Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Bug Reports (Closed)
 Username with quotes doesn't increment post count
 Forum Locked  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Jason
New Member

80 Posts

Posted - 29 June 2004 :  05:00:29  Show Profile
I've just noticed a member who has a zero post count (after making several posts). Couldn't work it out at first but then suspected the quotes around part of his name. I did a test and sure enough post counts don't increment if all or part of the name are enclosed ion quotes.

My version 3.4.03 (with patches)<

Edited by - Davio on 26 September 2006 05:44:34

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 29 June 2004 :  05:19:25  Show Profile
Bug has been confirmed.

There are also other issues with usernames containing single quotes or double quotes. Needs to be looked at.

Tested it using Davio"fabio" and I posted successfully, but post count didn't increase.
Tested with "Davio" and it wouldn't allow me to post. Kept telling me I needed to provide a username.
Tested with 'Davio' and I couldn't log in at all. Said I needed to enter in a username.<

Support Snitz Forums
Go to Top of Page

Jason
New Member

80 Posts

Posted - 29 June 2004 :  05:27:16  Show Profile
OK thanks for the quick response. I'll keep an eye out for a patch (hmmm that sounds like a pirate <
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 29 June 2004 :  05:48:17  Show Profile
Yet another reason why we should have just not allowed quotes in usernames at all....<
Go to Top of Page

philsbbs
Junior Member

United Kingdom
397 Posts

Posted - 22 August 2004 :  05:43:19  Show Profile
Is there any way that we can prevent people using quotes !<

Phil
Go to Top of Page

redbrad0
Advanced Member

USA
3725 Posts

Posted - 23 August 2004 :  18:49:05  Show Profile  Visit redbrad0's Homepage  Send redbrad0 an AOL message
I think usernames should just be limited to safe characters like most sites are doing now days.<

Brad
Oklahoma City Online Entertainment Guide
Oklahoma Event Tickets
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 23 August 2004 :  21:35:44  Show Profile
quote:
Originally posted by philsbbs

Is there any way that we can prevent people using quotes !



in register.asp on line #255 change this:
                        Err_Msg = Err_Msg & "<li>You may not use any of these chars in your username  !#$%^&*()=+{}[]|\;:/?>,<' </li>"
to this:
                        Err_Msg = Err_Msg & "<li>You may not use any of these chars in your username  !#$%^&*()=+{}[]|\;:/?>,<'"" </li>"

then on line #741 change this:
        sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<'"
to this:
        sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<'"""


That should do it...
<
Go to Top of Page

enricoska
Starting Member

15 Posts

Posted - 13 June 2005 :  13:08:05  Show Profile
i think it's not enough.
if i have understood the problem this my post will not be counted.
if you dont't logon and reply or open a topic, in the form you have to insert your username and password and if you insert a capital letter or a spaces at the end, you will be logged on but the post will not be counted.
i wonder that the problem is in the function doucount() (inc_func_count.asp) that doesn't chkstring() the request.form(username) (that trim and replace some characters, but i think that doesn't lcase then perhaps the problem remain for capital letter).

SkantaDj<

SkantaDj
Go to Top of Page

enricoska
Starting Member

15 Posts

Posted - 16 June 2005 :  08:50:31  Show Profile
the problem is more complicated.
i fixed this bug with a new function similar to doucount that when you post it add a count searching the ID of the member instead of his username in the db:

sub skantadjUCount(sMember_Id)
'## Forum_SQL - Update Total Post for user
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_POSTS = M_POSTS + 1 "
strSql = strSql & " WHERE MEMBER_ID = " & sMember_Id

my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub

(placed in inc_func_common.asp or in inc_func_count.asp)

and in the file post_info.asp you have to replace (in 2 or 3 place) the all the rows
DoUCount Request.Form("UserName")
withe this:
skantadjucount(MemberID)

the same problem happen for tha Last Post Date

this is the new function

sub skantadjULastPost(sMember_Id)
'## Forum_SQL - Updates the M_LASTPOSTDATE in the FORUM_MEMBERS table
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_LASTPOSTDATE = '" & DateToStr(strForumTimeAdjust) & "' "
strSql = strSql & " WHERE MEMBER_ID = " & sMember_Id

my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub

and replace the rows (in post_info.asp)
DoULastPost Request.Form("UserName")
with
skantadjulastpost(MemberID)


i didn't simply changed the function doucount/doulastpost because it's used in many files and i don't know if you can always use the ID instead of the username.

anyway, i think that the problem that the login accept capital letter and spaces and other functions doesn't may cause many other similar problems.<

SkantaDj

Edited by - enricoska on 16 June 2005 15:46:56
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 06 August 2006 :  03:09:38  Show Profile
I agree with enricoska. Why don't we update the members post count, using their member id instead of their member name? The member ID is readily available and can be easily passed to the function without any extra database calls.

The function can be made backwards compatible by checking the type of value sent to the function, be it a string or an integer, and use the appropriate code as necessary.

I guess the easy fix is to disallow such characters. But it seems better to refer to a member via their id across the forum, instead of their user name. Except in cases where the user name is a must.<

Support Snitz Forums

Edited by - Davio on 06 August 2006 03:12:28
Go to Top of Page

OneWayMule
Dev. Team Member & Support Moderator

Austria
4969 Posts

Posted - 09 August 2006 :  03:44:14  Show Profile  Visit OneWayMule's Homepage  Send OneWayMule an ICQ Message
We should use the member ID wherever we can IMO.
quote:
I guess the easy fix is to disallow such characters.

Agreed.
<

My MODs:
Birthdays - Custom Policy - F.A.Q. Administration - Forum Rules - Guestbook
Links Manager - MyOwnGoogle - Profile Views - Search Log - WebSearch

Useful stuff:
Forum and MOD Installation - MOD Installation Guide - Snitz v3.4.05 Readme - Free ASP Hosts - Support Snitz
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 09 August 2006 :  21:13:30  Show Profile
I have modified the doUCount() and doULastPost() sub routine in inc_func_count.asp as follows:
'Modified function to use ID of member instead of their username.
'Function still supports updating user count via their username, for backward compatability.
sub doUCount(sUser)
	if VarType(sUser) = 8 then 'Update using member username
		'## Forum_SQL - Update Total Post for user
		strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
		strSql = strSql & " SET M_POSTS = M_POSTS + 1 "
		strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(sUser, "SQLString") & "'"
		
	elseif VarType(sUser) = 2 or VarType(sUser) = 3 then 'Update count using member id
		'## Forum_SQL - Update Total Post for user
		strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
		strSql = strSql & " SET M_POSTS = M_POSTS + 1 "
		strSql = strSql & " WHERE MEMBER_ID = " & sUser
		
	end if
	my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub

'Modified function to use ID of member instead of their username.
'Function still supports updating via their username, for backward compatability.
sub doULastPost(sUser)
	if VarType(sUser) = 8 then 'Update using member user name
		'## Forum_SQL - Updates the M_LASTPOSTDATE in the FORUM_MEMBERS table
		strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
		strSql = strSql & " SET M_LASTPOSTDATE = '" & DateToStr(strForumTimeAdjust) & "' "
		strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(sUser, "SQLString") & "'"
		
	elseif VarType(sUser) = 2 or VarType(sUser) = 3 then 'Update using member id
		'## Forum_SQL - Updates the M_LASTPOSTDATE in the FORUM_MEMBERS table
		strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
		strSql = strSql & " SET M_LASTPOSTDATE = '" & DateToStr(strForumTimeAdjust) & "' "
		strSql = strSql & " WHERE MEMBER_ID = " & sUser
		
	end if
	my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end sub
This allows backward compatibility with mods while still allowing for the use of using the member id.

All calls made to these subroutines in post_info.asp, passed the MemberID variable to the sub instead of the user name.
doUCount Request.Form("UserName")
doULastPost Request.Form("UserName")
changed to:
doUCount MemberID
doULastPost MemberID
In one case, lines 698 and 700 won't use the MemberID, but passes the last post author id instead.Find the follwoing:
if ForumCountMPosts <> 0 then
	doUCount(strAuthor)
end if
doULastPost(strAuthor)
And change it to:
if ForumCountMPosts <> 0 then
	doUCount(strT_Last_Post_Author)
end if
doULastPost(strT_Last_Post_Author)
That's it.
<

Support Snitz Forums

Edited by - Davio on 26 August 2006 07:52:13
Go to Top of Page

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 13 August 2006 :  17:54:40  Show Profile
Fixed in 3.4.06.<

Support Snitz Forums

Edited by - Davio on 13 August 2006 17:54:56
Go to Top of Page
  Previous Topic Topic Next Topic  
 Forum Locked  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.14 seconds. Powered By: Snitz Forums 2000 Version 3.4.07