Size IS everything!

Involved Joined: Aug 06, 2005 Posts: 301

Size IS everything...when it comes to security.

I am running 7.6 with patch 3.0

I notice that the security code for my site is a 6 digit number, while the security code for loggin in to my account on Raven Scripts is longer.

How can I obtain a longer, (and for that matter, a shorter), security code on my site?

Posted: Sat Aug 13, 2005 11:19 am

So what you are saying then is Raven's is bigger than yours!
Sorry couldnt resist.
I cannot remember where that is of the top of my head but I'll have a look as soon as I've had some sleep.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

In modules/Your_Account/index.php change

Code:

$code = substr($rcode, 2, 6);  // 4 occurrences





echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='modules.php?name=$module_name&amp;op=gfx&amp;random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"


          ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"12\" MAXLENGTH=\"6\"></td></tr>\n"


          ."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";  // 2 occurrences

to

Code:

$code = substr($rcode, 2, 8);  // 4 occurrences





echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='modules.php?name=$module_name&amp;op=gfx&amp;random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"


          ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"12\" MAXLENGTH=\"8\"></td></tr>\n"


          ."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";  // 2 occurrences

You will also need to make similar changes to any block that has logins, like User_Info, admin.php, etc. I mat have forgotten something but it seems that's all.

Posted: Sat Aug 13, 2005 1:31 pm

What happens if I miss a block?...I think you may have answered a question I was about to ask...

When I view the log in pages, the security code in the module is different to the security code in the blocks. if you have the user info bloack, the og in clock and the user log in module all visible,you see 3 different security codes. is that normal?

If this is normal, then I guess your comment about changing all with the code above, is so that you prevent one block only asking for a 6 digit security code, while the module or other block asks for an 8 digit module...Am I 'on the ball'?!

Posted: Sat Aug 13, 2005 2:49 pm

If they were not different then it wouldn't be random, would it Laughing

. Nothing happens if you miss a block other than it may not be 8 long.

Posted: Mon Aug 15, 2005 12:27 pm

Raven wrote:

If they were not different then it wouldn't be random, would it Laughing

. Nothing happens if you miss a block other than it may not be 8 long.

Well....you only need one security string per page...even if their are 3 different ways to log in on that 'page'...ie via the module, the user info Block or the regular log in block......so if they were all displaying the same string, but al changed if u refreshed the page etc, that wouls be fine.....I guess it really is VERY random if they all have different strings when being displayed on the same page together......no major concerns, I guess...I'm just surprised.

Posted: Mon Aug 15, 2005 12:35 pm

You should only be using one login method anyway so I guess it's a moot point Wink

Posted: Mon Aug 15, 2005 12:42 pm

Weeeeeeeeeeeeeeell...I realised this too Raven, but I do like the User Info Block as well as having the user log in module available...I know u understand this.

Thanks anyhow.

Posted: Mon Aug 15, 2005 12:58 pm

The userinfo block has a login incorporated into it.