31
Marco
Re: 2.1 Debug Party
  • 2005/7/2 12:46

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


8/ modules/system/admin.php?fct=comments
if you navigate with IE through admin menus in admin toolbar, all options "all modules" "any status" are hidden by admin menus, as you navigate through them.
It's a theme issue under Internet Explorer
Do synergy or die.

32
m0nty
Re: 2.1 Debug Party
  • 2005/7/2 15:36

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i think, with regards to the display name.. it should be made a seperate field completely if it's to be made unique and still keep the real name field...

using the real name field has caused problems when users have the same name.. u can't expect them to add numbers or whatever to their real names..

with keeping user login name hidden, i don't think it's as big a security risk in my opinion. if the password is strong enough, then brute force attacks won't work anyway.

i always set a minimum of 8 characters for password, how about a password strength check.. must have at least 1 or 2 numbers, and at least 1 or 2 lower/upper case characters combined or even a level that rquires to add characters too like + - @ # % etc an 8 character password mixed like that would take quite a few years for a brute force attack. and possibly a password lockout for a set time.. if u get the password wrong it locks out all further attempts for a pre determined time, so even if the bruteforce is still going, during that time nothing is accepted, so even if the brute forcer gets the right password then it won't work anyway so will log it as a wrong password.. do i make any sense?

------------
i have a problem with adding profile fields. the category works fine, but can't add any fields.. it returns errors: none. no debug info..

on userside > viewing profile..

Notice [PHP]: Undefined offset: 1 in file modules/profile/userinfo.php line 144
Notice [PHP]: Undefined index: fields in file modules/profile/userinfo.php line 144
Warning [PHP]: array_keys(): The first argument should be an array in file modules/profile/userinfo.php line 144
Notice [PHP]: Undefined index: fields in file modules/profile/userinfo.php line 144
Warning [PHP]: array_multisort(): Argument #1 is expected to be an array or a sort flag in file modules/profile/userinfo.php line 144

33
jdseymour
Re: 2.1 Debug Party

No in any application, a username should be protected just as a password. If the username is known that is ½ the equation for a brute force attack, and forcing users to use strong passwords is like pulling teeth. Ouch.

I do like the lockout idea though. Maybe until an admin unlocKS it to keep it simple.

34
m0nty
Re: 2.1 Debug Party
  • 2005/7/2 16:43

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


doesn't have to be admin unlock.. a counter for say 5 mins would suffice. the user only needs to be warned that even when locked out, his/her real password will not work either..

and a 5 minute delay after every 3 incorrect passwords will probably stop any1 wanting to use brute force because it will be a waste of their time, unless of course you are using XOOPS for your NSA spy satellites or Military inteligence (do people really still use brute force? lmao)

also maybe a good idea to stop uname = pwd

that will stop people using the same password as their usernames.. or even in reverse..

ie..
uname = m0nty, pwd = m0nty
uname = m0nty, pwd = ytn0m

yes some people are really that stupid..

getting your users to adopt a stricter password method will not only protect your site, but will also teach them them to adopt a securer password on their other sites they visit..

now back to my previous error:

mysql debug shows when trying to create a field that has textfield type..

ALTER TABLE 0IAN12_user_profile ADD Track 1 varchar(255) NOT NULL DEFAULT 'track 1'
Error number: 1064
Error message: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '1 varchar(255) NOT NULL DEFAULT 'track 1'' at line 1
( 7.3E-05)

seems that the form isn't taking into account spaces in field names, so when the query is constructed, the space in the name is treated seperately.. i think the field name in the query must be quoted '' but i can't seem to find where the query is put together.

35
jdseymour
Re: 2.1 Debug Party

There are better ways. From what I have seen a dictionary attack could crack most XOOPS admin passwords in a matter of seconds. Even site admins do not know the value of strong passwords.

36
m0nty
Re: 2.1 Debug Party
  • 2005/7/2 17:02

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


yup so true :-|

all my passwords are minimum of 11 characters.. and a dictionary attack would be useless lol my passwd has no words in it whatsoever, it's just a mixture of letters and numbers.. (but i might add that it's dead easy to remember for me because those letters and numbers do mean something)

37
Herko
Re: 2.1 Debug Party
  • 2005/7/2 23:23

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


I've found a potential bug:

CVS checkout from today (july 2nd), 20:00 GMT. Clean install, on hosted service (Apache version 1.3.33 (Unix), PHP version 4.3.11, MySQL version 4.0.24-standard).

Changed to other theme, wanted to add a custom template set, but got error:
ERROR: Could not create template set xoops2.2.

Same error when trying to clone the default template set.
PHP debug shows no errors.
MySQL debug gave me a faulty query:
INSERT INTO IoXdT_tplset (tplset_idtplset_nametplset_desctplset_creditstplset_createdVALUES (0'xoops2.2', , , 1120344373)
Error number1064
Error message
You have an error in your SQL syntaxCheck the manual that corresponds to your MySQL server version for the right syntax to use near ' , 1120344373)' at line 1
0.00014)


Herko

38
Mithrandir
Re: 2.1 Debug Party

I'll look at it, Herko.

Thank you everyone for your attention in this.
When upgrading to XOOPS 2.2, the users without "Real Name"/"Display Name" will get their username transferred to this field (defeating the purpose of "hiding" the username, I know, but I felt it was the most obvious way of doing it)

Regarding spaces in custom field names, this is not allowed. In the titles yes, but not in the field names.
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software

39
Gambero[removed]
Re: 2.1 Debug Party

Afther fresh install and logging in I got these errors. I hope that helps:

WarningCall-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/object.php on line 727

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/configoption.php on line 82

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/configitem.php on line 194

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/user.php on line 533

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/user.php on line 546

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/user.php on line 571

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/group.php on line 72

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/group.php on line 111

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/profile.php on line 71

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/profile.php on line 120

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/profile.php on line 132

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/profilefield.php on line 298

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/profilefield.php on line 412

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/profilefield.php on line 452

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/module.php on line 1229

Warning
Call-time pass-by-reference has been deprecated argument passed by value; If you would like to pass it by referencemodify the declaration of [runtime function name](). If you would like to enable call-time pass-by-referenceyou can set allow_call_time_pass_reference to true in your INI fileHoweverfuture versions may not support this any longerin /www/specialci/xoops/21test/kernel/groupperm.php on line 89
Warning 
[PHP]: session_start() [function.session-start]: Cannot send session cookie headers already sent by (output started at /www/specialci/xoops/21test/kernel/profile.php:71in file include/common.php line 199
Warning 
[PHP]: session_start() [function.session-start]: Cannot send session cache limiter headers already sent (output started at /www/specialci/xoops/21test/kernel/profile.php:71in file include/common.php line 199
Warning 
[PHP]: Cannot modify header information headers already sent by (output started at /www/specialci/xoops/21test/kernel/profile.php:71in file user.php line 60

40
m0nty
Re: 2.1 Debug Party
  • 2005/7/4 12:47

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


thanks mith, removing the space did the trick :) there oughta be some kind of warning or notice on the field name language definition to warn against it :)

now i can get to work on making x-ipb work with 2.1 lol

Login

Who's Online

402 user(s) are online (286 user(s) are browsing Support Forums)


Members: 0


Guests: 402


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits