available and can be easily passed to the function without any extra database calls.
The function can be made backwards compatible by checking the type of value sent to the function, be it a string or an integer, and use the appropriate code as necessary.
I guess the easy fix is to disallow such characters. But it seems better to refer to a member via their id across the forum, instead of their user name. Except in cases where the user name is a must.< |
Support Snitz Forums
|
Edited by - Davio on 06 August 2006 03:12:28 |
|
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 09 August 2006 : 21:13:30
|
I have modified the doUCount() and doULastPost() sub routine in inc_func_count.asp as follows:'Modified function to use ID of member instead of their username.
'Function still supports updating user count via their username, for backward compatability.
sub doUCount(sUser)
if VarType(sUser) = 8 then 'Update using member username
'## Forum_SQL - Update Total Post for user
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_POSTS = M_POSTS + 1 "
strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(sUser, "SQLString") & "'"
elseif VarType(sUser) = 2 or VarType(sUser) = 3 then 'Update count using member id
'## Forum_SQL - Update Total Post for user
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_POSTS = M_POSTS + 1 "
strSql = strSql & " WHERE MEMBER_ID = " & sUser
end if
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub
'Modified function to use ID of member instead of their username.
'Function still supports updating via their username, for backward compatability.
sub doULastPost(sUser)
if VarType(sUser) = 8 then 'Update using member user name
'## Forum_SQL - Updates the M_LASTPOSTDATE in the FORUM_MEMBERS table
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_LASTPOSTDATE = '" & DateToStr(strForumTimeAdjust) & "' "
strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(sUser, "SQLString") & "'"
elseif VarType(sUser) = 2 or VarType(sUser) = 3 then 'Update using member id
'## Forum_SQL - Updates the M_LASTPOSTDATE in the FORUM_MEMBERS table
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_LASTPOSTDATE = '" & DateToStr(strForumTimeAdjust) & "' "
strSql = strSql & " WHERE MEMBER_ID = " & sUser
end if
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub This allows backward compatibility with mods while still allowing for the use of using the member id.
All calls made to these subroutines in post_info.asp, passed the MemberID variable to the sub instead of the user name.doUCount Request.Form("UserName")
doULastPost Request.Form("UserName")changed to:doUCount MemberID
doULastPost MemberID In one case, lines 698 and 700 won't use the MemberID, but passes the last post author id instead.Find the follwoing:if ForumCountMPosts <> 0 then
doUCount(strAuthor)
end if
doULastPost(strAuthor) And change it to:if ForumCountMPosts <> 0 then
doUCount(strT_Last_Post_Author)
end if
doULastPost(strT_Last_Post_Author) That's it.
< |
Support Snitz Forums
|
Edited by - Davio on 26 August 2006 07:52:13 |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 13 August 2006 : 17:54:40
|
| Fixed in 3.4.06.< |
Support Snitz Forums
|
Edited by - Davio on 13 August 2006 17:54:56 |
|
|
| |
Topic |
|
Forum Locked
Topic Locked
