Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
dcasmr
Worker
Worker


Joined: Feb 06, 2004
Posts: 147

PostPosted: Mon Sep 06, 2004 1:57 pm Reply with quote

I am running PHP Nuke 7.4 patched on my site. Lately, I tried to add another account to post for a "catch all" user. Anyhow, I am getting this message after trying various valid yahoo e-mails accounts:

The email address you entered is invalid!


Any help appreciated.
dcasmr
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Sep 06, 2004 4:56 pm Reply with quote

Where are you trying to enter the email? What URL is in your browser when you receive this message? What is the email address that causes this error?
 
View user's profile Send private message
dcasmr
PostPosted: Mon Sep 06, 2004 7:00 pm Reply with quote

I have tried Only registered users can see links on this board! Get registered or login! which is a known and working e-mail of mine and also Only registered users can see links on this board! Get registered or login!.
The e-mails are entered in the New user Registration box. My site is Only registered users can see links on this board! Get registered or login!

Thanks\dcasmr
 
Raven
PostPosted: Mon Sep 06, 2004 7:14 pm Reply with quote

Since nuke does not verify the actual MX records, this is being trapped by your nuke logic, in some way. I have searched the language file for Your_Account and do not find the phrase 'The email address you entered is invalid' in it. So,I must ask you if you are using some special release of nuke (with modifications) or is this virgin code?
 
dcasmr
PostPosted: Mon Sep 06, 2004 7:29 pm Reply with quote

I am using Nuke 7.4 patched and have not installed any mods related to e-mails. I found the error message really odd !
dcasmr
 
Raven
PostPosted: Mon Sep 06, 2004 7:50 pm Reply with quote

I just searched the entire v7.4 patched from my d/l and that message is not to be found. I am going to try to register on your site.
 
Raven
PostPosted: Mon Sep 06, 2004 7:54 pm Reply with quote

Have you installed any mods to Your_Account module?
 
dcasmr
PostPosted: Mon Sep 06, 2004 9:03 pm Reply with quote

Ok !
 
Raven
PostPosted: Mon Sep 06, 2004 9:06 pm Reply with quote

dcasmr wrote:
Ok !
????
 
dcasmr
PostPosted: Mon Sep 06, 2004 9:11 pm Reply with quote

I meant it is Ok to register as a test. I have used Only registered users can see links on this board! Get registered or login! and Only registered users can see links on this board! Get registered or login! for the registration that failed.

Thanks for your help.
dcasmr
 
Raven
PostPosted: Mon Sep 06, 2004 9:17 pm Reply with quote

Raven wrote:
Have you installed any mods to Your_Account module?
Please answer this question.
 
dcasmr
PostPosted: Mon Sep 06, 2004 10:52 pm Reply with quote

No. I did not added any mod to Your_Account. In fact, after getting the error, I re-downloaded Nuke7.4 patched and copied the content of Your_Account to the one in the server.

Thanks,
dcasmr
 
dcasmr
PostPosted: Tue Sep 07, 2004 10:54 pm Reply with quote

Raven: I found somehow the link to that error message. I have in admin/language.php file a DEFINE for _ERROR that reads:
define("_ERROR","<font color=\"#CC0000\">The email address you entered is invalid!</font>");

I tracked that variable to a piece of code in the Index.php file under Your_Account.

I have tried the auto-registration hack withn no success

Quote:

$new_password = md5($user_password);
$username = check_html($username, nohtml);
$user_email = check_html($user_email, nohtml);
$result = $db->sql_query("INSERT INTO ".$user_prefix."_users_temp (user_id, username, user_email, user_password, user_regdate, check_num, time) VALUES (NULL, '$username', '$user_email', '$new_password', '$user_regdate', '$check_num', '$time')");
if(!$result) {
echo ""._ERROR."<br>";
} else {
$user_question = stripslashes(FixQuotes($user_question));
$user_answer = stripslashes(FixQuotes($user_answer));
if(!$db->sql_query("INSERT INTO ".$user_prefix."_users_verify VALUES (NULL, '$username', '$user_question', '$user_answer')")) {
echo mysql_error();
}



Thanks,
dcasmr
 
dcasmr
PostPosted: Wed Sep 08, 2004 12:12 am Reply with quote

Cogito ergo sum: Raven, through your questions I learned how to investigate this pesky issue. I think I found the PROBLEM: My nuke_users_temp is not in DB. The site was hacked a long time using SQL injections and I lost some tables. I just read through the codes and put things together. I am now trying to upload a nuke_users_temp table to DB.

Thanks for your great help.
dcasmr
 
Raven
PostPosted: Wed Sep 08, 2004 4:37 am Reply with quote

I have several posts about the behavior of nuke when that table isn't present. Usually you get a nickname error. They must have changed something in 7.4 that causes the email error before the nickname Laughing That would definitely cause problems. Great catch and keep us posted.
 
dcasmr
PostPosted: Wed Sep 08, 2004 7:07 am Reply with quote

DONE. After uploading nuke_users_temp the problem was solved. Without your guided troubleshooting questions, this will not have happened.

Thanks for the great help.
dcasmr
 
Raven
PostPosted: Wed Sep 08, 2004 7:18 am Reply with quote

Great news, for sure! I am adding this to the FAQ as yet another example of poor error messages! You should have been receiving a warning that the TABLE was missing, not that the email address is invalid - GEESH!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©