Bug that kills new registrations using GD without notice

Client Joined: Sep 18, 2003 Posts: 14

I noticed that there is still a problem, please confirm, that I had with the old NSN YAT and the code still appears in this latest 440_b2. It only occurs when you have GD installed and you have requested the security code for new registrations. The symptom is that new users after confirming will simply get redirected to your nuke main page but no email is sent and no registration occurs. Developers please comment on the following:

All 3 files have this bug:
new_finish1.php
new_finish2.php
new_finish3.php

Depending on your settings, users will step through:

new_userX.php then
new_confirmX.php then finally
new_finishX.php

Find existing new_finishx.php code:

Code:

   include("header.php");


    $ya_user_email = strtolower($ya_user_email);


    ya_userCheck($ya_username);


    ya_mailCheck($ya_user_email);


    $user_regdate = date("M d, Y");


    if (!isset($stop)) {


        $datekey = date("F j");


        $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));


        $code = substr($rcode, 2, $ya_config['codesize']);


        if (extension_loaded("gd") AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 1 OR $ya_config['usegfxcheck'] == 3)) {


            Header("Location: modules.php?name=$module_name");


            die();


        }


        mt_srand ((double)microtime()*1000000);

and I modified my 3 new_finish files as follows:

Code:

    include("header.php");


//pjdm test


//    $user_email = strtolower($user_email);


//    ya_userCheck($username);


//    ya_mailCheck($user_email);


      $user_regdate = date("M d, Y");


      if (!isset($stop)) {


//        $datekey = date("F j");


//        $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));


//        $code = substr($rcode, 2, 8);


//        if (extension_loaded("gd") AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 1 OR $ya_config['usegfxcheck'] == 3)) {


//            Header("Location: modules.php?name=$module_name");


//            die();


//        }


        mt_srand ((double)microtime()*1000000);

The code removed appears to be an old problem left over from NSN days and it looks to be copied from the new_confirm files by accident. The removed code can't work because the new user has already confirmed security code in new_confirm and that check can't happen in this file. If you run GD extension and have your settings requiring security code to be entered for new users, they will die() thinking they've registered and you'll never know they tried. Ask me how I know.

Anyway, hope this makes sense. Appreciate if someone could test it on their site to confirm.

Worker Joined: Nov 10, 2004 Posts: 110

Great catch,
You are absolutely right on this one.
In the next release we will correct this.

Thanks so much, we really need people like you!

Cheers,
Richard

Worker Joined: Aug 06, 2004 Posts: 192

I require the user to enter a security code on registation and have gd loaded and they are able to register fine. Does the error only occur in certain circumstances? I don't think its happend to me.

Posted: Tue Dec 28, 2004 10:13 pm

I agree there must be circumstances that must exist for the error to show up because it hasn't on 2 live sites I use and several test sites 7.4 7.5 7.6 But if its redundant anyway...

Posted: Wed Dec 29, 2004 12:13 am

The situation I first noticed the problem had these conditions:
*NSN Groups 3.1.0 and 3.2.0
*Nuke 6.7 then 7.5 current
*REQUIRE ADMIN APPROVAL (YES)
*ALLOW USER REGISTRATION (YES)
*SERVER CAN SEND EMAIL(YES)

I looked at your www.netflake.com, gfxcheck isn't enabled for new users. That is when the problem occurs. If the registration is via phpbb function, I don't think it would be a problem either. I've checked this code all the way back to 2003 and made similar corrections to Bob Marion's site before he let YAT go and this coding problem exists.

Posted: Wed Dec 29, 2004 8:23 am

In defense of Bob that code is in the original Your Account function confirmNewUser. The only change I see in its current version is the use of $_POST['random_num'].
if (!$stop) {
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $_POST[random_num] . $datekey));
$code = substr($rcode, 2, 6);
if (extension_loaded("gd") AND $code != $gfx_check AND ($gfx_chk == 3 OR $gfx_chk == 4 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
title(""._NEWUSERERROR."");
OpenTable();
echo "<center><b>"._SECCODEINCOR."</b><br><br>"
.""._GOBACK."</center>";
CloseTable();
include("footer.php");
die();
}

We'll revise it if this proves out but I think it is a valid check for the most part. Netflake is running on PostNuke who haven't put a decent graphic check out yet and the hacked one failed frequently so I disabled it. Haven't had a bot register yet but...

Posted: Wed Dec 29, 2004 8:31 am

That's correct about the origin of the code issue. When Bob had all the functions confirmNew User, FinishNewUser, NewUser all in one file, there was no problem. When he split those functions into separate php files and also made three versions of each (1,2,3) he appears to have copied the confirm code to the finish code. That's there the problem lies I believe. Thanks for the work.

Posted: Wed Dec 29, 2004 8:53 am

I was just looking at that it would probably work better if we changed it to grab the variables out of the $_POST array instead of assuming they will work (which they do if globals are on). Just makes sense and running with globals off is definitely something we are working towards now as a high priority. This site http://www.webtree.org/~pratt/modules.php?name=Your_Account is running with globals off now but I think menelaos61 already removed the code in question from the files I'm using there wink*