PDA

View Full Version : [fixed] Guests can post with forbidden usernames

Paul
Thu 8th Aug '02, 9:03pm
It appears that vBulletin does not check to see whether a person is using a forbidden username when posting as a guest.
Wayne Luke
Thu 8th Aug '02, 9:13pm
This is a problem in vBulletin 3.0?
Paul
Thu 8th Aug '02, 10:02pm
Oh! Crap! Wrong forum :D (Kindly move)

Edit: to clarify, I'm having this problem with vB 2.2.6 (I hope this isn't a problem in 3 ;))
Mike Sullivan
Fri 9th Aug '02, 12:07am
Needs to be validated like register.php.
Paul
Fri 9th Aug '02, 1:55am
Perhaps there should be a separate entry for this? For example, I may want to forbid the use of names like "Admin" or "Owner", but not allow the nickname "Guest", "Unregistered", or "Anonymous" to be registered but allow Guests to use those names.
Mike Sullivan
Fri 9th Aug '02, 2:09am
Not a bad idea, but it's not something you'll see in 2.2.7. Maybe 3.0.
Paul
Sun 11th Aug '02, 5:18am
Code from register.php


if ($illegalusernames!="") {
$usernames=explode(" ",$illegalusernames);

while (list($key,$val)=each($usernames)) {
if ($val!="") {
if (strstr(strtolower($username),strtolower($val))!="") {
eval("standarderror(\"".gettemplate("error_usernametaken")."\");");
exit;
}
}
}
}


I'll see if I can figure out a fix that works for newreply, newthread, calendar, etc.

Shouldn't be too hard. :D Time for bed!

Paul
Paul
Mon 12th Aug '02, 6:43pm
In BOTH newreply.php and newthread.php:

Find:


if (!$username) {
eval("standarderror(\"".gettemplate("error_nousername")."\");");
}


BELOW, insert:


// Bug fix: Illegal usernames are not checked for guests posting - http://www.vbulletin.com/forum/showthread.php?s=&threadid=52232 - Aug 12, 2002
if ($illegalusernames!="") {
$usernames=explode(" ",$illegalusernames);

while (list($key,$val)=each($usernames)) {
if ($val!="") {
if (strstr(strtolower($username),strtolower($val))!="") {
eval("standarderror(\"".gettemplate("error_usernametaken")."\");");
exit;
}
}
}
}
// End bug fix: Illegal usernames are not checked for guest posting


Edit: Now that's weird. Adding a url within PHP tags puts <a href tags around it... what the?
Mike Sullivan
Mon 12th Aug '02, 8:20pm
That's basically what I was planning on doing as well. Probably the exact same code :)
Paul
Tue 13th Aug '02, 8:19pm
For those interested, I released a hack over at vbulletin.org that will allow you to reserve usernames for guests after applying this bug fix:

http://www.vbulletin.org/hacks/index.php?s=&action=showhack&hackid=564

Paul